The Tor Browser / annotate

browser/modules/ContentLinkHandler.jsm@b8a032363ba2 (annotated)

browser/modules/ContentLinkHandler.jsm

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 "use strict";
michael@0 6
michael@0 7 let Cc = Components.classes;
michael@0 8 let Ci = Components.interfaces;
michael@0 9 let Cu = Components.utils;
michael@0 10
michael@0 11 this.EXPORTED_SYMBOLS = [ "ContentLinkHandler" ];
michael@0 12
michael@0 13 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
michael@0 14 Cu.import("resource://gre/modules/Services.jsm");
michael@0 15
michael@0 16 XPCOMUtils.defineLazyModuleGetter(this, "Feeds",
michael@0 17 "resource:///modules/Feeds.jsm");
michael@0 18 XPCOMUtils.defineLazyModuleGetter(this, "BrowserUtils",
michael@0 19 "resource://gre/modules/BrowserUtils.jsm");
michael@0 20
michael@0 21 this.ContentLinkHandler = {
michael@0 22 init: function(chromeGlobal) {
michael@0 23 chromeGlobal.addEventListener("DOMLinkAdded", (event) => {
michael@0 24 this.onLinkAdded(event, chromeGlobal);
michael@0 25 }, false);
michael@0 26 },
michael@0 27
michael@0 28 onLinkAdded: function(event, chromeGlobal) {
michael@0 29 var link = event.originalTarget;
michael@0 30 var rel = link.rel && link.rel.toLowerCase();
michael@0 31 if (!link || !link.ownerDocument || !rel || !link.href)
michael@0 32 return;
michael@0 33
michael@0 34 // Ignore sub-frames (bugs 305472, 479408).
michael@0 35 let window = link.ownerDocument.defaultView;
michael@0 36 if (window != window.top)
michael@0 37 return;
michael@0 38
michael@0 39 var feedAdded = false;
michael@0 40 var iconAdded = false;
michael@0 41 var searchAdded = false;
michael@0 42 var rels = {};
michael@0 43 for (let relString of rel.split(/\s+/))
michael@0 44 rels[relString] = true;
michael@0 45
michael@0 46 for (let relVal in rels) {
michael@0 47 switch (relVal) {
michael@0 48 case "feed":
michael@0 49 case "alternate":
michael@0 50 if (!feedAdded) {
michael@0 51 if (!rels.feed && rels.alternate && rels.stylesheet)
michael@0 52 break;
michael@0 53
michael@0 54 if (Feeds.isValidFeed(link, link.ownerDocument.nodePrincipal, "feed" in rels)) {
michael@0 55 chromeGlobal.sendAsyncMessage("Link:AddFeed",
michael@0 56 {type: link.type,
michael@0 57 href: link.href,
michael@0 58 title: link.title});
michael@0 59 feedAdded = true;
michael@0 60 }
michael@0 61 }
michael@0 62 break;
michael@0 63 case "icon":
michael@0 64 if (!iconAdded) {
michael@0 65 if (!Services.prefs.getBoolPref("browser.chrome.site_icons"))
michael@0 66 break;
michael@0 67
michael@0 68 var uri = this.getLinkIconURI(link);
michael@0 69 if (!uri)
michael@0 70 break;
michael@0 71
michael@0 72 [iconAdded] = chromeGlobal.sendSyncMessage("Link:AddIcon", {url: uri.spec});
michael@0 73 }
michael@0 74 break;
michael@0 75 case "search":
michael@0 76 if (!searchAdded) {
michael@0 77 var type = link.type && link.type.toLowerCase();
michael@0 78 type = type.replace(/^\s+|\s*(?:;.*)?$/g, "");
michael@0 79
michael@0 80 let re = /^(?:https?|ftp):/i;
michael@0 81 if (type == "application/opensearchdescription+xml" && link.title &&
michael@0 82 re.test(link.href))
michael@0 83 {
michael@0 84 let engine = { title: link.title, href: link.href };
michael@0 85 chromeGlobal.sendAsyncMessage("Link:AddSearch",
michael@0 86 {engine: engine,
michael@0 87 url: link.ownerDocument.documentURI});
michael@0 88 searchAdded = true;
michael@0 89 }
michael@0 90 }
michael@0 91 break;
michael@0 92 }
michael@0 93 }
michael@0 94 },
michael@0 95
michael@0 96 getLinkIconURI: function(aLink) {
michael@0 97 let targetDoc = aLink.ownerDocument;
michael@0 98 var uri = BrowserUtils.makeURI(aLink.href, targetDoc.characterSet);
michael@0 99
michael@0 100 // Verify that the load of this icon is legal.
michael@0 101 // Some error or special pages can load their favicon.
michael@0 102 // To be on the safe side, only allow chrome:// favicons.
michael@0 103 var isAllowedPage = [
michael@0 104 /^about:neterror\?/,
michael@0 105 /^about:blocked\?/,
michael@0 106 /^about:certerror\?/,
michael@0 107 /^about:home$/,
michael@0 108 ].some(function (re) re.test(targetDoc.documentURI));
michael@0 109
michael@0 110 if (!isAllowedPage || !uri.schemeIs("chrome")) {
michael@0 111 var ssm = Services.scriptSecurityManager;
michael@0 112 try {
michael@0 113 ssm.checkLoadURIWithPrincipal(targetDoc.nodePrincipal, uri,
michael@0 114 Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
michael@0 115 } catch(e) {
michael@0 116 return null;
michael@0 117 }
michael@0 118 }
michael@0 119
michael@0 120 try {
michael@0 121 var contentPolicy = Cc["@mozilla.org/layout/content-policy;1"].
michael@0 122 getService(Ci.nsIContentPolicy);
michael@0 123 } catch(e) {
michael@0 124 return null; // Refuse to load if we can't do a security check.
michael@0 125 }
michael@0 126
michael@0 127 // Security says okay, now ask content policy
michael@0 128 if (contentPolicy.shouldLoad(Ci.nsIContentPolicy.TYPE_IMAGE,
michael@0 129 uri, targetDoc.documentURIObject,
michael@0 130 aLink, aLink.type, null)
michael@0 131 != Ci.nsIContentPolicy.ACCEPT)
michael@0 132 return null;
michael@0 133
michael@0 134 try {
michael@0 135 uri.userPass = "";
michael@0 136 } catch(e) {
michael@0 137 // some URIs are immutable
michael@0 138 }
michael@0 139 return uri;
michael@0 140 },
michael@0 141 };

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial