The Tor Browser / file comparison
comparison: content/base/src/nsNoDataProtocolContentPolicy.cpp
content/base/src/nsNoDataProtocolContentPolicy.cpp
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
equal
deleted
inserted
replaced
| -1:000000000000 | 0:9a54f0629e8d |
|---|---|
| 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | |
| 2 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 3 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 5 | |
| 6 /* | |
| 7 * Content policy implementation that prevents all loads of images, | |
| 8 * subframes, etc from protocols that don't return data but rather open | |
| 9 * applications (such as mailto). | |
| 10 */ | |
| 11 | |
| 12 #include "nsNoDataProtocolContentPolicy.h" | |
| 13 #include "nsIDOMWindow.h" | |
| 14 #include "nsString.h" | |
| 15 #include "nsIProtocolHandler.h" | |
| 16 #include "nsIIOService.h" | |
| 17 #include "nsIExternalProtocolHandler.h" | |
| 18 #include "nsNetUtil.h" | |
| 19 | |
| 20 NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy) | |
| 21 | |
| 22 NS_IMETHODIMP | |
| 23 nsNoDataProtocolContentPolicy::ShouldLoad(uint32_t aContentType, | |
| 24 nsIURI *aContentLocation, | |
| 25 nsIURI *aRequestingLocation, | |
| 26 nsISupports *aRequestingContext, | |
| 27 const nsACString &aMimeGuess, | |
| 28 nsISupports *aExtra, | |
| 29 nsIPrincipal *aRequestPrincipal, | |
| 30 int16_t *aDecision) | |
| 31 { | |
| 32 *aDecision = nsIContentPolicy::ACCEPT; | |
| 33 | |
| 34 // Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the | |
| 35 // plugin, so they don't necessarily open external apps | |
| 36 // TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to | |
| 37 // concern ourselves with them. | |
| 38 if (aContentType != TYPE_DOCUMENT && | |
| 39 aContentType != TYPE_SUBDOCUMENT && | |
| 40 aContentType != TYPE_OBJECT && | |
| 41 aContentType != TYPE_WEBSOCKET) { | |
| 42 | |
| 43 // The following are just quick-escapes for the most common cases | |
| 44 // where we would allow the content to be loaded anyway. | |
| 45 nsAutoCString scheme; | |
| 46 aContentLocation->GetScheme(scheme); | |
| 47 if (scheme.EqualsLiteral("http") || | |
| 48 scheme.EqualsLiteral("https") || | |
| 49 scheme.EqualsLiteral("ftp") || | |
| 50 scheme.EqualsLiteral("file") || | |
| 51 scheme.EqualsLiteral("chrome")) { | |
| 52 return NS_OK; | |
| 53 } | |
| 54 | |
| 55 bool shouldBlock; | |
| 56 nsresult rv = NS_URIChainHasFlags(aContentLocation, | |
| 57 nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, | |
| 58 &shouldBlock); | |
| 59 if (NS_SUCCEEDED(rv) && shouldBlock) { | |
| 60 *aDecision = nsIContentPolicy::REJECT_REQUEST; | |
| 61 } | |
| 62 } | |
| 63 | |
| 64 return NS_OK; | |
| 65 } | |
| 66 | |
| 67 NS_IMETHODIMP | |
| 68 nsNoDataProtocolContentPolicy::ShouldProcess(uint32_t aContentType, | |
| 69 nsIURI *aContentLocation, | |
| 70 nsIURI *aRequestingLocation, | |
| 71 nsISupports *aRequestingContext, | |
| 72 const nsACString &aMimeGuess, | |
| 73 nsISupports *aExtra, | |
| 74 nsIPrincipal *aRequestPrincipal, | |
| 75 int16_t *aDecision) | |
| 76 { | |
| 77 return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, | |
| 78 aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal, | |
| 79 aDecision); | |
| 80 } |
