1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/browser/components/about/AboutRedirector.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,180 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +// See also: docshell/base/nsAboutRedirector.cpp
1.10 +
1.11 +#include "AboutRedirector.h"
1.12 +#include "nsNetUtil.h"
1.13 +#include "nsIScriptSecurityManager.h"
1.14 +#include "mozilla/ArrayUtils.h"
1.15 +
1.16 +namespace mozilla {
1.17 +namespace browser {
1.18 +
1.19 +NS_IMPL_ISUPPORTS(AboutRedirector, nsIAboutModule)
1.20 +
1.21 +struct RedirEntry {
1.22 + const char* id;
1.23 + const char* url;
1.24 + uint32_t flags;
1.25 +};
1.26 +
1.27 +/*
1.28 + Entries which do not have URI_SAFE_FOR_UNTRUSTED_CONTENT will run with chrome
1.29 + privileges. This is potentially dangerous. Please use
1.30 + URI_SAFE_FOR_UNTRUSTED_CONTENT in the third argument to each map item below
1.31 + unless your about: page really needs chrome privileges. Security review is
1.32 + required before adding new map entries without
1.33 + URI_SAFE_FOR_UNTRUSTED_CONTENT. Also note, however, that adding
1.34 + URI_SAFE_FOR_UNTRUSTED_CONTENT will allow random web sites to link to that
1.35 + URI. Perhaps we should separate the two concepts out...
1.36 + */
1.37 +static RedirEntry kRedirMap[] = {
1.38 +#ifdef MOZ_SAFE_BROWSING
1.39 + { "blocked", "chrome://browser/content/blockedSite.xhtml",
1.40 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.41 + nsIAboutModule::ALLOW_SCRIPT |
1.42 + nsIAboutModule::HIDE_FROM_ABOUTABOUT },
1.43 +#endif
1.44 + { "certerror", "chrome://browser/content/certerror/aboutCertError.xhtml",
1.45 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.46 + nsIAboutModule::ALLOW_SCRIPT |
1.47 + nsIAboutModule::HIDE_FROM_ABOUTABOUT },
1.48 + { "socialerror", "chrome://browser/content/aboutSocialError.xhtml",
1.49 + nsIAboutModule::ALLOW_SCRIPT |
1.50 + nsIAboutModule::HIDE_FROM_ABOUTABOUT },
1.51 + { "tabcrashed", "chrome://browser/content/aboutTabCrashed.xhtml",
1.52 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.53 + nsIAboutModule::ALLOW_SCRIPT |
1.54 + nsIAboutModule::HIDE_FROM_ABOUTABOUT },
1.55 + { "feeds", "chrome://browser/content/feeds/subscribe.xhtml",
1.56 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.57 + nsIAboutModule::ALLOW_SCRIPT |
1.58 + nsIAboutModule::HIDE_FROM_ABOUTABOUT },
1.59 + { "privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.xhtml",
1.60 + nsIAboutModule::ALLOW_SCRIPT },
1.61 + { "rights",
1.62 +#ifdef MOZ_OFFICIAL_BRANDING
1.63 + "chrome://global/content/aboutRights.xhtml",
1.64 +#else
1.65 + "chrome://global/content/aboutRights-unbranded.xhtml",
1.66 +#endif
1.67 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.68 + nsIAboutModule::ALLOW_SCRIPT },
1.69 + { "robots", "chrome://browser/content/aboutRobots.xhtml",
1.70 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.71 + nsIAboutModule::ALLOW_SCRIPT },
1.72 + { "sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml",
1.73 + nsIAboutModule::ALLOW_SCRIPT },
1.74 + { "welcomeback", "chrome://browser/content/aboutWelcomeBack.xhtml",
1.75 + nsIAboutModule::ALLOW_SCRIPT },
1.76 +#ifdef MOZ_SERVICES_SYNC
1.77 + { "sync-progress", "chrome://browser/content/sync/progress.xhtml",
1.78 + nsIAboutModule::ALLOW_SCRIPT },
1.79 + { "sync-tabs", "chrome://browser/content/sync/aboutSyncTabs.xul",
1.80 + nsIAboutModule::ALLOW_SCRIPT },
1.81 +#endif
1.82 + { "home", "chrome://browser/content/abouthome/aboutHome.xhtml",
1.83 + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
1.84 + nsIAboutModule::ALLOW_SCRIPT },
1.85 + { "newtab", "chrome://browser/content/newtab/newTab.xul",
1.86 + nsIAboutModule::ALLOW_SCRIPT },
1.87 + { "permissions", "chrome://browser/content/preferences/aboutPermissions.xul",
1.88 + nsIAboutModule::ALLOW_SCRIPT },
1.89 + { "preferences", "chrome://browser/content/preferences/in-content/preferences.xul",
1.90 + nsIAboutModule::ALLOW_SCRIPT },
1.91 + { "downloads", "chrome://browser/content/downloads/contentAreaDownloadsView.xul",
1.92 + nsIAboutModule::ALLOW_SCRIPT },
1.93 +#ifdef MOZ_SERVICES_HEALTHREPORT
1.94 + { "healthreport", "chrome://browser/content/abouthealthreport/abouthealth.xhtml",
1.95 + nsIAboutModule::ALLOW_SCRIPT },
1.96 +#endif
1.97 + { "accounts", "chrome://browser/content/aboutaccounts/aboutaccounts.xhtml",
1.98 + nsIAboutModule::ALLOW_SCRIPT },
1.99 + { "app-manager", "chrome://browser/content/devtools/app-manager/index.xul",
1.100 + nsIAboutModule::ALLOW_SCRIPT },
1.101 + { "customizing", "chrome://browser/content/customizableui/aboutCustomizing.xul",
1.102 + nsIAboutModule::ALLOW_SCRIPT },
1.103 +};
1.104 +static const int kRedirTotal = ArrayLength(kRedirMap);
1.105 +
1.106 +static nsAutoCString
1.107 +GetAboutModuleName(nsIURI *aURI)
1.108 +{
1.109 + nsAutoCString path;
1.110 + aURI->GetPath(path);
1.111 +
1.112 + int32_t f = path.FindChar('#');
1.113 + if (f >= 0)
1.114 + path.SetLength(f);
1.115 +
1.116 + f = path.FindChar('?');
1.117 + if (f >= 0)
1.118 + path.SetLength(f);
1.119 +
1.120 + ToLowerCase(path);
1.121 + return path;
1.122 +}
1.123 +
1.124 +NS_IMETHODIMP
1.125 +AboutRedirector::NewChannel(nsIURI *aURI, nsIChannel **result)
1.126 +{
1.127 + NS_ENSURE_ARG_POINTER(aURI);
1.128 + NS_ASSERTION(result, "must not be null");
1.129 +
1.130 + nsAutoCString path = GetAboutModuleName(aURI);
1.131 +
1.132 + nsresult rv;
1.133 + nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv);
1.134 + NS_ENSURE_SUCCESS(rv, rv);
1.135 +
1.136 + for (int i = 0; i < kRedirTotal; i++) {
1.137 + if (!strcmp(path.get(), kRedirMap[i].id)) {
1.138 + nsCOMPtr<nsIChannel> tempChannel;
1.139 + rv = ioService->NewChannel(nsDependentCString(kRedirMap[i].url),
1.140 + nullptr, nullptr, getter_AddRefs(tempChannel));
1.141 + NS_ENSURE_SUCCESS(rv, rv);
1.142 +
1.143 + tempChannel->SetOriginalURI(aURI);
1.144 +
1.145 + NS_ADDREF(*result = tempChannel);
1.146 + return rv;
1.147 + }
1.148 + }
1.149 +
1.150 + return NS_ERROR_ILLEGAL_VALUE;
1.151 +}
1.152 +
1.153 +NS_IMETHODIMP
1.154 +AboutRedirector::GetURIFlags(nsIURI *aURI, uint32_t *result)
1.155 +{
1.156 + NS_ENSURE_ARG_POINTER(aURI);
1.157 +
1.158 + nsAutoCString name = GetAboutModuleName(aURI);
1.159 +
1.160 + for (int i = 0; i < kRedirTotal; i++) {
1.161 + if (name.Equals(kRedirMap[i].id)) {
1.162 + *result = kRedirMap[i].flags;
1.163 + return NS_OK;
1.164 + }
1.165 + }
1.166 +
1.167 + return NS_ERROR_ILLEGAL_VALUE;
1.168 +}
1.169 +
1.170 +nsresult
1.171 +AboutRedirector::Create(nsISupports *aOuter, REFNSIID aIID, void **result)
1.172 +{
1.173 + AboutRedirector* about = new AboutRedirector();
1.174 + if (about == nullptr)
1.175 + return NS_ERROR_OUT_OF_MEMORY;
1.176 + NS_ADDREF(about);
1.177 + nsresult rv = about->QueryInterface(aIID, result);
1.178 + NS_RELEASE(about);
1.179 + return rv;
1.180 +}
1.181 +
1.182 +} // namespace browser
1.183 +} // namespace mozilla
