1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/src/nsNoDataProtocolContentPolicy.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,80 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +/*
1.10 + * Content policy implementation that prevents all loads of images,
1.11 + * subframes, etc from protocols that don't return data but rather open
1.12 + * applications (such as mailto).
1.13 + */
1.14 +
1.15 +#include "nsNoDataProtocolContentPolicy.h"
1.16 +#include "nsIDOMWindow.h"
1.17 +#include "nsString.h"
1.18 +#include "nsIProtocolHandler.h"
1.19 +#include "nsIIOService.h"
1.20 +#include "nsIExternalProtocolHandler.h"
1.21 +#include "nsNetUtil.h"
1.22 +
1.23 +NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)
1.24 +
1.25 +NS_IMETHODIMP
1.26 +nsNoDataProtocolContentPolicy::ShouldLoad(uint32_t aContentType,
1.27 + nsIURI *aContentLocation,
1.28 + nsIURI *aRequestingLocation,
1.29 + nsISupports *aRequestingContext,
1.30 + const nsACString &aMimeGuess,
1.31 + nsISupports *aExtra,
1.32 + nsIPrincipal *aRequestPrincipal,
1.33 + int16_t *aDecision)
1.34 +{
1.35 + *aDecision = nsIContentPolicy::ACCEPT;
1.36 +
1.37 + // Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the
1.38 + // plugin, so they don't necessarily open external apps
1.39 + // TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to
1.40 + // concern ourselves with them.
1.41 + if (aContentType != TYPE_DOCUMENT &&
1.42 + aContentType != TYPE_SUBDOCUMENT &&
1.43 + aContentType != TYPE_OBJECT &&
1.44 + aContentType != TYPE_WEBSOCKET) {
1.45 +
1.46 + // The following are just quick-escapes for the most common cases
1.47 + // where we would allow the content to be loaded anyway.
1.48 + nsAutoCString scheme;
1.49 + aContentLocation->GetScheme(scheme);
1.50 + if (scheme.EqualsLiteral("http") ||
1.51 + scheme.EqualsLiteral("https") ||
1.52 + scheme.EqualsLiteral("ftp") ||
1.53 + scheme.EqualsLiteral("file") ||
1.54 + scheme.EqualsLiteral("chrome")) {
1.55 + return NS_OK;
1.56 + }
1.57 +
1.58 + bool shouldBlock;
1.59 + nsresult rv = NS_URIChainHasFlags(aContentLocation,
1.60 + nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
1.61 + &shouldBlock);
1.62 + if (NS_SUCCEEDED(rv) && shouldBlock) {
1.63 + *aDecision = nsIContentPolicy::REJECT_REQUEST;
1.64 + }
1.65 + }
1.66 +
1.67 + return NS_OK;
1.68 +}
1.69 +
1.70 +NS_IMETHODIMP
1.71 +nsNoDataProtocolContentPolicy::ShouldProcess(uint32_t aContentType,
1.72 + nsIURI *aContentLocation,
1.73 + nsIURI *aRequestingLocation,
1.74 + nsISupports *aRequestingContext,
1.75 + const nsACString &aMimeGuess,
1.76 + nsISupports *aExtra,
1.77 + nsIPrincipal *aRequestPrincipal,
1.78 + int16_t *aDecision)
1.79 +{
1.80 + return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
1.81 + aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
1.82 + aDecision);
1.83 +}
