content/base/src/nsDataDocumentContentPolicy.cpp@deefc01c0e14
content/base/src/nsDataDocumentContentPolicy.cpp
Thu, 15 Jan 2015 21:03:48 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 15 Jan 2015 21:03:48 +0100
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
- permissions
- -rw-r--r--
Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 /*
7 * Content policy implementation that prevents all loads of images,
8 * subframes, etc from documents loaded as data (eg documents loaded
9 * via XMLHttpRequest).
10 */
12 #include "nsDataDocumentContentPolicy.h"
13 #include "nsNetUtil.h"
14 #include "nsScriptSecurityManager.h"
15 #include "nsIDocument.h"
16 #include "nsINode.h"
17 #include "nsIDOMWindow.h"
19 NS_IMPL_ISUPPORTS(nsDataDocumentContentPolicy, nsIContentPolicy)
21 // Helper method for ShouldLoad()
22 // Checks a URI for the given flags. Returns true if the URI has the flags,
23 // and false if not (or if we weren't able to tell).
24 static bool
25 HasFlags(nsIURI* aURI, uint32_t aURIFlags)
26 {
27 bool hasFlags;
28 nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
29 return NS_SUCCEEDED(rv) && hasFlags;
30 }
32 // If you change DataDocumentContentPolicy, make sure to check that
33 // CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
34 // nsContentPolicyUtils may not pass all the parameters to ShouldLoad.
35 NS_IMETHODIMP
36 nsDataDocumentContentPolicy::ShouldLoad(uint32_t aContentType,
37 nsIURI *aContentLocation,
38 nsIURI *aRequestingLocation,
39 nsISupports *aRequestingContext,
40 const nsACString &aMimeGuess,
41 nsISupports *aExtra,
42 nsIPrincipal *aRequestPrincipal,
43 int16_t *aDecision)
44 {
45 *aDecision = nsIContentPolicy::ACCEPT;
46 // Look for the document. In most cases, aRequestingContext is a node.
47 nsCOMPtr<nsIDocument> doc;
48 nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);
49 if (node) {
50 doc = node->OwnerDoc();
51 } else {
52 nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(aRequestingContext);
53 if (window) {
54 doc = window->GetDoc();
55 }
56 }
58 // DTDs are always OK to load
59 if (!doc || aContentType == nsIContentPolicy::TYPE_DTD) {
60 return NS_OK;
61 }
63 // Nothing else is OK to load for data documents
64 if (doc->IsLoadedAsData()) {
65 // ...but let static (print/print preview) documents to load fonts.
66 if (!doc->IsStaticDocument() || aContentType != nsIContentPolicy::TYPE_FONT) {
67 *aDecision = nsIContentPolicy::REJECT_TYPE;
68 return NS_OK;
69 }
70 }
72 if (doc->IsBeingUsedAsImage()) {
73 // We only allow SVG images to load content from URIs that are local and
74 // also satisfy one of the following conditions:
75 // - URI inherits security context, e.g. data URIs
76 // OR
77 // - URI loadable by subsumers, e.g. blob URIs
78 // Any URI that doesn't meet these requirements will be rejected below.
79 if (!HasFlags(aContentLocation,
80 nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) ||
81 (!HasFlags(aContentLocation,
82 nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) &&
83 !HasFlags(aContentLocation,
84 nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS))) {
85 *aDecision = nsIContentPolicy::REJECT_TYPE;
87 // Report error, if we can.
88 if (node) {
89 nsIPrincipal* requestingPrincipal = node->NodePrincipal();
90 nsRefPtr<nsIURI> principalURI;
91 nsresult rv =
92 requestingPrincipal->GetURI(getter_AddRefs(principalURI));
93 if (NS_SUCCEEDED(rv) && principalURI) {
94 nsScriptSecurityManager::ReportError(
95 nullptr, NS_LITERAL_STRING("CheckSameOriginError"), principalURI,
96 aContentLocation);
97 }
98 }
99 } else if (aContentType == nsIContentPolicy::TYPE_IMAGE &&
100 doc->GetDocumentURI()) {
101 // Check for (& disallow) recursive image-loads
102 bool isRecursiveLoad;
103 nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
104 &isRecursiveLoad);
105 if (NS_FAILED(rv) || isRecursiveLoad) {
106 NS_WARNING("Refusing to recursively load image");
107 *aDecision = nsIContentPolicy::REJECT_TYPE;
108 }
109 }
110 return NS_OK;
111 }
113 // Allow all loads for non-resource documents
114 if (!doc->IsResourceDoc()) {
115 return NS_OK;
116 }
118 // For resource documents, blacklist some load types
119 if (aContentType == nsIContentPolicy::TYPE_OBJECT ||
120 aContentType == nsIContentPolicy::TYPE_DOCUMENT ||
121 aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
122 aContentType == nsIContentPolicy::TYPE_SCRIPT ||
123 aContentType == nsIContentPolicy::TYPE_XSLT) {
124 *aDecision = nsIContentPolicy::REJECT_TYPE;
125 }
127 // If you add more restrictions here, make sure to check that
128 // CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
129 // nsContentPolicyUtils may not pass all the parameters to ShouldLoad
131 return NS_OK;
132 }
134 NS_IMETHODIMP
135 nsDataDocumentContentPolicy::ShouldProcess(uint32_t aContentType,
136 nsIURI *aContentLocation,
137 nsIURI *aRequestingLocation,
138 nsISupports *aRequestingContext,
139 const nsACString &aMimeGuess,
140 nsISupports *aExtra,
141 nsIPrincipal *aRequestPrincipal,
142 int16_t *aDecision)
143 {
144 return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
145 aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
146 aDecision);
147 }
