michael@0: /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "base/basictypes.h" michael@0: michael@0: #include "nsAboutProtocolHandler.h" michael@0: #include "nsIURI.h" michael@0: #include "nsIAboutModule.h" michael@0: #include "nsString.h" michael@0: #include "nsNetCID.h" michael@0: #include "nsAboutProtocolUtils.h" michael@0: #include "nsError.h" michael@0: #include "nsNetUtil.h" michael@0: #include "nsIObjectInputStream.h" michael@0: #include "nsIObjectOutputStream.h" michael@0: #include "nsAutoPtr.h" michael@0: #include "nsIWritablePropertyBag2.h" michael@0: michael@0: static NS_DEFINE_CID(kSimpleURICID, NS_SIMPLEURI_CID); michael@0: static NS_DEFINE_CID(kNestedAboutURICID, NS_NESTEDABOUTURI_CID); michael@0: michael@0: static bool IsSafeForUntrustedContent(nsIAboutModule *aModule, nsIURI *aURI) { michael@0: uint32_t flags; michael@0: nsresult rv = aModule->GetURIFlags(aURI, &flags); michael@0: NS_ENSURE_SUCCESS(rv, false); michael@0: michael@0: return (flags & nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT) != 0; michael@0: } michael@0: //////////////////////////////////////////////////////////////////////////////// michael@0: michael@0: NS_IMPL_ISUPPORTS(nsAboutProtocolHandler, nsIProtocolHandler) michael@0: michael@0: //////////////////////////////////////////////////////////////////////////////// michael@0: // nsIProtocolHandler methods: michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::GetScheme(nsACString &result) michael@0: { michael@0: result.AssignLiteral("about"); michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::GetDefaultPort(int32_t *result) michael@0: { michael@0: *result = -1; // no port for about: URLs michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::GetProtocolFlags(uint32_t *result) michael@0: { michael@0: *result = URI_NORELATIVE | URI_NOAUTH | URI_DANGEROUS_TO_LOAD; michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::NewURI(const nsACString &aSpec, michael@0: const char *aCharset, // ignore charset info michael@0: nsIURI *aBaseURI, michael@0: nsIURI **result) michael@0: { michael@0: *result = nullptr; michael@0: nsresult rv; michael@0: michael@0: // Use a simple URI to parse out some stuff first michael@0: nsCOMPtr url = do_CreateInstance(kSimpleURICID, &rv); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: rv = url->SetSpec(aSpec); michael@0: if (NS_FAILED(rv)) { michael@0: return rv; michael@0: } michael@0: michael@0: // Unfortunately, people create random about: URIs that don't correspond to michael@0: // about: modules... Since those URIs will never open a channel, might as michael@0: // well consider them unsafe for better perf, and just in case. michael@0: bool isSafe = false; michael@0: michael@0: nsCOMPtr aboutMod; michael@0: rv = NS_GetAboutModule(url, getter_AddRefs(aboutMod)); michael@0: if (NS_SUCCEEDED(rv)) { michael@0: isSafe = IsSafeForUntrustedContent(aboutMod, url); michael@0: } michael@0: michael@0: if (isSafe) { michael@0: // We need to indicate that this baby is safe. Use an inner URI that michael@0: // no one but the security manager will see. Make sure to preserve our michael@0: // path, in case someone decides to hardcode checks for particular michael@0: // about: URIs somewhere. michael@0: nsAutoCString spec; michael@0: rv = url->GetPath(spec); michael@0: NS_ENSURE_SUCCESS(rv, rv); michael@0: michael@0: spec.Insert("moz-safe-about:", 0); michael@0: michael@0: nsCOMPtr inner; michael@0: rv = NS_NewURI(getter_AddRefs(inner), spec); michael@0: NS_ENSURE_SUCCESS(rv, rv); michael@0: michael@0: nsSimpleNestedURI* outer = new nsNestedAboutURI(inner, aBaseURI); michael@0: NS_ENSURE_TRUE(outer, NS_ERROR_OUT_OF_MEMORY); michael@0: michael@0: // Take a ref to it in the COMPtr we plan to return michael@0: url = outer; michael@0: michael@0: rv = outer->SetSpec(aSpec); michael@0: NS_ENSURE_SUCCESS(rv, rv); michael@0: } michael@0: michael@0: // We don't want to allow mutation, since it would allow safe and michael@0: // unsafe URIs to change into each other... michael@0: NS_TryToSetImmutable(url); michael@0: url.swap(*result); michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::NewChannel(nsIURI* uri, nsIChannel* *result) michael@0: { michael@0: NS_ENSURE_ARG_POINTER(uri); michael@0: michael@0: // about:what you ask? michael@0: nsCOMPtr aboutMod; michael@0: nsresult rv = NS_GetAboutModule(uri, getter_AddRefs(aboutMod)); michael@0: michael@0: nsAutoCString path; michael@0: nsresult rv2 = NS_GetAboutModuleName(uri, path); michael@0: if (NS_SUCCEEDED(rv2) && path.EqualsLiteral("srcdoc")) { michael@0: // about:srcdoc is meant to be unresolvable, yet is included in the michael@0: // about lookup tables so that it can pass security checks when used in michael@0: // a srcdoc iframe. To ensure that it stays unresolvable, we pretend michael@0: // that it doesn't exist. michael@0: rv = NS_ERROR_FACTORY_NOT_REGISTERED; michael@0: } michael@0: michael@0: if (NS_SUCCEEDED(rv)) { michael@0: // The standard return case: michael@0: rv = aboutMod->NewChannel(uri, result); michael@0: if (NS_SUCCEEDED(rv)) { michael@0: // If this URI is safe for untrusted content, enforce that its michael@0: // principal be based on the channel's originalURI by setting the michael@0: // owner to null. michael@0: // Note: this relies on aboutMod's newChannel implementation michael@0: // having set the proper originalURI, which probably isn't ideal. michael@0: if (IsSafeForUntrustedContent(aboutMod, uri)) { michael@0: (*result)->SetOwner(nullptr); michael@0: } michael@0: michael@0: nsRefPtr aboutURI; michael@0: nsresult rv2 = uri->QueryInterface(kNestedAboutURICID, michael@0: getter_AddRefs(aboutURI)); michael@0: if (NS_SUCCEEDED(rv2) && aboutURI->GetBaseURI()) { michael@0: nsCOMPtr writableBag = michael@0: do_QueryInterface(*result); michael@0: if (writableBag) { michael@0: writableBag-> michael@0: SetPropertyAsInterface(NS_LITERAL_STRING("baseURI"), michael@0: aboutURI->GetBaseURI()); michael@0: } michael@0: } michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: // mumble... michael@0: michael@0: if (rv == NS_ERROR_FACTORY_NOT_REGISTERED) { michael@0: // This looks like an about: we don't know about. Convert michael@0: // this to an invalid URI error. michael@0: rv = NS_ERROR_MALFORMED_URI; michael@0: } michael@0: michael@0: return rv; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsAboutProtocolHandler::AllowPort(int32_t port, const char *scheme, bool *_retval) michael@0: { michael@0: // don't override anything. michael@0: *_retval = false; michael@0: return NS_OK; michael@0: } michael@0: michael@0: //////////////////////////////////////////////////////////////////////////////// michael@0: // Safe about protocol handler impl michael@0: michael@0: NS_IMPL_ISUPPORTS(nsSafeAboutProtocolHandler, nsIProtocolHandler) michael@0: michael@0: // nsIProtocolHandler methods: michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::GetScheme(nsACString &result) michael@0: { michael@0: result.AssignLiteral("moz-safe-about"); michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::GetDefaultPort(int32_t *result) michael@0: { michael@0: *result = -1; // no port for moz-safe-about: URLs michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::GetProtocolFlags(uint32_t *result) michael@0: { michael@0: *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::NewURI(const nsACString &aSpec, michael@0: const char *aCharset, // ignore charset info michael@0: nsIURI *aBaseURI, michael@0: nsIURI **result) michael@0: { michael@0: nsresult rv; michael@0: michael@0: nsCOMPtr url = do_CreateInstance(kSimpleURICID, &rv); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: rv = url->SetSpec(aSpec); michael@0: if (NS_FAILED(rv)) { michael@0: return rv; michael@0: } michael@0: michael@0: NS_TryToSetImmutable(url); michael@0: michael@0: *result = nullptr; michael@0: url.swap(*result); michael@0: return rv; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::NewChannel(nsIURI* uri, nsIChannel* *result) michael@0: { michael@0: *result = nullptr; michael@0: return NS_ERROR_NOT_AVAILABLE; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsSafeAboutProtocolHandler::AllowPort(int32_t port, const char *scheme, bool *_retval) michael@0: { michael@0: // don't override anything. michael@0: *_retval = false; michael@0: return NS_OK; michael@0: } michael@0: michael@0: //////////////////////////////////////////////////////////// michael@0: // nsNestedAboutURI implementation michael@0: NS_INTERFACE_MAP_BEGIN(nsNestedAboutURI) michael@0: if (aIID.Equals(kNestedAboutURICID)) michael@0: foundInterface = static_cast(this); michael@0: else michael@0: NS_INTERFACE_MAP_END_INHERITING(nsSimpleNestedURI) michael@0: michael@0: // nsISerializable michael@0: NS_IMETHODIMP michael@0: nsNestedAboutURI::Read(nsIObjectInputStream* aStream) michael@0: { michael@0: nsresult rv = nsSimpleNestedURI::Read(aStream); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: bool haveBase; michael@0: rv = aStream->ReadBoolean(&haveBase); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: if (haveBase) { michael@0: nsCOMPtr supports; michael@0: rv = aStream->ReadObject(true, getter_AddRefs(supports)); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: mBaseURI = do_QueryInterface(supports, &rv); michael@0: if (NS_FAILED(rv)) return rv; michael@0: } michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: NS_IMETHODIMP michael@0: nsNestedAboutURI::Write(nsIObjectOutputStream* aStream) michael@0: { michael@0: nsresult rv = nsSimpleNestedURI::Write(aStream); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: rv = aStream->WriteBoolean(mBaseURI != nullptr); michael@0: if (NS_FAILED(rv)) return rv; michael@0: michael@0: if (mBaseURI) { michael@0: // A previous iteration of this code wrote out mBaseURI as nsISupports michael@0: // and then read it in as nsIURI, which is non-kosher when mBaseURI michael@0: // implements more than just a single line of interfaces and the michael@0: // canonical nsISupports* isn't the one a static_cast<> of mBaseURI michael@0: // would produce. For backwards compatibility with existing michael@0: // serializations we continue to write mBaseURI as nsISupports but michael@0: // switch to reading it as nsISupports, with a post-read QI to get to michael@0: // nsIURI. michael@0: rv = aStream->WriteCompoundObject(mBaseURI, NS_GET_IID(nsISupports), michael@0: true); michael@0: if (NS_FAILED(rv)) return rv; michael@0: } michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: // nsSimpleURI michael@0: /* virtual */ nsSimpleURI* michael@0: nsNestedAboutURI::StartClone(nsSimpleURI::RefHandlingEnum aRefHandlingMode) michael@0: { michael@0: // Sadly, we can't make use of nsSimpleNestedURI::StartClone here. michael@0: // However, this function is expected to exactly match that function, michael@0: // aside from the "new ns***URI()" call. michael@0: NS_ENSURE_TRUE(mInnerURI, nullptr); michael@0: michael@0: nsCOMPtr innerClone; michael@0: nsresult rv = aRefHandlingMode == eHonorRef ? michael@0: mInnerURI->Clone(getter_AddRefs(innerClone)) : michael@0: mInnerURI->CloneIgnoringRef(getter_AddRefs(innerClone)); michael@0: michael@0: if (NS_FAILED(rv)) { michael@0: return nullptr; michael@0: } michael@0: michael@0: nsNestedAboutURI* url = new nsNestedAboutURI(innerClone, mBaseURI); michael@0: url->SetMutable(false); michael@0: michael@0: return url; michael@0: } michael@0: michael@0: // nsIClassInfo michael@0: NS_IMETHODIMP michael@0: nsNestedAboutURI::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc) michael@0: { michael@0: *aClassIDNoAlloc = kNestedAboutURICID; michael@0: return NS_OK; michael@0: }