Tree - source-git/mozjs60 - CentOS Git server

source-git / mozjs60

Blame dom/base/nsDataDocumentContentPolicy.cpp

Blob History Raw

Packit	f0b94e	`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
Packit	f0b94e	`/* vim: set ts=8 sts=2 et sw=2 tw=80: */`
Packit	f0b94e	`/* This Source Code Form is subject to the terms of the Mozilla Public`
Packit	f0b94e	`* License, v. 2.0. If a copy of the MPL was not distributed with this`
Packit	f0b94e	`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
Packit	f0b94e
Packit	f0b94e	`/*`
Packit	f0b94e	`* Content policy implementation that prevents all loads of images,`
Packit	f0b94e	`* subframes, etc from documents loaded as data (eg documents loaded`
Packit	f0b94e	`* via XMLHttpRequest).`
Packit	f0b94e	`*/`
Packit	f0b94e
Packit	f0b94e	`#include "nsContentUtils.h"`
Packit	f0b94e	`#include "nsDataDocumentContentPolicy.h"`
Packit	f0b94e	`#include "nsNetUtil.h"`
Packit	f0b94e	`#include "nsIProtocolHandler.h"`
Packit	f0b94e	`#include "nsScriptSecurityManager.h"`
Packit	f0b94e	`#include "nsIDocument.h"`
Packit	f0b94e	`#include "nsINode.h"`
Packit	f0b94e	`#include "nsIDOMWindow.h"`
Packit	f0b94e	`#include "nsIURI.h"`
Packit	f0b94e
Packit	f0b94e	`NS_IMPL_ISUPPORTS(nsDataDocumentContentPolicy, nsIContentPolicy)`
Packit	f0b94e
Packit	f0b94e	`// Helper method for ShouldLoad()`
Packit	f0b94e	`// Checks a URI for the given flags. Returns true if the URI has the flags,`
Packit	f0b94e	`// and false if not (or if we weren't able to tell).`
Packit	f0b94e	`static bool HasFlags(nsIURI *aURI, uint32_t aURIFlags) {`
Packit	f0b94e	`bool hasFlags;`
Packit	f0b94e	`nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);`
Packit	f0b94e	`return NS_SUCCEEDED(rv) && hasFlags;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// If you change DataDocumentContentPolicy, make sure to check that`
Packit	f0b94e	`// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.`
Packit	f0b94e	`// nsContentPolicyUtils may not pass all the parameters to ShouldLoad.`
Packit	f0b94e	`NS_IMETHODIMP`
Packit	f0b94e	`nsDataDocumentContentPolicy::ShouldLoad(`
Packit	f0b94e	`uint32_t aContentType, nsIURI *aContentLocation,`
Packit	f0b94e	`nsIURI aRequestingLocation, nsISupports aRequestingContext,`
Packit	f0b94e	`const nsACString &aMimeGuess, nsISupports *aExtra,`
Packit	f0b94e	`nsIPrincipal aRequestPrincipal, int16_t aDecision) {`
Packit	f0b94e	`MOZ_ASSERT(`
Packit	f0b94e	`aContentType ==`
Packit	f0b94e	`nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),`
Packit	f0b94e	`"We should only see external content policy types here.");`
Packit	f0b94e
Packit	f0b94e	`*aDecision = nsIContentPolicy::ACCEPT;`
Packit	f0b94e	`// Look for the document. In most cases, aRequestingContext is a node.`
Packit	f0b94e	`nsCOMPtr<nsIDocument> doc;`
Packit	f0b94e	`nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);`
Packit	f0b94e	`if (node) {`
Packit	f0b94e	`doc = node->OwnerDoc();`
Packit	f0b94e	`} else {`
Packit	f0b94e	`if (nsCOMPtr<nsPIDOMWindowOuter> window =`
Packit	f0b94e	`do_QueryInterface(aRequestingContext)) {`
Packit	f0b94e	`doc = window->GetDoc();`
Packit	f0b94e	`}`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// DTDs are always OK to load`
Packit	f0b94e	`if (!doc \|\| aContentType == nsIContentPolicy::TYPE_DTD) {`
Packit	f0b94e	`return NS_OK;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// Nothing else is OK to load for data documents`
Packit	f0b94e	`if (doc->IsLoadedAsData()) {`
Packit	f0b94e	`// ...but let static (print/print preview) documents to load fonts.`
Packit	f0b94e	`if (!doc->IsStaticDocument() \|\|`
Packit	f0b94e	`aContentType != nsIContentPolicy::TYPE_FONT) {`
Packit	f0b94e	`*aDecision = nsIContentPolicy::REJECT_TYPE;`
Packit	f0b94e	`return NS_OK;`
Packit	f0b94e	`}`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`nsIDocument *docToCheckForImage = doc->GetDisplayDocument();`
Packit	f0b94e	`if (!docToCheckForImage) {`
Packit	f0b94e	`docToCheckForImage = doc;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`if (docToCheckForImage->IsBeingUsedAsImage()) {`
Packit	f0b94e	`// We only allow SVG images to load content from URIs that are local and`
Packit	f0b94e	`// also satisfy one of the following conditions:`
Packit	f0b94e	`// - URI inherits security context, e.g. data URIs`
Packit	f0b94e	`// OR`
Packit	f0b94e	`// - URI loadable by subsumers, e.g. blob URIs`
Packit	f0b94e	`// Any URI that doesn't meet these requirements will be rejected below.`
Packit	f0b94e	`if (!(HasFlags(aContentLocation,`
Packit	f0b94e	`nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) &&`
Packit	f0b94e	`(HasFlags(aContentLocation,`
Packit	f0b94e	`nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) \|\|`
Packit	f0b94e	`HasFlags(aContentLocation,`
Packit	f0b94e	`nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS)))) {`
Packit	f0b94e	`*aDecision = nsIContentPolicy::REJECT_TYPE;`
Packit	f0b94e
Packit	f0b94e	`// Report error, if we can.`
Packit	f0b94e	`if (node) {`
Packit	f0b94e	`nsIPrincipal *requestingPrincipal = node->NodePrincipal();`
Packit	f0b94e	`RefPtr<nsIURI> principalURI;`
Packit	f0b94e	`nsresult rv = requestingPrincipal->GetURI(getter_AddRefs(principalURI));`
Packit	f0b94e	`if (NS_SUCCEEDED(rv) && principalURI) {`
Packit	f0b94e	`nsScriptSecurityManager::ReportError(nullptr, "ExternalDataError",`
Packit	f0b94e	`principalURI, aContentLocation);`
Packit	f0b94e	`}`
Packit	f0b94e	`}`
Packit	f0b94e	`} else if ((aContentType == nsIContentPolicy::TYPE_IMAGE \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_IMAGESET) &&`
Packit	f0b94e	`doc->GetDocumentURI()) {`
Packit	f0b94e	`// Check for (& disallow) recursive image-loads`
Packit	f0b94e	`bool isRecursiveLoad;`
Packit	f0b94e	`nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),`
Packit	f0b94e	`&isRecursiveLoad);`
Packit	f0b94e	`if (NS_FAILED(rv) \|\| isRecursiveLoad) {`
Packit	f0b94e	`NS_WARNING("Refusing to recursively load image");`
Packit	f0b94e	`*aDecision = nsIContentPolicy::REJECT_TYPE;`
Packit	f0b94e	`}`
Packit	f0b94e	`}`
Packit	f0b94e	`return NS_OK;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// Allow all loads for non-resource documents`
Packit	f0b94e	`if (!doc->IsResourceDoc()) {`
Packit	f0b94e	`return NS_OK;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// For resource documents, blacklist some load types`
Packit	f0b94e	`if (aContentType == nsIContentPolicy::TYPE_OBJECT \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_DOCUMENT \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_SCRIPT \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_XSLT \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_FETCH \|\|`
Packit	f0b94e	`aContentType == nsIContentPolicy::TYPE_WEB_MANIFEST) {`
Packit	f0b94e	`*aDecision = nsIContentPolicy::REJECT_TYPE;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`// If you add more restrictions here, make sure to check that`
Packit	f0b94e	`// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.`
Packit	f0b94e	`// nsContentPolicyUtils may not pass all the parameters to ShouldLoad`
Packit	f0b94e
Packit	f0b94e	`return NS_OK;`
Packit	f0b94e	`}`
Packit	f0b94e
Packit	f0b94e	`NS_IMETHODIMP`
Packit	f0b94e	`nsDataDocumentContentPolicy::ShouldProcess(`
Packit	f0b94e	`uint32_t aContentType, nsIURI *aContentLocation,`
Packit	f0b94e	`nsIURI aRequestingLocation, nsISupports aRequestingContext,`
Packit	f0b94e	`const nsACString &aMimeGuess, nsISupports *aExtra,`
Packit	f0b94e	`nsIPrincipal aRequestPrincipal, int16_t aDecision) {`
Packit	f0b94e	`return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,`
Packit	f0b94e	`aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,`
Packit	f0b94e	`aDecision);`
Packit	f0b94e	`}`

source-git / mozjs60

Source Code

Blame dom/base/nsDataDocumentContentPolicy.cpp