Bug 1753352 - Inherit principal into about:blank with query string. r=nika, a=dsmith

Differential Revision: https://phabricator.services.mozilla.com/D212093
2024-07-17 16:12:53 +00:00 · 2024-07-17 16:12:53 +00:00 · 2ef5159453
commit 2ef5159453
parent 797f535dcd
14 changed files with 53 additions and 40 deletions
--- a/caps/ContentPrincipal.cpp
+++ b/caps/ContentPrincipal.cpp
@ -99,7 +99,7 @@ nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
    return NS_ERROR_FAILURE;
  }

-  MOZ_ASSERT(!NS_IsAboutBlank(origin),
+  MOZ_ASSERT(!NS_IsAboutBlankAllowQueryAndFragment(origin),
             "The inner URI for about:blank must be moz-safe-about:blank");

  // Handle non-strict file:// uris.
--- a/docshell/base/CanonicalBrowsingContext.cpp
+++ b/docshell/base/CanonicalBrowsingContext.cpp
@ -2959,7 +2959,7 @@ bool CanonicalBrowsingContext::AllowedInBFCache(
    nsCOMPtr<nsIURI> currentURI = wgp->GetDocumentURI();
    // Exempt about:* pages from bfcache, with the exception of about:blank
    if (currentURI->SchemeIs("about") &&
-        !currentURI->GetSpecOrDefault().EqualsLiteral("about:blank")) {
+        !NS_IsAboutBlankAllowQueryAndFragment(currentURI)) {
      bfcacheCombo |= BFCacheStatus::ABOUT_PAGE;
      MOZ_LOG(gSHIPBFCacheLog, LogLevel::Debug, (" * about:* page"));
    }
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -10053,7 +10053,7 @@ nsIPrincipal* nsDocShell::GetInheritedPrincipal(

 bool nsDocShell::IsAboutBlankLoadOntoInitialAboutBlank(
    nsIURI* aURI, bool aInheritPrincipal, nsIPrincipal* aPrincipalToInherit) {
-  return NS_IsAboutBlank(aURI) && aInheritPrincipal &&
+  return NS_IsAboutBlankAllowQueryAndFragment(aURI) && aInheritPrincipal &&
         (aPrincipalToInherit == GetInheritedPrincipal(false)) &&
         (!mDocumentViewer || !mDocumentViewer->GetDocument() ||
          mDocumentViewer->GetDocument()->IsInitialDocument());
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -7412,7 +7412,8 @@ bool nsContentUtils::ChannelShouldInheritPrincipal(
    // we're checking for things that will use the owner.
    inherit =
        (NS_SUCCEEDED(URIInheritsSecurityContext(aURI, &uriInherits)) &&
-         (uriInherits || (aInheritForAboutBlank && NS_IsAboutBlank(aURI)))) ||
+         (uriInherits || (aInheritForAboutBlank &&
+                          NS_IsAboutBlankAllowQueryAndFragment(aURI)))) ||
        //
        // file: uri special-casing
        //
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@ -1861,12 +1861,9 @@ nsresult nsGlobalWindowInner::EnsureClientSource() {

    bool ignoreLoadInfo = false;

-    // Note, this is mostly copied from NS_IsAboutBlank().  Its duplicated
-    // here so we can efficiently check about:srcdoc as well.
    if (uri->SchemeIs("about")) {
-      nsCString spec = uri->GetSpecOrDefault();
-      ignoreLoadInfo = spec.EqualsLiteral("about:blank") ||
-                       spec.EqualsLiteral("about:srcdoc");
+      ignoreLoadInfo =
+          NS_IsAboutBlankAllowQueryAndFragment(uri) || NS_IsAboutSrcdoc(uri);
    } else {
      // Its not an about: URL, so now check for our other URL types.
      ignoreLoadInfo = uri->SchemeIs("data") || uri->SchemeIs("blob");
--- a/dom/clients/api/Clients.cpp
+++ b/dom/clients/api/Clients.cpp
@ -21,6 +21,7 @@
 #include "mozilla/StorageAccess.h"
 #include "nsIGlobalObject.h"
 #include "nsString.h"
+#include "nsReadableUtils.h"

 namespace mozilla::dom {

@ -212,7 +213,9 @@ already_AddRefed<Promise> Clients::OpenWindow(const nsAString& aURL,
    return outerPromise.forget();
  }

-  if (aURL.EqualsLiteral("about:blank")) {
+  if (aURL.EqualsLiteral(u"about:blank") ||
+      StringBeginsWith(aURL, u"about:blank?"_ns) ||
+      StringBeginsWith(aURL, u"about:blank#"_ns)) {
    CopyableErrorResult rv;
    rv.ThrowTypeError(
        "Passing \"about:blank\" to Clients.openWindow is not allowed");
--- a/dom/clients/manager/ClientNavigateOpChild.cpp
+++ b/dom/clients/manager/ClientNavigateOpChild.cpp
@ -224,7 +224,7 @@ RefPtr<ClientOpPromise> ClientNavigateOpChild::DoNavigate(
    return ClientOpPromise::CreateAndReject(result, __func__);
  }

-  if (url->GetSpecOrDefault().EqualsLiteral("about:blank")) {
+  if (NS_IsAboutBlankAllowQueryAndFragment(url)) {
    CopyableErrorResult result;
    result.ThrowTypeError("Navigation to \"about:blank\" is not allowed");
    return ClientOpPromise::CreateAndReject(result, __func__);
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@ -339,14 +339,10 @@ nsresult nsHTMLDocument::StartDocumentLoad(
    // mDocumentURI hasn't been set, yet, so get the URI from the channel
    nsCOMPtr<nsIURI> uri;
    aChannel->GetOriginalURI(getter_AddRefs(uri));
-    // Adapted from nsDocShell:
-    // GetSpec can be expensive for some URIs, so check the scheme first.
-    if (uri && uri->SchemeIs("about")) {
-      if (uri->GetSpecOrDefault().EqualsLiteral("about:blank")) {
+    if (NS_IsAboutBlankAllowQueryAndFragment(uri)) {
      loadAsHtml5 = false;
    }
  }
-  }

  nsresult rv = Document::StartDocumentLoad(aCommand, aChannel, aLoadGroup,
                                            aContainer, aDocListener, aReset);
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@ -23,6 +23,7 @@
 #include "mozilla/StoragePrincipalHelper.h"
 #include "mozilla/TaskQueue.h"
 #include "mozilla/Telemetry.h"
+#include "nsAboutProtocolUtils.h"
 #include "nsBufferedStreams.h"
 #include "nsCategoryCache.h"
 #include "nsComponentManagerUtils.h"
@ -2803,6 +2804,20 @@ bool NS_IsAboutBlank(nsIURI* uri) {
  return spec.EqualsLiteral("about:blank");
 }

+bool NS_IsAboutBlankAllowQueryAndFragment(nsIURI* uri) {
+  // GetSpec can be expensive for some URIs, so check the scheme first.
+  if (!uri->SchemeIs("about")) {
+    return false;
+  }
+
+  nsAutoCString name;
+  if (NS_FAILED(NS_GetAboutModuleName(uri, name))) {
+    return false;
+  }
+
+  return name.EqualsLiteral("blank");
+}
+
 bool NS_IsAboutSrcdoc(nsIURI* uri) {
  // GetSpec can be expensive for some URIs, so check the scheme first.
  if (!uri->SchemeIs("about")) {
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@ -875,6 +875,12 @@ void net_EnsurePSMInit();
 */
 bool NS_IsAboutBlank(nsIURI* uri);

+/**
+ * Test whether a URI is "about:blank", possibly with fragment or query.  |uri|
+ * must not be null
+ */
+bool NS_IsAboutBlankAllowQueryAndFragment(nsIURI* uri);
+
 /**
 * Test whether a URI is "about:srcdoc".  |uri| must not be null
 */
--- a/parser/htmlparser/nsParser.h
+++ b/parser/htmlparser/nsParser.h
@ -239,6 +239,8 @@ class nsParser final : public nsIParser,
  void HandleParserContinueEvent(class nsParserContinueEvent*);

  void Reset() {
+    MOZ_ASSERT(!mIsAboutBlank,
+               "Only the XML fragment parsing case is supposed to call this.");
    Cleanup();
    mUnusedInput.Truncate();
    Initialize();
--- a/testing/web-platform/meta/html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/load-pageshow-events-iframe-contentWindow.html.ini
+++ b/testing/web-platform/meta/html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/load-pageshow-events-iframe-contentWindow.html.ini
@ -2,19 +2,19 @@
  expected:
    if (os == "android") and fission: [OK, TIMEOUT]
  [load & pageshow event do not fire on contentWindow of <iframe> element created with no src]
-    expected:
-      if (os == "win") and swgl: [FAIL, PASS]
-      if os == "linux": [FAIL, PASS]
-      FAIL
+    expected: [FAIL, PASS]

  [load & pageshow events do not fire on contentWindow of <iframe> element created with src='']
-    expected:
-      if os == "linux": [FAIL, PASS]
-      FAIL
+    expected: [FAIL, PASS]

  [load & pageshow events do not fire on contentWindow of <iframe> element created with src='about:blank']
-    expected:
-      if (os == "linux") and debug and not fission and swgl: [FAIL, PASS]
-      if (os == "linux") and debug and fission: [FAIL, PASS]
-      if (os == "linux") and not debug: [FAIL, PASS]
-      FAIL
+    expected: [FAIL, PASS]
+
+  [load & pageshow events do not fire on contentWindow of <iframe> element created with src='about:blank#foo']
+    expected: [FAIL, PASS]
+
+  [load & pageshow events do not fire on contentWindow of <iframe> element created with src='about:blank?foo']
+    expected: [FAIL, PASS]
+
+  [load event does not fire on window.open('about:blank?foo')]
+    expected: [FAIL, PASS]
--- a/testing/web-platform/meta/html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/load-pageshow-events-window-open.html.ini
+++ b/testing/web-platform/meta/html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/load-pageshow-events-window-open.html.ini
@ -1,10 +1,6 @@
 [load-pageshow-events-window-open.html]
  [load event does not fire on window.open('about:blank')]
-    expected:
-      if (os == "linux") and not swgl and fission and not debug and (processor == "x86"): [FAIL, PASS]
-      if (os == "linux") and not swgl and fission and not debug and (processor == "x86_64"): [FAIL, PASS]
-      if (os == "linux") and not swgl and fission and debug: [FAIL, PASS]
-      if (os == "linux") and swgl and not fission: [FAIL, PASS]
-      if os == "win": FAIL
-      if os == "mac": FAIL
-      [PASS, FAIL]
+    expected: [FAIL, PASS]
+
+  [load event does not fire on window.open('about:blank?foo')]
+    expected: [FAIL, PASS]
--- a/testing/web-platform/meta/html/infrastructure/urls/base-url/matches-about-blank-base-url.window.js.ini
+++ b/testing/web-platform/meta/html/infrastructure/urls/base-url/matches-about-blank-base-url.window.js.ini
@ -1,3 +0,0 @@
-[matches-about-blank-base-url.window.html]
-  [about:blank and about:blank?foo#bar both 'match about:blank']
-    expected: FAIL