Bug 1557887 - Part 10: Prevent initial about:blank documents from escaping out of partitioned storage by using the correct storage principal when creating them; r=baku

Differential Revision: https://phabricator.services.mozilla.com/D34464 --HG-- extra : moz-landing-system : lando
2019-06-12 18:47:25 +00:00 · 2019-06-12 18:47:25 +00:00 · 35248909ba
commit 35248909ba
parent c21ef27666
3 changed files with 7 additions and 4 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -7146,14 +7146,17 @@ nsresult nsDocShell::CreateAboutBlankContentViewer(
      } else {
        principal = NullPrincipal::CreateWithInheritedAttributes(this);
      }
+      storagePrincipal = principal;
    } else {
      principal = aPrincipal;
+      storagePrincipal = aStoragePrincipal;
    }

    MaybeCreateInitialClientSource(principal);

    // generate (about:blank) document to load
-    blankDoc = nsContentDLF::CreateBlankDocument(mLoadGroup, principal, this);
+    blankDoc = nsContentDLF::CreateBlankDocument(mLoadGroup, principal,
+                                                 storagePrincipal, this);
    if (blankDoc) {
      // Hack: manually set the CSP for the new document
      // Please create an actual copy of the CSP (do not share the same
--- a/layout/build/nsContentDLF.cpp
+++ b/layout/build/nsContentDLF.cpp
@ -262,7 +262,7 @@ nsContentDLF::CreateInstanceForDocument(nsISupports* aContainer,
 /* static */
 already_AddRefed<Document> nsContentDLF::CreateBlankDocument(
    nsILoadGroup* aLoadGroup, nsIPrincipal* aPrincipal,
-    nsDocShell* aContainer) {
+    nsIPrincipal* aStoragePrincipal, nsDocShell* aContainer) {
  // create a new blank HTML document
  RefPtr<Document> blankDoc;
  mozilla::Unused << NS_NewHTMLDocument(getter_AddRefs(blankDoc));
@ -277,7 +277,7 @@ already_AddRefed<Document> nsContentDLF::CreateBlankDocument(
  if (!uri) {
    return nullptr;
  }
-  blankDoc->ResetToURI(uri, aLoadGroup, aPrincipal, aPrincipal);
+  blankDoc->ResetToURI(uri, aLoadGroup, aPrincipal, aStoragePrincipal);
  blankDoc->SetContainer(aContainer);

  // add some simple content structure
--- a/layout/build/nsContentDLF.h
+++ b/layout/build/nsContentDLF.h
@ -52,7 +52,7 @@ class nsContentDLF final : public nsIDocumentLoaderFactory {
   */
  static already_AddRefed<mozilla::dom::Document> CreateBlankDocument(
      nsILoadGroup* aLoadGroup, nsIPrincipal* aPrincipal,
-      nsDocShell* aContainer);
+      nsIPrincipal* aStoragePrincipal, nsDocShell* aContainer);

 private:
  static nsresult EnsureUAStyleSheet();