nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/toolkit/components/browser/nsWebBrowserContentPolicy.cpp
Emilio Cobos Álvarez 5c9f8df90d Bug 1631305 - Remove unnecessary and incorrect content policy check. r=ckerschb 
This check is unnecessary. We have a central place to compute whether
scriptability is allowed that already accounts for the docshell flag,
see Scriptability::SetDocShellAllowsScript, from bug 840488:

  https://searchfox.org/mozilla-central/rev/a4d62e09a4c46aef918667fa759bf9ae898dc258/docshell/base/nsDocShell.cpp#2532

It is also incorrect, for two reasons:

 * It should really be GetCanExecuteScripts(), so that it works properly
   in subframes.

 * We have a whitelist of principals that should always be allowed to
   execute script (see xpc::PrincipalImmuneToScriptPolicy), which is not
   accounted for here. So if we load an add-on document (or pdf.js after
   bug 866634) in a docshell with disabled script execution, we still
   won't load the out-of-line scripts.

The latter is what's happening in bug 810815, as TB uses the docshell
flag to disable script execution on emails.

This is still a bit of a behavior change in the sense that after this,
IIUC, scripts should download but not execute. I think that's fine and
we have no test that depends on the current behavior.

An alternative to this patch would be to change this check to get the
docshell's document's node principal, and check that against
PrincipalImmuneToScriptPolicy (and while at it fix the check to use
GetCanExecuteScripts()).

But this seems simpler.

Differential Revision: https://phabricator.services.mozilla.com/D71489
2020-04-22 09:26:54 +00:00

99 lines
3.5 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsWebBrowserContentPolicy.h"
#include "nsIDocShell.h"
#include "nsCOMPtr.h"
#include "nsContentPolicyUtils.h"
#include "nsNetUtil.h"
nsWebBrowserContentPolicy::nsWebBrowserContentPolicy() = default;
nsWebBrowserContentPolicy::~nsWebBrowserContentPolicy() = default;
NS_IMPL_ISUPPORTS(nsWebBrowserContentPolicy, nsIContentPolicy)
NS_IMETHODIMP
nsWebBrowserContentPolicy::ShouldLoad(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
int16_t* aShouldLoad) {
MOZ_ASSERT(aShouldLoad, "Null out param");
uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(
contentType),
"We should only see external content policy types here.");
*aShouldLoad = nsIContentPolicy::ACCEPT;
nsCOMPtr<nsISupports> context = aLoadInfo->GetLoadingContext();
nsIDocShell* shell = NS_CP_GetDocShellFromContext(context);
/* We're going to dereference shell, so make sure it isn't null */
if (!shell) {
return NS_OK;
}
nsresult rv;
bool allowed = true;
switch (contentType) {
case nsIContentPolicy::TYPE_SUBDOCUMENT:
rv = shell->GetAllowSubframes(&allowed);
break;
#if 0
/* XXXtw: commented out in old code; add during conpol phase 2 */
case nsIContentPolicy::TYPE_REFRESH:
rv = shell->GetAllowMetaRedirects(&allowed); /* meta _refresh_ */
break;
#endif
case nsIContentPolicy::TYPE_IMAGE:
case nsIContentPolicy::TYPE_IMAGESET:
rv = shell->GetAllowImages(&allowed);
break;
default:
return NS_OK;
}
if (NS_SUCCEEDED(rv) && !allowed) {
NS_SetRequestBlockingReason(
aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER);
*aShouldLoad = nsIContentPolicy::REJECT_TYPE;
}
return rv;
}
NS_IMETHODIMP
nsWebBrowserContentPolicy::ShouldProcess(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
int16_t* aShouldProcess) {
MOZ_ASSERT(aShouldProcess, "Null out param");
uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(
contentType),
"We should only see external content policy types here.");
*aShouldProcess = nsIContentPolicy::ACCEPT;
// Object tags will always open channels with TYPE_OBJECT, but may end up
// loading with TYPE_IMAGE or TYPE_DOCUMENT as their final type, so we block
// actual-plugins at the process stage
if (contentType != nsIContentPolicy::TYPE_OBJECT) {
return NS_OK;
}
nsCOMPtr<nsISupports> context = aLoadInfo->GetLoadingContext();
nsIDocShell* shell = NS_CP_GetDocShellFromContext(context);
if (shell && (!shell->PluginsAllowedInCurrentDoc())) {
NS_SetRequestBlockingReason(
aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER);
*aShouldProcess = nsIContentPolicy::REJECT_TYPE;
}
return NS_OK;
}
View git blame Copy permalink