Bug 529697 - (CSP 1.1) Implement form-action directive [2/4], r=smaug

Check CSP when submitting HTML forms.
2014-11-18 01:13:00 +01:00
parent 22da9ec393
commit 0d0c2ff202
3 changed files with 18 additions and 1 deletions
--- a/dom/html/HTMLFormElement.cpp
+++ b/dom/html/HTMLFormElement.cpp
@@ -61,6 +61,8 @@
 #include "nsIDOMHTMLButtonElement.h"
 #include "nsSandboxFlags.h"

+#include "nsIContentSecurityPolicy.h"
+
 // images
 #include "mozilla/dom/HTMLImageElement.h"

@@ -1625,6 +1627,19 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL,
                              nsIScriptSecurityManager::STANDARD);
  NS_ENSURE_SUCCESS(rv, rv);

+  // Check if CSP allows this form-action
+  nsCOMPtr<nsIContentSecurityPolicy> csp;
+  rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (csp) {
+    bool permitsFormAction = true;
+    rv = csp->PermitsFormAction(actionURL, &permitsFormAction);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (!permitsFormAction) {
+      rv = NS_ERROR_CSP_FORM_ACTION_VIOLATION;
+    }
+  }
+
  //
  // Assign to the output
  //