corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1206961 - Use channel->AsyncOpen2() for imageLoader; Remove security checks from callsites (r=bz)

Browse Source
This commit is contained in:
Christoph Kerschbaumer
2016-04-27 19:41:13 +02:00
parent d3cb477cd4
commit 2fdf936e15
5 changed files with 72 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
dom/security/nsContentSecurityManager.cpp
View File

@@ -39,6 +39,44 @@ static bool SchemeIs(nsIURI* aURI, const char* aScheme)
return NS_SUCCEEDED(baseURI->SchemeIs(aScheme, &isScheme)) && isScheme; return NS_SUCCEEDED(baseURI->SchemeIs(aScheme, &isScheme)) && isScheme;
} }
static bool IsImageLoadInEditorAppType(nsILoadInfo* aLoadInfo)
{
// Editor apps get special treatment here, editors can load images
// from anywhere. This allows editor to insert images from file://
// into documents that are being edited.
nsContentPolicyType type = aLoadInfo->InternalContentPolicyType();
if (type != nsIContentPolicy::TYPE_INTERNAL_IMAGE &&
type != nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD &&
type != nsIContentPolicy::TYPE_IMAGESET) {
return false;
}
uint32_t appType = nsIDocShell::APP_TYPE_UNKNOWN;
nsINode* node = aLoadInfo->LoadingNode();
if (!node) {
return false;
}
nsIDocument* doc = node->OwnerDoc();
if (!doc) {
return false;
}
nsCOMPtr<nsIDocShellTreeItem> docShellTreeItem = doc->GetDocShell();
if (!docShellTreeItem) {
return false;
}
nsCOMPtr<nsIDocShellTreeItem> root;
docShellTreeItem->GetRootTreeItem(getter_AddRefs(root));
nsCOMPtr<nsIDocShell> docShell(do_QueryInterface(root));
if (!docShell || NS_FAILED(docShell->GetAppType(&appType))) {
appType = nsIDocShell::APP_TYPE_UNKNOWN;
}
return appType == nsIDocShell::APP_TYPE_EDITOR;
}
static nsresult static nsresult
DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo) DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
{ {
@@ -55,8 +93,11 @@ DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
flags |= nsIScriptSecurityManager::ALLOW_CHROME; flags |= nsIScriptSecurityManager::ALLOW_CHROME;
} }
bool isImageInEditorType = IsImageLoadInEditorAppType(aLoadInfo);
// We don't have a loadingPrincipal for TYPE_DOCUMENT // We don't have a loadingPrincipal for TYPE_DOCUMENT
if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT) { if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT &&
!isImageInEditorType) {
rv = nsContentUtils::GetSecurityManager()-> rv = nsContentUtils::GetSecurityManager()->
CheckLoadURIWithPrincipal(loadingPrincipal, CheckLoadURIWithPrincipal(loadingPrincipal,
aURI, aURI,
@@ -67,7 +108,7 @@ DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
// If the loadingPrincipal and the triggeringPrincipal are different, then make // If the loadingPrincipal and the triggeringPrincipal are different, then make
// sure the triggeringPrincipal is allowed to access that URI. // sure the triggeringPrincipal is allowed to access that URI.
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal(); nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal();
if (loadingPrincipal != triggeringPrincipal) { if (loadingPrincipal != triggeringPrincipal && !isImageInEditorType) {
rv = nsContentUtils::GetSecurityManager()-> rv = nsContentUtils::GetSecurityManager()->
CheckLoadURIWithPrincipal(triggeringPrincipal, CheckLoadURIWithPrincipal(triggeringPrincipal,
aURI, aURI,
@@ -155,7 +196,8 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
} }
case nsIContentPolicy::TYPE_IMAGE: { case nsIContentPolicy::TYPE_IMAGE: {
MOZ_ASSERT(false, "contentPolicyType not supported yet"); mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break; break;
} }
@@ -295,7 +337,8 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
} }
case nsIContentPolicy::TYPE_IMAGESET: { case nsIContentPolicy::TYPE_IMAGESET: {
MOZ_ASSERT(false, "contentPolicyType not supported yet"); mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break; break;
} }

5
dom/xbl/nsXBLResourceLoader.cpp
View File

@@ -113,11 +113,6 @@ nsXBLResourceLoader::LoadResources(bool* aResult)
continue; continue;
if (curr->mType == nsGkAtoms::image) { if (curr->mType == nsGkAtoms::image) {
if (!nsContentUtils::CanLoadImage(url, doc, doc, docPrincipal)) {
// We're not permitted to load this image, move on...
continue;
}
// Now kick off the image load... // Now kick off the image load...
// Passing nullptr for pretty much everything -- cause we don't care! // Passing nullptr for pretty much everything -- cause we don't care!
// XXX: initialDocumentURI is nullptr! // XXX: initialDocumentURI is nullptr!

21
layout/style/ImageLoader.cpp
View File

@@ -257,26 +257,21 @@ ImageLoader::LoadImage(nsIURI* aURI, nsIPrincipal* aOriginPrincipal,
return; return;
} }
if (!nsContentUtils::CanLoadImage(aURI, mDocument, mDocument,
aOriginPrincipal)) {
return;
}
RefPtr<imgRequestProxy> request; RefPtr<imgRequestProxy> request;
nsContentUtils::LoadImage(aURI, mDocument, mDocument, nsresult rv = nsContentUtils::LoadImage(aURI, mDocument, mDocument,
aOriginPrincipal, aReferrer, aOriginPrincipal, aReferrer,
mDocument->GetReferrerPolicy(), mDocument->GetReferrerPolicy(),
nullptr, nsIRequest::LOAD_NORMAL, nullptr, nsIRequest::LOAD_NORMAL,
NS_LITERAL_STRING("css"), NS_LITERAL_STRING("css"),
getter_AddRefs(request)); getter_AddRefs(request));
if (!request) { if (NS_FAILED(rv) || !request) {
return; return;
} }
RefPtr<imgRequestProxy> clonedRequest; RefPtr<imgRequestProxy> clonedRequest;
mInClone = true; mInClone = true;
nsresult rv = request->Clone(this, getter_AddRefs(clonedRequest)); rv = request->Clone(this, getter_AddRefs(clonedRequest));
mInClone = false; mInClone = false;
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {

14
layout/xul/nsImageBoxFrame.cpp
View File

@@ -233,15 +233,13 @@ nsImageBoxFrame::UpdateImage()
src, src,
doc, doc,
baseURI); baseURI);
if (uri) {
nsresult rv = nsContentUtils::LoadImage(uri, mContent, doc, mContent->NodePrincipal(),
doc->GetDocumentURI(), doc->GetReferrerPolicy(),
mListener, mLoadFlags,
EmptyString(), getter_AddRefs(mImageRequest));
if (uri && nsContentUtils::CanLoadImage(uri, mContent, doc, if (NS_SUCCEEDED(rv) && mImageRequest) {
mContent->NodePrincipal())) {
nsContentUtils::LoadImage(uri, mContent, doc, mContent->NodePrincipal(),
doc->GetDocumentURI(), doc->GetReferrerPolicy(),
mListener, mLoadFlags,
EmptyString(), getter_AddRefs(mImageRequest));
if (mImageRequest) {
nsLayoutUtils::RegisterImageRequestIfAnimated(presContext, nsLayoutUtils::RegisterImageRequestIfAnimated(presContext,
mImageRequest, mImageRequest,
&mRequestRegistered); &mRequestRegistered);

26
layout/xul/tree/nsTreeBodyFrame.cpp
View File

@@ -2188,21 +2188,17 @@ nsTreeBodyFrame::GetImage(int32_t aRowIndex, nsTreeColumn* aCol, bool aUseContex
// XXXbz what's the origin principal for this stuff that comes from our // XXXbz what's the origin principal for this stuff that comes from our
// view? I guess we should assume that it's the node's principal... // view? I guess we should assume that it's the node's principal...
if (nsContentUtils::CanLoadImage(srcURI, mContent, doc, nsresult rv = nsContentUtils::LoadImage(srcURI,
mContent->NodePrincipal())) { mContent,
nsresult rv = nsContentUtils::LoadImage(srcURI, doc,
mContent, mContent->NodePrincipal(),
doc, doc->GetDocumentURI(),
mContent->NodePrincipal(), doc->GetReferrerPolicy(),
doc->GetDocumentURI(), imgNotificationObserver,
doc->GetReferrerPolicy(), nsIRequest::LOAD_NORMAL,
imgNotificationObserver, EmptyString(),
nsIRequest::LOAD_NORMAL, getter_AddRefs(imageRequest));
EmptyString(), NS_ENSURE_SUCCESS(rv, rv);
getter_AddRefs(imageRequest));
NS_ENSURE_SUCCESS(rv, rv);
}
} }
listener->UnsuppressInvalidation(); listener->UnsuppressInvalidation();