Bug 406541 - Ensure we agree with java on applet codebase, and run security checks for file: codebase URIs. r=jst
This commit is contained in:
John Schoenick
@@ -95,6 +95,7 @@ using mozilla::DefaultXDisplay;
|
||||
#include "nsIDOMDragEvent.h"
|
||||
#include "nsIScrollableFrame.h"
|
||||
#include "nsIImageLoadingContent.h"
|
||||
#include "nsIObjectLoadingContent.h"
|
||||
|
||||
#include "nsContentCID.h"
|
||||
#include "nsWidgetsCID.h"
|
||||
@@ -1195,6 +1196,31 @@ nsresult nsPluginInstanceOwner::EnsureCachedAttrParamArrays()
|
||||
mNumCachedAttrs++;
|
||||
}
|
||||
|
||||
// Some plugins (java, bug 406541) don't canonicalize the 'codebase' attribute
|
||||
// in a standard way - codebase="" results in / (domain root), but
|
||||
// codebase="blah" results in ./blah; codebase="file:" results in "file:///".
|
||||
// We canonicalize codebase here to ensure the codebase we run security checks
|
||||
// against is the same codebase java uses.
|
||||
// Note that GetObjectBaseURI mimics some of java's quirks for maximal
|
||||
// compatibility.
|
||||
const char* mime = nsnull;
|
||||
bool addCodebase = false;
|
||||
nsCAutoString codebaseSpec;
|
||||
if (mInstance && NS_SUCCEEDED(mInstance->GetMIMEType(&mime)) && mime &&
|
||||
strcmp(mime, "application/x-java-vm") == 0) {
|
||||
addCodebase = true;
|
||||
nsCOMPtr<nsIObjectLoadingContent> objlContent = do_QueryInterface(mContent);
|
||||
nsCOMPtr<nsIURI> codebaseURI;
|
||||
objlContent->GetObjectBaseURI(nsCString(mime), getter_AddRefs(codebaseURI));
|
||||
nsresult rv = codebaseURI->GetSpec(codebaseSpec);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Make space if codebase isn't already set
|
||||
if (!mContent->HasAttr(kNameSpaceID_None, nsGkAtoms::codebase)) {
|
||||
mNumCachedAttrs++;
|
||||
}
|
||||
}
|
||||
|
||||
mCachedAttrParamNames = (char**)NS_Alloc(sizeof(char*) * (mNumCachedAttrs + 1 + mNumCachedParams));
|
||||
NS_ENSURE_TRUE(mCachedAttrParamNames, NS_ERROR_OUT_OF_MEMORY);
|
||||
mCachedAttrParamValues = (char**)NS_Alloc(sizeof(char*) * (mNumCachedAttrs + 1 + mNumCachedParams));
|
||||
@@ -1248,12 +1274,22 @@ nsresult nsPluginInstanceOwner::EnsureCachedAttrParamArrays()
|
||||
mNumCachedAttrs--;
|
||||
wmodeSet = true;
|
||||
}
|
||||
} else if (addCodebase && 0 == PL_strcasecmp(mCachedAttrParamNames[nextAttrParamIndex], "codebase")) {
|
||||
mCachedAttrParamValues[nextAttrParamIndex] = ToNewUTF8String(NS_ConvertUTF8toUTF16(codebaseSpec));
|
||||
addCodebase = false;
|
||||
} else {
|
||||
mCachedAttrParamValues[nextAttrParamIndex] = ToNewUTF8String(value);
|
||||
}
|
||||
nextAttrParamIndex++;
|
||||
}
|
||||
|
||||
// Pontentially add CODEBASE attribute
|
||||
if (addCodebase) {
|
||||
mCachedAttrParamNames [nextAttrParamIndex] = ToNewUTF8String(NS_LITERAL_STRING("codebase"));
|
||||
mCachedAttrParamValues[nextAttrParamIndex] = ToNewUTF8String(NS_ConvertUTF8toUTF16(codebaseSpec));
|
||||
nextAttrParamIndex++;
|
||||
}
|
||||
|
||||
// Potentially add WMODE attribute.
|
||||
if (!wmodeType.IsEmpty() && !wmodeSet) {
|
||||
mCachedAttrParamNames [nextAttrParamIndex] = ToNewUTF8String(NS_LITERAL_STRING("wmode"));
|
||||
|
||||
Reference in New Issue
Block a user