Bug 1677179: Allow module scripts in sandboxed iframe within about: page to load. r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D98765
This commit is contained in:
Christoph Kerschbaumer
@@ -394,32 +394,48 @@ nsresult ScriptLoader::CheckContentPolicy(Document* aDocument,
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool ScriptLoader::IsAboutPageLoadingChromeURI(ScriptLoadRequest* aRequest) {
|
||||
// if we are not dealing with a contentPrincipal it can not be a
|
||||
// Principal with a scheme of about: and there is nothing left to do
|
||||
if (!aRequest->TriggeringPrincipal()->GetIsContentPrincipal()) {
|
||||
return false;
|
||||
}
|
||||
if (!aRequest->TriggeringPrincipal()->SchemeIs("about")) {
|
||||
return false;
|
||||
}
|
||||
// if the triggering uri is not of scheme about:, there is nothing to do
|
||||
|
||||
// if the about: page is linkable from content, there is nothing to do
|
||||
uint32_t aboutModuleFlags = 0;
|
||||
nsresult rv =
|
||||
aRequest->TriggeringPrincipal()->GetAboutModuleFlags(&aboutModuleFlags);
|
||||
NS_ENSURE_SUCCESS(rv, false);
|
||||
|
||||
if (aboutModuleFlags & nsIAboutModule::MAKE_LINKABLE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool ScriptLoader::IsAboutPageLoadingChromeURI(ScriptLoadRequest* aRequest,
|
||||
Document* aDocument) {
|
||||
// if the uri to be loaded is not of scheme chrome:, there is nothing to do.
|
||||
if (!aRequest->mURI->SchemeIs("chrome")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// we can either get here with a regular contentPrincipal or with a
|
||||
// NullPrincipal in case we are showing an error page in a sandboxed iframe.
|
||||
// In either case if the about: page is linkable from content, there is
|
||||
// nothing to do.
|
||||
uint32_t aboutModuleFlags = 0;
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aRequest->TriggeringPrincipal();
|
||||
if (triggeringPrincipal->GetIsContentPrincipal()) {
|
||||
if (!triggeringPrincipal->SchemeIs("about")) {
|
||||
return false;
|
||||
}
|
||||
rv = triggeringPrincipal->GetAboutModuleFlags(&aboutModuleFlags);
|
||||
NS_ENSURE_SUCCESS(rv, false);
|
||||
} else if (triggeringPrincipal->GetIsNullPrincipal()) {
|
||||
nsCOMPtr<nsIURI> docURI = aDocument->GetDocumentURI();
|
||||
if (!docURI->SchemeIs("about")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIAboutModule> aboutModule;
|
||||
rv = NS_GetAboutModule(docURI, getter_AddRefs(aboutModule));
|
||||
if (NS_FAILED(rv) || !aboutModule) {
|
||||
return false;
|
||||
}
|
||||
rv = aboutModule->GetURIFlags(docURI, &aboutModuleFlags);
|
||||
NS_ENSURE_SUCCESS(rv, false);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (aboutModuleFlags & nsIAboutModule::MAKE_LINKABLE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// seems like an about page wants to load a chrome URI.
|
||||
return true;
|
||||
}
|
||||
@@ -1405,7 +1421,7 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
|
||||
// According to the spec, module scripts have different behaviour to classic
|
||||
// scripts and always use CORS. Only exception: Non linkable about: pages
|
||||
// which load local module scripts.
|
||||
if (IsAboutPageLoadingChromeURI(aRequest)) {
|
||||
if (IsAboutPageLoadingChromeURI(aRequest, mDocument)) {
|
||||
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
} else {
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
|
||||
Reference in New Issue
Block a user