Bug 1406278: Part 8b - Use subject principal as triggering principal in style <link> "href" attribute. r=bz
MozReview-Commit-ID: LWMkBcB4WIg
This commit is contained in:
Kris Maglione
@@ -810,7 +810,7 @@ nsContentSink::ProcessStyleLink(nsIContent* aElement,
|
||||
// If this is a fragment parser, we don't want to observe.
|
||||
// We don't support CORS for processing instructions
|
||||
bool isAlternate;
|
||||
rv = mCSSLoader->LoadStyleLink(aElement, url, aTitle, aMedia, aAlternate,
|
||||
rv = mCSSLoader->LoadStyleLink(aElement, url, nullptr, aTitle, aMedia, aAlternate,
|
||||
CORS_NONE, referrerPolicy,
|
||||
integrity, mRunsToCompletion ? nullptr : this,
|
||||
&isAlternate);
|
||||
|
||||
@@ -471,7 +471,8 @@ nsStyleLinkElement::DoUpdateStyleSheet(nsIDocument* aOldDocument,
|
||||
}
|
||||
|
||||
bool isInline;
|
||||
nsCOMPtr<nsIURI> uri = GetStyleSheetURL(&isInline);
|
||||
nsCOMPtr<nsIPrincipal> triggeringPrincipal;
|
||||
nsCOMPtr<nsIURI> uri = GetStyleSheetURL(&isInline, getter_AddRefs(triggeringPrincipal));
|
||||
|
||||
if (!aForceUpdate && mStyleSheet && !isInline && uri) {
|
||||
nsIURI* oldURI = mStyleSheet->GetSheetURI();
|
||||
@@ -563,8 +564,8 @@ nsStyleLinkElement::DoUpdateStyleSheet(nsIDocument* aOldDocument,
|
||||
uri->Clone(getter_AddRefs(clonedURI));
|
||||
NS_ENSURE_TRUE(clonedURI, NS_ERROR_OUT_OF_MEMORY);
|
||||
rv = doc->CSSLoader()->
|
||||
LoadStyleLink(thisContent, clonedURI, title, media, isAlternate,
|
||||
GetCORSMode(), referrerPolicy, integrity,
|
||||
LoadStyleLink(thisContent, clonedURI, triggeringPrincipal, title, media,
|
||||
isAlternate, GetCORSMode(), referrerPolicy, integrity,
|
||||
aObserver, &isAlternate);
|
||||
if (NS_FAILED(rv)) {
|
||||
// Don't propagate LoadStyleLink() errors further than this, since some
|
||||
|
||||
@@ -93,7 +93,7 @@ protected:
|
||||
|
||||
void UpdateStyleSheetScopedness(bool aIsNowScoped);
|
||||
|
||||
virtual already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline) = 0;
|
||||
virtual already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal) = 0;
|
||||
virtual void GetStyleSheetInfo(nsAString& aTitle,
|
||||
nsAString& aType,
|
||||
nsAString& aMedia,
|
||||
@@ -137,6 +137,7 @@ private:
|
||||
|
||||
RefPtr<mozilla::StyleSheet> mStyleSheet;
|
||||
protected:
|
||||
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
|
||||
bool mDontLoadStyle;
|
||||
bool mUpdatesEnabled;
|
||||
uint32_t mLineNumber;
|
||||
|
||||
@@ -284,6 +284,12 @@ HTMLLinkElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
|
||||
}
|
||||
}
|
||||
|
||||
if (aNameSpaceID == kNameSpaceID_None && aName == nsGkAtoms::href) {
|
||||
mTriggeringPrincipal = nsContentUtils::GetAttrTriggeringPrincipal(
|
||||
this, aValue ? aValue->GetStringValue() : EmptyString(),
|
||||
aSubjectPrincipal);
|
||||
}
|
||||
|
||||
if (aValue) {
|
||||
if (aNameSpaceID == kNameSpaceID_None &&
|
||||
(aName == nsGkAtoms::href ||
|
||||
@@ -401,14 +407,20 @@ HTMLLinkElement::GetHrefURI() const
|
||||
}
|
||||
|
||||
already_AddRefed<nsIURI>
|
||||
HTMLLinkElement::GetStyleSheetURL(bool* aIsInline)
|
||||
HTMLLinkElement::GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal)
|
||||
{
|
||||
*aIsInline = false;
|
||||
*aTriggeringPrincipal = nullptr;
|
||||
|
||||
nsAutoString href;
|
||||
GetAttr(kNameSpaceID_None, nsGkAtoms::href, href);
|
||||
if (href.IsEmpty()) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> prin = mTriggeringPrincipal;
|
||||
prin.forget(aTriggeringPrincipal);
|
||||
|
||||
nsCOMPtr<nsIURI> uri = Link::GetURI();
|
||||
return uri.forget();
|
||||
}
|
||||
|
||||
@@ -87,9 +87,13 @@ public:
|
||||
{
|
||||
GetURIAttr(nsGkAtoms::href, nullptr, aValue);
|
||||
}
|
||||
void SetHref(const nsAString& aHref, ErrorResult& aRv)
|
||||
void GetHref(nsString& aValue, nsIPrincipal&)
|
||||
{
|
||||
SetHTMLAttr(nsGkAtoms::href, aHref, aRv);
|
||||
GetHref(aValue);
|
||||
}
|
||||
void SetHref(const nsAString& aHref, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
|
||||
{
|
||||
SetHTMLAttr(nsGkAtoms::href, aHref, aTriggeringPrincipal, aRv);
|
||||
}
|
||||
void GetCrossOrigin(nsAString& aResult)
|
||||
{
|
||||
@@ -204,7 +208,7 @@ protected:
|
||||
virtual ~HTMLLinkElement();
|
||||
|
||||
// nsStyleLinkElement
|
||||
virtual already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline) override;
|
||||
virtual already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal) override;
|
||||
virtual void GetStyleSheetInfo(nsAString& aTitle,
|
||||
nsAString& aType,
|
||||
nsAString& aMedia,
|
||||
|
||||
@@ -186,9 +186,10 @@ HTMLStyleElement::SetInnerHTML(const nsAString& aInnerHTML,
|
||||
}
|
||||
|
||||
already_AddRefed<nsIURI>
|
||||
HTMLStyleElement::GetStyleSheetURL(bool* aIsInline)
|
||||
HTMLStyleElement::GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal)
|
||||
{
|
||||
*aIsInline = true;
|
||||
*aTriggeringPrincipal = nullptr;
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
||||
@@ -88,7 +88,7 @@ public:
|
||||
protected:
|
||||
virtual ~HTMLStyleElement();
|
||||
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline) override;
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal) override;
|
||||
void GetStyleSheetInfo(nsAString& aTitle,
|
||||
nsAString& aType,
|
||||
nsAString& aMedia,
|
||||
|
||||
@@ -257,9 +257,10 @@ SVGStyleElement::SetTitle(const nsAString& aTitle, ErrorResult& rv)
|
||||
// nsStyleLinkElement methods
|
||||
|
||||
already_AddRefed<nsIURI>
|
||||
SVGStyleElement::GetStyleSheetURL(bool* aIsInline)
|
||||
SVGStyleElement::GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal)
|
||||
{
|
||||
*aIsInline = true;
|
||||
*aTriggeringPrincipal = nullptr;
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
||||
@@ -87,7 +87,7 @@ protected:
|
||||
}
|
||||
|
||||
// nsStyleLinkElement overrides
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline) override;
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal) override;
|
||||
|
||||
void GetStyleSheetInfo(nsAString& aTitle,
|
||||
nsAString& aType,
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
interface HTMLLinkElement : HTMLElement {
|
||||
[Pure]
|
||||
attribute boolean disabled;
|
||||
[CEReactions, SetterThrows, Pure]
|
||||
[CEReactions, NeedsSubjectPrincipal, SetterThrows, Pure]
|
||||
attribute DOMString href;
|
||||
[CEReactions, SetterThrows, Pure]
|
||||
attribute DOMString? crossOrigin;
|
||||
|
||||
@@ -100,9 +100,10 @@ XMLStylesheetProcessingInstruction::OverrideBaseURI(nsIURI* aNewBaseURI)
|
||||
}
|
||||
|
||||
already_AddRefed<nsIURI>
|
||||
XMLStylesheetProcessingInstruction::GetStyleSheetURL(bool* aIsInline)
|
||||
XMLStylesheetProcessingInstruction::GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal)
|
||||
{
|
||||
*aIsInline = false;
|
||||
*aTriggeringPrincipal = nullptr;
|
||||
|
||||
nsAutoString href;
|
||||
if (!GetAttrValue(nsGkAtoms::href, href)) {
|
||||
|
||||
@@ -77,7 +77,7 @@ protected:
|
||||
|
||||
nsCOMPtr<nsIURI> mOverriddenBaseURI;
|
||||
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline) override;
|
||||
already_AddRefed<nsIURI> GetStyleSheetURL(bool* aIsInline, nsIPrincipal** aTriggeringPrincipal) override;
|
||||
void GetStyleSheetInfo(nsAString& aTitle,
|
||||
nsAString& aType,
|
||||
nsAString& aMedia,
|
||||
|
||||
@@ -1922,6 +1922,7 @@ Loader::LoadInlineStyle(nsIContent* aElement,
|
||||
nsresult
|
||||
Loader::LoadStyleLink(nsIContent* aElement,
|
||||
nsIURI* aURL,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
const nsAString& aTitle,
|
||||
const nsAString& aMedia,
|
||||
bool aHasAlternateRel,
|
||||
@@ -1947,8 +1948,11 @@ Loader::LoadStyleLink(nsIContent* aElement,
|
||||
|
||||
NS_ENSURE_TRUE(mDocument, NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
nsIPrincipal* principal =
|
||||
aElement ? aElement->NodePrincipal() : mDocument->NodePrincipal();
|
||||
nsIPrincipal* principal = aTriggeringPrincipal;
|
||||
if (!principal) {
|
||||
principal = aElement ? aElement->NodePrincipal()
|
||||
: mDocument->NodePrincipal();
|
||||
}
|
||||
|
||||
nsISupports* context = aElement;
|
||||
if (!context) {
|
||||
|
||||
@@ -256,6 +256,9 @@ public:
|
||||
*
|
||||
* @param aElement the element linking to the the stylesheet. May be null.
|
||||
* @param aURL the URL of the sheet.
|
||||
* @param aTriggeringPrincipal the triggering principal for the load. May be
|
||||
* null, in which case the NodePrincipal() of the element (or
|
||||
* document if aElement is null) should be used.
|
||||
* @param aTitle the title of the sheet.
|
||||
* @param aMedia the media string for the sheet.
|
||||
* @param aHasAlternateRel whether the rel for this link included
|
||||
@@ -269,6 +272,7 @@ public:
|
||||
*/
|
||||
nsresult LoadStyleLink(nsIContent* aElement,
|
||||
nsIURI* aURL,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
const nsAString& aTitle,
|
||||
const nsAString& aMedia,
|
||||
bool aHasAlternateRel,
|
||||
|
||||
@@ -44,7 +44,7 @@ const BASE_URL = `http://localhost:${server.identity.primaryPort}`;
|
||||
* A set of tags which are automatically closed in HTML documents, and
|
||||
* do not require an explicit closing tag.
|
||||
*/
|
||||
const AUTOCLOSE_TAGS = new Set(["img", "input", "source"]);
|
||||
const AUTOCLOSE_TAGS = new Set(["img", "input", "link", "source"]);
|
||||
|
||||
/**
|
||||
* An object describing the elements to create for a specific test.
|
||||
@@ -459,6 +459,11 @@ add_task(async function test_contentscript_triggeringPrincipals() {
|
||||
element: ["input", {type: "image"}],
|
||||
src: "input.png",
|
||||
},
|
||||
{
|
||||
element: ["link", {rel: "stylesheet"}],
|
||||
src: "link.css",
|
||||
srcAttr: "href",
|
||||
},
|
||||
{
|
||||
element: ["picture", {}, ["source", {}], ["img", {}]],
|
||||
src: "picture.png",
|
||||
|
||||
Reference in New Issue
Block a user