corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1883860 - nsDocShell::HandleSameDocumentNavigation() cause crash in SetDocumentURI, r=smaug

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D204611
This commit is contained in:
aiunusov
2024-03-22 00:07:27 +00:00
parent d2224486b1
commit 8e05e984ea
7 changed files with 99 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docshell/base/nsDocShell.cpp
View File

@@ -144,6 +144,7 @@
#include "nsIScriptChannel.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsScriptSecurityManager.h"
#include "nsIScrollableFrame.h"
#include "nsIScrollObserver.h"
#include "nsISupportsPrimitives.h"
@@ -8689,24 +8690,18 @@ nsresult nsDocShell::HandleSameDocumentNavigation(
}
}
auto isLoadableViaInternet = [](nsIURI* uri) {
return (uri && (net::SchemeIsHTTP(uri) || net::SchemeIsHTTPS(uri)));
};
if (isLoadableViaInternet(principalURI) &&
isLoadableViaInternet(mCurrentURI) && isLoadableViaInternet(newURI)) {
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
if (!NS_SUCCEEDED(
ssm->CheckSameOriginURI(newURI, principalURI, false, false)) ||
!NS_SUCCEEDED(ssm->CheckSameOriginURI(mCurrentURI, principalURI,
false, false))) {
MOZ_LOG(gSHLog, LogLevel::Debug,
("nsDocShell[%p]: possible violation of the same origin policy "
"during same document navigation",
this));
aSameDocument = false;
return NS_OK;
}
if (nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(principalURI,
newURI) ||
nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(principalURI,
mCurrentURI) ||
nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(mCurrentURI,
newURI)) {
aSameDocument = false;
MOZ_LOG(gSHLog, LogLevel::Debug,
("nsDocShell[%p]: possible violation of the same origin policy "
"during same document navigation",
this));
return NS_OK;
}
}