Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
This commit is contained in:
@@ -290,7 +290,6 @@ nsDocShell::nsDocShell():
|
||||
mObserveErrorPages(PR_TRUE),
|
||||
mAllowAuth(PR_TRUE),
|
||||
mAllowKeywordFixup(PR_FALSE),
|
||||
mStrictFilePolicy(PR_TRUE),
|
||||
mFiredUnloadEvent(PR_FALSE),
|
||||
mEODForCurrentDocument(PR_FALSE),
|
||||
mURIResultedInDocument(PR_FALSE),
|
||||
@@ -3593,10 +3592,6 @@ nsDocShell::Create()
|
||||
}
|
||||
}
|
||||
|
||||
rv = mPrefs->GetBoolPref("security.fileuri.strict_origin_policy", &tmpbool);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
mStrictFilePolicy = tmpbool;
|
||||
|
||||
// Should we use XUL error pages instead of alerts if possible?
|
||||
rv = mPrefs->GetBoolPref("browser.xul.error_pages.enabled", &tmpbool);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
@@ -7357,66 +7352,10 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
||||
// If we don't set the owner explicitly then each file: gets an owner
|
||||
// based on its own codebase later.
|
||||
//
|
||||
if (mStrictFilePolicy && URIIsLocalFile(aURI)) {
|
||||
nsCOMPtr<nsIFileURL> fileURL(do_QueryInterface(aURI));
|
||||
nsCOMPtr<nsIPrincipal> ownerPrincipal(do_QueryInterface(aOwner));
|
||||
nsCOMPtr<nsIURI> ownerURI;
|
||||
if (ownerPrincipal) {
|
||||
ownerPrincipal->GetURI(getter_AddRefs(ownerURI));
|
||||
}
|
||||
|
||||
if (!URIIsLocalFile(ownerURI)) {
|
||||
// If the owner is not also a file: uri then forget it
|
||||
// (don't want resource: principals in a file: doc)
|
||||
//
|
||||
// note: we're not de-nesting jar: uris here, we want to
|
||||
// keep archive content bottled up in its own little island
|
||||
ownerURI = nsnull;
|
||||
}
|
||||
|
||||
//
|
||||
// pull out the internal files
|
||||
//
|
||||
nsCOMPtr<nsIFileURL> ownerFileURL(do_QueryInterface(ownerURI));
|
||||
nsCOMPtr<nsIFile> targetFile;
|
||||
nsCOMPtr<nsIFile> ownerFile;
|
||||
if (ownerFileURL &&
|
||||
NS_SUCCEEDED(fileURL->GetFile(getter_AddRefs(targetFile))) &&
|
||||
NS_SUCCEEDED(ownerFileURL->GetFile(getter_AddRefs(ownerFile)))) {
|
||||
//
|
||||
// Make sure targetFile is not a directory (bug 209234)
|
||||
// and that it exists w/out unescaping (bug 395343)
|
||||
//
|
||||
PRBool targetIsDir;
|
||||
if (targetFile && ownerFile &&
|
||||
NS_SUCCEEDED(targetFile->Normalize()) &&
|
||||
NS_SUCCEEDED(ownerFile->Normalize()) &&
|
||||
NS_SUCCEEDED(targetFile->IsDirectory(&targetIsDir)) &&
|
||||
!targetIsDir) {
|
||||
//
|
||||
// If the file to be loaded is in a subdirectory of the owner
|
||||
// (or same-dir if owner is not a directory) then it will
|
||||
// inherit its owner principal and be scriptable by that owner.
|
||||
//
|
||||
PRBool ownerIsDir;
|
||||
PRBool contained = PR_FALSE;
|
||||
rv = ownerFile->IsDirectory(&ownerIsDir);
|
||||
if (NS_SUCCEEDED(rv) && ownerIsDir) {
|
||||
rv = ownerFile->Contains(targetFile, PR_TRUE, &contained);
|
||||
}
|
||||
else {
|
||||
nsCOMPtr<nsIFile> ownerParent;
|
||||
rv = ownerFile->GetParent(getter_AddRefs(ownerParent));
|
||||
if (NS_SUCCEEDED(rv) && ownerParent) {
|
||||
rv = ownerParent->Contains(targetFile, PR_TRUE, &contained);
|
||||
}
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(rv) && contained) {
|
||||
channel->SetOwner(aOwner);
|
||||
}
|
||||
}
|
||||
}
|
||||
nsCOMPtr<nsIPrincipal> ownerPrincipal(do_QueryInterface(aOwner));
|
||||
if (URIIsLocalFile(aURI) && ownerPrincipal &&
|
||||
NS_SUCCEEDED(ownerPrincipal->CheckMayLoad(aURI, PR_FALSE))) {
|
||||
channel->SetOwner(aOwner);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
|
||||
|
||||
Reference in New Issue
Block a user