Backed out 6 changesets (bug 1740263) for causing bp-hybrid bustages on nsScriptSecurityManager. CLOSED TREE
Backed out changeset 2f5ec6ad0f81 (bug 1740263) Backed out changeset a1e7766cdb94 (bug 1740263) Backed out changeset 3978ccb95455 (bug 1740263) Backed out changeset e34ba774b3f8 (bug 1740263) Backed out changeset 8365b10be28e (bug 1740263) Backed out changeset d923462c9cd0 (bug 1740263)
This commit is contained in:
Iulian Moraru
@@ -448,7 +448,7 @@ NS_IMPL_ISUPPORTS(nsScriptSecurityManager, nsIScriptSecurityManager)
|
||||
///////////////// Security Checks /////////////////
|
||||
|
||||
bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
||||
JSContext* cx, JS::RuntimeCode aKind, JS::Handle<JSString*> aCode) {
|
||||
JSContext* cx, JS::HandleString aCode) {
|
||||
MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext());
|
||||
|
||||
// Get the window, if any, corresponding to the current global
|
||||
@@ -484,37 +484,30 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
||||
|
||||
bool evalOK = true;
|
||||
bool reportViolation = false;
|
||||
nsAutoJSString scriptSample;
|
||||
if (aKind == JS::RuntimeCode::JS) {
|
||||
nsresult rv = csp->GetAllowsEval(&reportViolation, &evalOK);
|
||||
nsresult rv = csp->GetAllowsEval(&reportViolation, &evalOK);
|
||||
|
||||
// A little convoluted. We want the scriptSample for a) reporting a
|
||||
// violation or b) passing it to AssertEvalNotUsingSystemPrincipal or c)
|
||||
// we're in the parent process. So do the work to get it if either of those
|
||||
// cases is true.
|
||||
if (reportViolation || subjectPrincipal->IsSystemPrincipal() ||
|
||||
XRE_IsE10sParentProcess()) {
|
||||
if (NS_WARN_IF(!scriptSample.init(cx, aCode))) {
|
||||
JS_ClearPendingException(cx);
|
||||
return false;
|
||||
}
|
||||
// A little convoluted. We want the scriptSample for a) reporting a violation
|
||||
// or b) passing it to AssertEvalNotUsingSystemPrincipal or c) we're in the
|
||||
// parent process. So do the work to get it if either of those cases is true.
|
||||
nsAutoJSString scriptSample;
|
||||
if (reportViolation || subjectPrincipal->IsSystemPrincipal() ||
|
||||
XRE_IsE10sParentProcess()) {
|
||||
if (NS_WARN_IF(!scriptSample.init(cx, aCode))) {
|
||||
JS_ClearPendingException(cx);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(ANDROID)
|
||||
if (!nsContentSecurityUtils::IsEvalAllowed(
|
||||
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
|
||||
return false;
|
||||
}
|
||||
if (!nsContentSecurityUtils::IsEvalAllowed(
|
||||
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_WARNING("CSP: failed to get allowsEval");
|
||||
return true; // fail open to not break sites.
|
||||
}
|
||||
} else {
|
||||
if (NS_FAILED(csp->GetAllowsWasmEval(&reportViolation, &evalOK))) {
|
||||
return false;
|
||||
}
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_WARNING("CSP: failed to get allowsEval");
|
||||
return true; // fail open to not break sites.
|
||||
}
|
||||
|
||||
if (reportViolation) {
|
||||
@@ -529,12 +522,7 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
||||
} else {
|
||||
MOZ_ASSERT(!JS_IsExceptionPending(cx));
|
||||
}
|
||||
|
||||
uint16_t violationType =
|
||||
aKind == JS::RuntimeCode::JS
|
||||
? nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL
|
||||
: nsIContentSecurityPolicy::VIOLATION_TYPE_WASM_EVAL;
|
||||
csp->LogViolationDetails(violationType,
|
||||
csp->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
|
||||
nullptr, // triggering element
|
||||
cspEventListener, fileName, scriptSample, lineNum,
|
||||
columnNum, u""_ns, u""_ns);
|
||||
|
||||
Reference in New Issue
Block a user