Bug 1406278: Part 4 - Use subject principal as triggering principal in <iframe>/<frame> "src" attribute r=bz

MozReview-Commit-ID: AgxZmfRvfTR
2017-10-04 22:59:44 -07:00
parent afc961cdba
commit c2386ba786
11 changed files with 98 additions and 28 deletions
--- a/dom/html/nsGenericHTMLFrameElement.cpp
+++ b/dom/html/nsGenericHTMLFrameElement.cpp
@@ -53,7 +53,8 @@ NS_IMPL_ISUPPORTS_CYCLE_COLLECTION_INHERITED(nsGenericHTMLFrameElement,
                                             nsGenericHTMLElement,
                                             nsIFrameLoaderOwner,
                                             nsIDOMMozBrowserFrame,
-                                             nsIMozBrowserFrame)
+                                             nsIMozBrowserFrame,
+                                             nsGenericHTMLFrameElement)

 NS_IMPL_BOOL_ATTR(nsGenericHTMLFrameElement, Mozbrowser, mozbrowser)

@@ -332,14 +333,14 @@ PrincipalAllowsBrowserFrame(nsIPrincipal* aPrincipal)
 nsGenericHTMLFrameElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
                                        const nsAttrValue* aValue,
                                        const nsAttrValue* aOldValue,
-                                        nsIPrincipal* aSubjectPrincipal,
+                                        nsIPrincipal* aMaybeScriptedPrincipal,
                                        bool aNotify)
 {
  if (aValue) {
    nsAttrValueOrString value(aValue);
-    AfterMaybeChangeAttr(aNameSpaceID, aName, &value, aNotify);
+    AfterMaybeChangeAttr(aNameSpaceID, aName, &value, aMaybeScriptedPrincipal, aNotify);
  } else {
-    AfterMaybeChangeAttr(aNameSpaceID, aName, nullptr, aNotify);
+    AfterMaybeChangeAttr(aNameSpaceID, aName, nullptr, aMaybeScriptedPrincipal, aNotify);
  }

  if (aNameSpaceID == kNameSpaceID_None) {
@@ -372,7 +373,7 @@ nsGenericHTMLFrameElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
  }

  return nsGenericHTMLElement::AfterSetAttr(aNameSpaceID, aName, aValue,
-                                            aOldValue, aSubjectPrincipal, aNotify);
+                                            aOldValue, aMaybeScriptedPrincipal, aNotify);
 }

 nsresult
@@ -381,7 +382,7 @@ nsGenericHTMLFrameElement::OnAttrSetButNotChanged(int32_t aNamespaceID,
                                                  const nsAttrValueOrString& aValue,
                                                  bool aNotify)
 {
-  AfterMaybeChangeAttr(aNamespaceID, aName, &aValue, aNotify);
+  AfterMaybeChangeAttr(aNamespaceID, aName, &aValue, nullptr, aNotify);

  return nsGenericHTMLElement::OnAttrSetButNotChanged(aNamespaceID, aName,
                                                      aValue, aNotify);
@@ -391,10 +392,13 @@ void
 nsGenericHTMLFrameElement::AfterMaybeChangeAttr(int32_t aNamespaceID,
                                                nsAtom* aName,
                                                const nsAttrValueOrString* aValue,
+                                                nsIPrincipal* aMaybeScriptedPrincipal,
                                                bool aNotify)
 {
  if (aNamespaceID == kNameSpaceID_None) {
    if (aName == nsGkAtoms::src) {
+      mSrcTriggeringPrincipal = nsContentUtils::GetAttrTriggeringPrincipal(
+          this, aValue ? aValue->String() : EmptyString(), aMaybeScriptedPrincipal);
      if (aValue && (!IsHTMLElement(nsGkAtoms::iframe) ||
          !HasAttr(kNameSpaceID_None, nsGkAtoms::srcdoc))) {
        // Don't propagate error here. The attribute was successfully set,