corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1683464 - Reduce nsContentPolicyType usage. r=ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D100181
This commit is contained in:
Masatoshi Kimura
2021-01-07 15:18:52 +00:00
parent 204b199fde
commit d7e7aeef59
10 changed files with 62 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dom/events/EventListenerManager.cpp
View File

@@ -829,7 +829,7 @@ nsresult EventListenerManager::SetEventHandler(nsAtom* aName,
if (csp) { if (csp) {
bool allowsInlineScript = true; bool allowsInlineScript = true;
rv = csp->GetAllowsInline( rv = csp->GetAllowsInline(
nsIContentPolicy::TYPE_SCRIPT, nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
u""_ns, // aNonce u""_ns, // aNonce
true, // aParserCreated (true because attribute event handler) true, // aParserCreated (true because attribute event handler)
aElement, aElement,

2
dom/interfaces/security/nsIContentSecurityPolicy.idl
View File

@@ -137,7 +137,7 @@ interface nsIContentSecurityPolicy : nsISerializable
* Whether or not the effects of the inline style should be allowed * Whether or not the effects of the inline style should be allowed
* (block the rules if false). * (block the rules if false).
*/ */
boolean getAllowsInline(in nsContentPolicyType aContentPolicyType, boolean getAllowsInline(in nsIContentSecurityPolicy_CSPDirective aDirective,
in AString aNonce, in AString aNonce,
in boolean aParserCreated, in boolean aParserCreated,
in Element aTriggeringElement, in Element aTriggeringElement,

3
dom/jsurl/nsJSProtocolHandler.cpp
View File

@@ -137,7 +137,8 @@ static bool AllowedByCSP(nsIContentSecurityPolicy* aCSP,
} }
bool allowsInlineScript = true; bool allowsInlineScript = true;
nsresult rv = aCSP->GetAllowsInline(nsIContentPolicy::TYPE_SCRIPT, nsresult rv =
aCSP->GetAllowsInline(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
u""_ns, // aNonce u""_ns, // aNonce
true, // aParserCreated true, // aParserCreated
nullptr, // aElement, nullptr, // aElement,

8
dom/script/ScriptLoader.cpp
View File

@@ -1643,10 +1643,10 @@ static bool CSPAllowsInlineScript(nsIScriptElement* aElement,
aElement->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER; aElement->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER;
bool allowInlineScript = false; bool allowInlineScript = false;
rv = csp->GetAllowsInline(nsIContentPolicy::TYPE_SCRIPT, nonce, parserCreated, rv = csp->GetAllowsInline(
scriptContent, nullptr /* nsICSPEventListener */, nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE, nonce, parserCreated,
u""_ns, aElement->GetScriptLineNumber(), scriptContent, nullptr /* nsICSPEventListener */, u""_ns,
aElement->GetScriptColumnNumber(), aElement->GetScriptLineNumber(), aElement->GetScriptColumnNumber(),
&allowInlineScript); &allowInlineScript);
return NS_SUCCEEDED(rv) && allowInlineScript; return NS_SUCCEEDED(rv) && allowInlineScript;
} }

52
dom/security/nsCSPContext.cpp
View File

@@ -444,8 +444,8 @@ nsCSPContext::GetAllowsEval(bool* outShouldReportViolation,
*outAllowsEval = true; *outAllowsEval = true;
for (uint32_t i = 0; i < mPolicies.Length(); i++) { for (uint32_t i = 0; i < mPolicies.Length(); i++) {
if (!mPolicies[i]->allows(nsIContentPolicy::TYPE_SCRIPT, CSP_UNSAFE_EVAL, if (!mPolicies[i]->allows(SCRIPT_SRC_DIRECTIVE, CSP_UNSAFE_EVAL, u""_ns,
u""_ns, false)) { false)) {
// policy is violated: must report the violation and allow the inline // policy is violated: must report the violation and allow the inline
// script if the policy is report-only. // script if the policy is report-only.
*outShouldReportViolation = true; *outShouldReportViolation = true;
@@ -459,7 +459,7 @@ nsCSPContext::GetAllowsEval(bool* outShouldReportViolation,
// Helper function to report inline violations // Helper function to report inline violations
void nsCSPContext::reportInlineViolation( void nsCSPContext::reportInlineViolation(
nsContentPolicyType aContentType, Element* aTriggeringElement, CSPDirective aDirective, Element* aTriggeringElement,
nsICSPEventListener* aCSPEventListener, const nsAString& aNonce, nsICSPEventListener* aCSPEventListener, const nsAString& aNonce,
const nsAString& aContent, const nsAString& aViolatedDirective, const nsAString& aContent, const nsAString& aViolatedDirective,
uint32_t aViolatedPolicyIndex, // TODO, use report only flag for that uint32_t aViolatedPolicyIndex, // TODO, use report only flag for that
@@ -469,13 +469,13 @@ void nsCSPContext::reportInlineViolation(
// let's report the hash error; no need to report the unsafe-inline error // let's report the hash error; no need to report the unsafe-inline error
// anymore. // anymore.
if (!aNonce.IsEmpty()) { if (!aNonce.IsEmpty()) {
observerSubject = (aContentType == nsIContentPolicy::TYPE_SCRIPT) observerSubject = (aDirective == SCRIPT_SRC_DIRECTIVE)
? NS_LITERAL_STRING_FROM_CSTRING( ? NS_LITERAL_STRING_FROM_CSTRING(
SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC) SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC)
: NS_LITERAL_STRING_FROM_CSTRING( : NS_LITERAL_STRING_FROM_CSTRING(
STYLE_NONCE_VIOLATION_OBSERVER_TOPIC); STYLE_NONCE_VIOLATION_OBSERVER_TOPIC);
} else { } else {
observerSubject = (aContentType == nsIContentPolicy::TYPE_SCRIPT) observerSubject = (aDirective == SCRIPT_SRC_DIRECTIVE)
? NS_LITERAL_STRING_FROM_CSTRING( ? NS_LITERAL_STRING_FROM_CSTRING(
SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC) SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC)
: NS_LITERAL_STRING_FROM_CSTRING( : NS_LITERAL_STRING_FROM_CSTRING(
@@ -513,22 +513,15 @@ void nsCSPContext::reportInlineViolation(
} }
NS_IMETHODIMP NS_IMETHODIMP
nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType, nsCSPContext::GetAllowsInline(CSPDirective aDirective, const nsAString& aNonce,
const nsAString& aNonce, bool aParserCreated, bool aParserCreated, Element* aTriggeringElement,
Element* aTriggeringElement,
nsICSPEventListener* aCSPEventListener, nsICSPEventListener* aCSPEventListener,
const nsAString& aContentOfPseudoScript, const nsAString& aContentOfPseudoScript,
uint32_t aLineNumber, uint32_t aColumnNumber, uint32_t aLineNumber, uint32_t aColumnNumber,
bool* outAllowsInline) { bool* outAllowsInline) {
*outAllowsInline = true; *outAllowsInline = true;
MOZ_ASSERT( if (aDirective != SCRIPT_SRC_DIRECTIVE && aDirective != STYLE_SRC_DIRECTIVE) {
aContentType ==
nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
if (aContentType != nsIContentPolicy::TYPE_SCRIPT &&
aContentType != nsIContentPolicy::TYPE_STYLESHEET) {
MOZ_ASSERT(false, "can only allow inline for script or style"); MOZ_ASSERT(false, "can only allow inline for script or style");
return NS_OK; return NS_OK;
} }
@@ -539,9 +532,9 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
// always iterate all policies, otherwise we might not send out all reports // always iterate all policies, otherwise we might not send out all reports
for (uint32_t i = 0; i < mPolicies.Length(); i++) { for (uint32_t i = 0; i < mPolicies.Length(); i++) {
bool allowed = bool allowed =
mPolicies[i]->allows(aContentType, CSP_UNSAFE_INLINE, u""_ns, mPolicies[i]->allows(aDirective, CSP_UNSAFE_INLINE, u""_ns,
aParserCreated) || aParserCreated) ||
mPolicies[i]->allows(aContentType, CSP_NONCE, aNonce, aParserCreated); mPolicies[i]->allows(aDirective, CSP_NONCE, aNonce, aParserCreated);
// If the inlined script or style is allowed by either unsafe-inline or the // If the inlined script or style is allowed by either unsafe-inline or the
// nonce, go ahead and shortcut this loop so we can avoid allocating // nonce, go ahead and shortcut this loop so we can avoid allocating
@@ -565,7 +558,7 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
content = aContentOfPseudoScript; content = aContentOfPseudoScript;
} }
allowed = allowed =
mPolicies[i]->allows(aContentType, CSP_HASH, content, aParserCreated); mPolicies[i]->allows(aDirective, CSP_HASH, content, aParserCreated);
if (!allowed) { if (!allowed) {
// policy is violoated: deny the load unless policy is report only and // policy is violoated: deny the load unless policy is report only and
@@ -576,8 +569,8 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
nsAutoString violatedDirective; nsAutoString violatedDirective;
bool reportSample = false; bool reportSample = false;
mPolicies[i]->getDirectiveStringAndReportSampleForContentType( mPolicies[i]->getDirectiveStringAndReportSampleForContentType(
aContentType, violatedDirective, &reportSample); aDirective, violatedDirective, &reportSample);
reportInlineViolation(aContentType, aTriggeringElement, aCSPEventListener, reportInlineViolation(aDirective, aTriggeringElement, aCSPEventListener,
aNonce, reportSample ? content : EmptyString(), aNonce, reportSample ? content : EmptyString(),
violatedDirective, i, aLineNumber, aColumnNumber); violatedDirective, i, aLineNumber, aColumnNumber);
} }
@@ -700,17 +693,18 @@ nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
* GetAllowsInline() and do not call this macro, hence we can pass 'false' * GetAllowsInline() and do not call this macro, hence we can pass 'false'
* as the argument _aParserCreated_ to allows(). * as the argument _aParserCreated_ to allows().
*/ */
#define CASE_CHECK_AND_REPORT(violationType, contentPolicyType, nonceOrHash, \ #define CASE_CHECK_AND_REPORT(violationType, directive, nonceOrHash, keyword, \
keyword, observerTopic) \ observerTopic) \
case nsIContentSecurityPolicy::VIOLATION_TYPE_##violationType: \ case nsIContentSecurityPolicy::VIOLATION_TYPE_##violationType: \
PR_BEGIN_MACRO \ PR_BEGIN_MACRO \
if (!mPolicies[p]->allows(nsIContentPolicy::TYPE_##contentPolicyType, \ static_assert(directive##_SRC_DIRECTIVE == SCRIPT_SRC_DIRECTIVE || \
keyword, nonceOrHash, false)) { \ directive##_SRC_DIRECTIVE == STYLE_SRC_DIRECTIVE); \
if (!mPolicies[p]->allows(directive##_SRC_DIRECTIVE, keyword, nonceOrHash, \
false)) { \
nsAutoString violatedDirective; \ nsAutoString violatedDirective; \
bool reportSample = false; \ bool reportSample = false; \
mPolicies[p]->getDirectiveStringAndReportSampleForContentType( \ mPolicies[p]->getDirectiveStringAndReportSampleForContentType( \
nsIContentPolicy::TYPE_##contentPolicyType, violatedDirective, \ directive##_SRC_DIRECTIVE, violatedDirective, &reportSample); \
&reportSample); \
AsyncReportViolation(aTriggeringElement, aCSPEventListener, nullptr, \ AsyncReportViolation(aTriggeringElement, aCSPEventListener, nullptr, \
blockedContentSource, nullptr, violatedDirective, \ blockedContentSource, nullptr, violatedDirective, \
p, NS_LITERAL_STRING_FROM_CSTRING(observerTopic), \ p, NS_LITERAL_STRING_FROM_CSTRING(observerTopic), \
@@ -771,17 +765,17 @@ nsCSPContext::LogViolationDetails(
switch (aViolationType) { switch (aViolationType) {
CASE_CHECK_AND_REPORT(EVAL, SCRIPT, u""_ns, CSP_UNSAFE_EVAL, CASE_CHECK_AND_REPORT(EVAL, SCRIPT, u""_ns, CSP_UNSAFE_EVAL,
EVAL_VIOLATION_OBSERVER_TOPIC); EVAL_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(INLINE_STYLE, STYLESHEET, u""_ns, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(INLINE_STYLE, STYLE, u""_ns, CSP_UNSAFE_INLINE,
INLINE_STYLE_VIOLATION_OBSERVER_TOPIC); INLINE_STYLE_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(INLINE_SCRIPT, SCRIPT, u""_ns, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(INLINE_SCRIPT, SCRIPT, u""_ns, CSP_UNSAFE_INLINE,
INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC); INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(NONCE_SCRIPT, SCRIPT, aNonce, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(NONCE_SCRIPT, SCRIPT, aNonce, CSP_UNSAFE_INLINE,
SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC); SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(NONCE_STYLE, STYLESHEET, aNonce, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(NONCE_STYLE, STYLE, aNonce, CSP_UNSAFE_INLINE,
STYLE_NONCE_VIOLATION_OBSERVER_TOPIC); STYLE_NONCE_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(HASH_SCRIPT, SCRIPT, aContent, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(HASH_SCRIPT, SCRIPT, aContent, CSP_UNSAFE_INLINE,
SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC); SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC);
CASE_CHECK_AND_REPORT(HASH_STYLE, STYLESHEET, aContent, CSP_UNSAFE_INLINE, CASE_CHECK_AND_REPORT(HASH_STYLE, STYLE, aContent, CSP_UNSAFE_INLINE,
STYLE_HASH_VIOLATION_OBSERVER_TOPIC); STYLE_HASH_VIOLATION_OBSERVER_TOPIC);
default: default:

2
dom/security/nsCSPContext.h
View File

@@ -155,7 +155,7 @@ class nsCSPContext : public nsIContentSecurityPolicy {
bool aParserCreated); bool aParserCreated);
// helper to report inline script/style violations // helper to report inline script/style violations
void reportInlineViolation(nsContentPolicyType aContentType, void reportInlineViolation(CSPDirective aDirective,
mozilla::dom::Element* aTriggeringElement, mozilla::dom::Element* aTriggeringElement,
nsICSPEventListener* aCSPEventListener, nsICSPEventListener* aCSPEventListener,
const nsAString& aNonce, const nsAString& aContent, const nsAString& aNonce, const nsAString& aContent,

66
dom/security/nsCSPUtils.cpp
View File

@@ -1207,15 +1207,6 @@ void nsCSPDirective::toDomCSPStruct(mozilla::dom::CSP& outCSP) const {
} }
} }
bool nsCSPDirective::restrictsContentType(
nsContentPolicyType aContentType) const {
// make sure we do not check for the default src before any other sources
if (isDefaultDirective()) {
return false;
}
return mDirective == CSP_ContentTypeToDirective(aContentType);
}
void nsCSPDirective::getReportURIs(nsTArray<nsString>& outReportURIs) const { void nsCSPDirective::getReportURIs(nsTArray<nsString>& outReportURIs) const {
NS_ASSERTION((mDirective == nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE), NS_ASSERTION((mDirective == nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE),
"not a report-uri directive"); "not a report-uri directive");
@@ -1265,19 +1256,6 @@ nsCSPChildSrcDirective::nsCSPChildSrcDirective(CSPDirective aDirective)
nsCSPChildSrcDirective::~nsCSPChildSrcDirective() = default; nsCSPChildSrcDirective::~nsCSPChildSrcDirective() = default;
bool nsCSPChildSrcDirective::restrictsContentType(
nsContentPolicyType aContentType) const {
if (aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
return mRestrictFrames;
}
if (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER) {
return mRestrictWorkers;
}
return false;
}
bool nsCSPChildSrcDirective::equals(CSPDirective aDirective) const { bool nsCSPChildSrcDirective::equals(CSPDirective aDirective) const {
if (aDirective == nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE) { if (aDirective == nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE) {
return mRestrictFrames; return mRestrictFrames;
@@ -1295,16 +1273,6 @@ nsCSPScriptSrcDirective::nsCSPScriptSrcDirective(CSPDirective aDirective)
nsCSPScriptSrcDirective::~nsCSPScriptSrcDirective() = default; nsCSPScriptSrcDirective::~nsCSPScriptSrcDirective() = default;
bool nsCSPScriptSrcDirective::restrictsContentType(
nsContentPolicyType aContentType) const {
if (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER) {
return mRestrictWorkers;
}
return mDirective == CSP_ContentTypeToDirective(aContentType);
}
bool nsCSPScriptSrcDirective::equals(CSPDirective aDirective) const { bool nsCSPScriptSrcDirective::equals(CSPDirective aDirective) const {
if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) { if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) {
return mRestrictWorkers; return mRestrictWorkers;
@@ -1364,12 +1332,6 @@ nsCSPPolicy::~nsCSPPolicy() {
} }
} }
bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri,
bool aSpecific) const {
nsString outp;
return this->permits(aDir, aUri, u""_ns, false, aSpecific, false, outp);
}
bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri, bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri,
const nsAString& aNonce, bool aWasRedirected, const nsAString& aNonce, bool aWasRedirected,
bool aSpecific, bool aParserCreated, bool aSpecific, bool aParserCreated,
@@ -1418,8 +1380,7 @@ bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri,
return true; return true;
} }
bool nsCSPPolicy::allows(nsContentPolicyType aContentType, bool nsCSPPolicy::allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
enum CSPKeyword aKeyword,
const nsAString& aHashOrNonce, const nsAString& aHashOrNonce,
bool aParserCreated) const { bool aParserCreated) const {
CSPUTILSLOG(("nsCSPPolicy::allows, aKeyWord: %s, a HashOrNonce: %s", CSPUTILSLOG(("nsCSPPolicy::allows, aKeyWord: %s, a HashOrNonce: %s",
@@ -1430,15 +1391,16 @@ bool nsCSPPolicy::allows(nsContentPolicyType aContentType,
// Try to find a matching directive // Try to find a matching directive
for (uint32_t i = 0; i < mDirectives.Length(); i++) { for (uint32_t i = 0; i < mDirectives.Length(); i++) {
if (mDirectives[i]->restrictsContentType(aContentType)) { if (mDirectives[i]->isDefaultDirective()) {
defaultDir = mDirectives[i];
continue;
}
if (mDirectives[i]->equals(aDirective)) {
if (mDirectives[i]->allows(aKeyword, aHashOrNonce, aParserCreated)) { if (mDirectives[i]->allows(aKeyword, aHashOrNonce, aParserCreated)) {
return true; return true;
} }
return false; return false;
} }
if (mDirectives[i]->isDefaultDirective()) {
defaultDir = mDirectives[i];
}
} }
// {nonce,hash}-source should not consult default-src: // {nonce,hash}-source should not consult default-src:
@@ -1465,11 +1427,6 @@ bool nsCSPPolicy::allows(nsContentPolicyType aContentType,
return true; return true;
} }
bool nsCSPPolicy::allows(nsContentPolicyType aContentType,
enum CSPKeyword aKeyword) const {
return allows(aContentType, aKeyword, u""_ns, false);
}
void nsCSPPolicy::toString(nsAString& outStr) const { void nsCSPPolicy::toString(nsAString& outStr) const {
StringJoinAppend(outStr, u"; "_ns, mDirectives, StringJoinAppend(outStr, u"; "_ns, mDirectives,
[](nsAString& dest, nsCSPDirective* cspDirective) { [](nsAString& dest, nsCSPDirective* cspDirective) {
@@ -1525,21 +1482,22 @@ bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
* for the ::permits() function family. * for the ::permits() function family.
*/ */
void nsCSPPolicy::getDirectiveStringAndReportSampleForContentType( void nsCSPPolicy::getDirectiveStringAndReportSampleForContentType(
nsContentPolicyType aContentType, nsAString& outDirective, CSPDirective aDirective, nsAString& outDirective,
bool* aReportSample) const { bool* aReportSample) const {
MOZ_ASSERT(aReportSample); MOZ_ASSERT(aReportSample);
*aReportSample = false; *aReportSample = false;
nsCSPDirective* defaultDir = nullptr; nsCSPDirective* defaultDir = nullptr;
for (uint32_t i = 0; i < mDirectives.Length(); i++) { for (uint32_t i = 0; i < mDirectives.Length(); i++) {
if (mDirectives[i]->restrictsContentType(aContentType)) { if (mDirectives[i]->isDefaultDirective()) {
defaultDir = mDirectives[i];
continue;
}
if (mDirectives[i]->equals(aDirective)) {
mDirectives[i]->getDirName(outDirective); mDirectives[i]->getDirName(outDirective);
*aReportSample = mDirectives[i]->hasReportSampleKeyword(); *aReportSample = mDirectives[i]->hasReportSampleKeyword();
return; return;
} }
if (mDirectives[i]->isDefaultDirective()) {
defaultDir = mDirectives[i];
}
} }
// if we haven't found a matching directive yet, // if we haven't found a matching directive yet,
// the contentType must be restricted by the default directive // the contentType must be restricted by the default directive

14
dom/security/nsCSPUtils.h
View File

@@ -454,8 +454,6 @@ class nsCSPDirective {
mSrcs = aSrcs.Clone(); mSrcs = aSrcs.Clone();
} }
virtual bool restrictsContentType(nsContentPolicyType aContentType) const;
inline bool isDefaultDirective() const { inline bool isDefaultDirective() const {
return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE; return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
} }
@@ -492,9 +490,6 @@ class nsCSPChildSrcDirective : public nsCSPDirective {
void setRestrictWorkers() { mRestrictWorkers = true; } void setRestrictWorkers() { mRestrictWorkers = true; }
virtual bool restrictsContentType(
nsContentPolicyType aContentType) const override;
virtual bool equals(CSPDirective aDirective) const override; virtual bool equals(CSPDirective aDirective) const override;
private: private:
@@ -516,9 +511,6 @@ class nsCSPScriptSrcDirective : public nsCSPDirective {
void setRestrictWorkers() { mRestrictWorkers = true; } void setRestrictWorkers() { mRestrictWorkers = true; }
virtual bool restrictsContentType(
nsContentPolicyType aContentType) const override;
virtual bool equals(CSPDirective aDirective) const override; virtual bool equals(CSPDirective aDirective) const override;
private: private:
@@ -622,10 +614,8 @@ class nsCSPPolicy {
bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce, bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce,
bool aWasRedirected, bool aSpecific, bool aParserCreated, bool aWasRedirected, bool aSpecific, bool aParserCreated,
nsAString& outViolatedDirective) const; nsAString& outViolatedDirective) const;
bool permits(CSPDirective aDir, nsIURI* aUri, bool aSpecific) const; bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
bool allows(nsContentPolicyType aContentType, enum CSPKeyword aKeyword,
const nsAString& aHashOrNonce, bool aParserCreated) const; const nsAString& aHashOrNonce, bool aParserCreated) const;
bool allows(nsContentPolicyType aContentType, enum CSPKeyword aKeyword) const;
void toString(nsAString& outStr) const; void toString(nsAString& outStr) const;
void toDomCSPStruct(mozilla::dom::CSP& outCSP) const; void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
@@ -655,7 +645,7 @@ class nsCSPPolicy {
void getReportURIs(nsTArray<nsString>& outReportURIs) const; void getReportURIs(nsTArray<nsString>& outReportURIs) const;
void getDirectiveStringAndReportSampleForContentType( void getDirectiveStringAndReportSampleForContentType(
nsContentPolicyType aContentType, nsAString& outDirective, CSPDirective aDirective, nsAString& outDirective,
bool* aReportSample) const; bool* aReportSample) const;
void getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const; void getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const;

4
dom/security/test/unit/test_csp_reports.js
View File

@@ -120,7 +120,7 @@ function run_test() {
makeTest(0, { "blocked-uri": "inline" }, false, function(csp) { makeTest(0, { "blocked-uri": "inline" }, false, function(csp) {
let inlineOK = true; let inlineOK = true;
inlineOK = csp.getAllowsInline( inlineOK = csp.getAllowsInline(
Ci.nsIContentPolicy.TYPE_SCRIPT, Ci.nsIContentSecurityPolicy.SCRIPT_SRC_DIRECTIVE,
"", // aNonce "", // aNonce
false, // aParserCreated false, // aParserCreated
null, // aTriggeringElement null, // aTriggeringElement
@@ -192,7 +192,7 @@ function run_test() {
makeTest(3, { "blocked-uri": "inline" }, true, function(csp) { makeTest(3, { "blocked-uri": "inline" }, true, function(csp) {
let inlineOK = true; let inlineOK = true;
inlineOK = csp.getAllowsInline( inlineOK = csp.getAllowsInline(
Ci.nsIContentPolicy.TYPE_SCRIPT, Ci.nsIContentSecurityPolicy.SCRIPT_SRC_DIRECTIVE,
"", // aNonce "", // aNonce
false, // aParserCreated false, // aParserCreated
null, // aTriggeringElement null, // aTriggeringElement

6
layout/style/nsStyleUtil.cpp
View File

@@ -317,11 +317,11 @@ bool nsStyleUtil::CSPAllowsInlineStyle(
} }
bool allowInlineStyle = true; bool allowInlineStyle = true;
rv = csp->GetAllowsInline(nsIContentPolicy::TYPE_STYLESHEET, nonce, rv = csp->GetAllowsInline(
nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE, nonce,
false, // aParserCreated only applies to scripts false, // aParserCreated only applies to scripts
aElement, nullptr, // nsICSPEventListener aElement, nullptr, // nsICSPEventListener
aStyleText, aLineNumber, aColumnNumber, aStyleText, aLineNumber, aColumnNumber, &allowInlineStyle);
&allowInlineStyle);
NS_ENSURE_SUCCESS(rv, false); NS_ENSURE_SUCCESS(rv, false);
return allowInlineStyle; return allowInlineStyle;