corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 558184 - Part 10 - Only allow JS plugins for Flash and PDF. r=bz.

Browse Source
This commit is contained in:
Peter Van der Beken
2017-05-02 11:56:23 +02:00
parent 7002bb3bff
commit fe2b8da9d6
1 changed files with 61 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
dom/plugins/base/nsPluginHost.cpp
View File

@@ -121,6 +121,7 @@ using mozilla::plugins::FakePluginTag;
using mozilla::plugins::PluginTag; using mozilla::plugins::PluginTag;
using mozilla::plugins::PluginAsyncSurrogate; using mozilla::plugins::PluginAsyncSurrogate;
using mozilla::dom::FakePluginTagInit; using mozilla::dom::FakePluginTagInit;
using mozilla::dom::FakePluginMimeEntry;
// Null out a strong ref to a linked list iteratively to avoid // Null out a strong ref to a linked list iteratively to avoid
// exhausting the stack (bug 486349). // exhausting the stack (bug 486349).
@@ -1471,6 +1472,31 @@ nsPluginHost::EnumerateSiteData(const nsACString& domain,
return NS_OK; return NS_OK;
} }
static bool
MimeTypeIsAllowedForFakePlugin(const nsString& aMimeType)
{
static const char* const allowedFakePlugins[] = {
// Flash
"application/x-shockwave-flash",
// PDF
"application/pdf",
"application/vnd.adobe.pdf",
"application/vnd.adobe.pdfxml",
"application/vnd.adobe.x-mars",
"application/vnd.adobe.xdp+xml",
"application/vnd.adobe.xfdf",
"application/vnd.adobe.xfd+xml",
"application/vnd.fdf",
};
for (const auto allowed : allowedFakePlugins) {
if (aMimeType.EqualsASCII(allowed)) {
return true;
}
}
return false;
}
NS_IMETHODIMP NS_IMETHODIMP
nsPluginHost::RegisterFakePlugin(JS::Handle<JS::Value> aInitDictionary, nsPluginHost::RegisterFakePlugin(JS::Handle<JS::Value> aInitDictionary,
JSContext* aCx, JSContext* aCx,
@@ -1481,6 +1507,12 @@ nsPluginHost::RegisterFakePlugin(JS::Handle<JS::Value> aInitDictionary,
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
} }
for (const FakePluginMimeEntry& mimeEntry : initDictionary.mMimeEntries) {
if (!MimeTypeIsAllowedForFakePlugin(mimeEntry.mType)) {
return NS_ERROR_FAILURE;
}
}
RefPtr<nsFakePluginTag> newTag; RefPtr<nsFakePluginTag> newTag;
nsresult rv = nsFakePluginTag::Create(initDictionary, getter_AddRefs(newTag)); nsresult rv = nsFakePluginTag::Create(initDictionary, getter_AddRefs(newTag));
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
@@ -1492,8 +1524,16 @@ nsPluginHost::RegisterFakePlugin(JS::Handle<JS::Value> aInitDictionary,
} }
mFakePlugins.AppendElement(newTag); mFakePlugins.AppendElement(newTag);
// FIXME-jsplugins do we need to register with the category manager here? For
// shumway, for now, probably not. nsAdoptingCString disableFullPage =
Preferences::GetCString(kPrefDisableFullPage);
for (uint32_t i = 0; i < newTag->MimeTypes().Length(); i++) {
if (!IsTypeInList(newTag->MimeTypes()[i], disableFullPage)) {
RegisterWithCategoryManager(newTag->MimeTypes()[i],
ePluginRegister);
}
}
newTag.forget(aResult); newTag.forget(aResult);
return NS_OK; return NS_OK;
} }
@@ -2335,15 +2375,24 @@ nsPluginHost::FindPluginsInContent(bool aCreatePluginList, bool* aPluginsChanged
} }
} }
mFakePlugins.AppendElement(new nsFakePluginTag(tag.id(), RefPtr<nsFakePluginTag> pluginTag =
mozilla::ipc::DeserializeURI(tag.handlerURI()), *mFakePlugins.AppendElement(new nsFakePluginTag(tag.id(),
tag.name().get(), mozilla::ipc::DeserializeURI(tag.handlerURI()),
tag.description().get(), tag.name().get(),
tag.mimeTypes(), tag.description().get(),
tag.mimeDescriptions(), tag.mimeTypes(),
tag.extensions(), tag.mimeDescriptions(),
tag.niceName(), tag.extensions(),
tag.sandboxScript())); tag.niceName(),
tag.sandboxScript()));
nsAdoptingCString disableFullPage =
Preferences::GetCString(kPrefDisableFullPage);
for (uint32_t i = 0; i < pluginTag->MimeTypes().Length(); i++) {
if (!IsTypeInList(pluginTag->MimeTypes()[i], disableFullPage)) {
RegisterWithCategoryManager(pluginTag->MimeTypes()[i],
ePluginRegister);
}
}
} }
} }
@@ -3871,6 +3920,7 @@ nsPluginHost::CanUsePluginForMIMEType(const nsACString& aMIMEType)
// //
// XXX: Remove test/java cases when bug 1351885 lands. // XXX: Remove test/java cases when bug 1351885 lands.
if (nsPluginHost::GetSpecialType(aMIMEType) == nsPluginHost::eSpecialType_Flash || if (nsPluginHost::GetSpecialType(aMIMEType) == nsPluginHost::eSpecialType_Flash ||
MimeTypeIsAllowedForFakePlugin(NS_ConvertUTF8toUTF16(aMIMEType)) ||
aMIMEType.LowerCaseEqualsLiteral("application/x-test") || aMIMEType.LowerCaseEqualsLiteral("application/x-test") ||
aMIMEType.LowerCaseEqualsLiteral("application/x-second-test") || aMIMEType.LowerCaseEqualsLiteral("application/x-second-test") ||
aMIMEType.LowerCaseEqualsLiteral("application/x-third-test") || aMIMEType.LowerCaseEqualsLiteral("application/x-third-test") ||