mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 02:14:43 +00:00
Bug 1072150 - Use the opt-out for various sloppy consumers. r=bz
This commit is contained in:
parent
f306d3926d
commit
110f12e7ca
@ -1508,7 +1508,7 @@ nsDocShell::LoadURI(nsIURI* aURI,
|
||||
}
|
||||
if (!owner && !inheritOwner && !ownerIsExplicit) {
|
||||
// See if there's system or chrome JS code running
|
||||
inheritOwner = nsContentUtils::IsCallerChrome();
|
||||
inheritOwner = nsContentUtils::LegacyIsCallerChromeOrNativeCode();
|
||||
}
|
||||
|
||||
if (aLoadFlags & LOAD_FLAGS_DISALLOW_INHERIT_OWNER) {
|
||||
|
@ -276,7 +276,7 @@ ScrollbarsProp::GetVisible(ErrorResult& aRv)
|
||||
void
|
||||
ScrollbarsProp::SetVisible(bool aVisible, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -705,7 +705,7 @@ BlobImplBase::GetMozFullPath(nsAString& aFileName, ErrorResult& aRv) const
|
||||
aFileName.Truncate();
|
||||
|
||||
if (NS_IsMainThread()) {
|
||||
if (nsContentUtils::IsCallerChrome()) {
|
||||
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
GetMozFullPathInternal(aFileName, aRv);
|
||||
}
|
||||
|
||||
|
@ -410,7 +410,7 @@ nsDOMWindowUtils::SetDisplayPortMarginsForElement(float aLeftMargin,
|
||||
nsIDOMElement* aElement,
|
||||
uint32_t aPriority)
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
nsIPresShell* presShell = GetPresShell();
|
||||
if (!presShell) {
|
||||
@ -481,7 +481,7 @@ nsDOMWindowUtils::SetDisplayPortBaseForElement(int32_t aX,
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::SetResolution(float aResolution)
|
||||
{
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
@ -547,7 +547,7 @@ nsDOMWindowUtils::GetIsResolutionSet(bool* aIsResolutionSet) {
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::SetIsFirstPaint(bool aIsFirstPaint)
|
||||
{
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
@ -562,7 +562,7 @@ nsDOMWindowUtils::SetIsFirstPaint(bool aIsFirstPaint)
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::GetIsFirstPaint(bool *aIsFirstPaint)
|
||||
{
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
@ -577,7 +577,7 @@ nsDOMWindowUtils::GetIsFirstPaint(bool *aIsFirstPaint)
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::GetPresShellId(uint32_t *aPresShellId)
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
nsIPresShell* presShell = GetPresShell();
|
||||
if (presShell) {
|
||||
@ -1036,7 +1036,7 @@ nsDOMWindowUtils::SendNativeKeyEvent(int32_t aNativeKeyboardLayout,
|
||||
const nsAString& aUnmodifiedCharacters,
|
||||
nsIObserver* aObserver)
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
// get the widget to send the event to
|
||||
nsCOMPtr<nsIWidget> widget = GetWidget();
|
||||
@ -1722,7 +1722,9 @@ nsDOMWindowUtils::GetBoundsWithoutFlushing(nsIDOMElement *aElement,
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::GetRootBounds(nsIDOMClientRect** aResult)
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
// Unfortunately, this is called from AndroidBridge.cpp and the logic here is
|
||||
// nontrivial, so we need to allow non-scripted callers.
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
nsIDocument* doc = GetDocument();
|
||||
NS_ENSURE_STATE(doc);
|
||||
@ -3150,7 +3152,7 @@ nsDOMWindowUtils::GetPlugins(JSContext* cx, JS::MutableHandle<JS::Value> aPlugin
|
||||
NS_IMETHODIMP
|
||||
nsDOMWindowUtils::SetScrollPositionClampingScrollPortSize(float aWidth, float aHeight)
|
||||
{
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
MOZ_RELEASE_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
if (!(aWidth >= 0.0 && aHeight >= 0.0)) {
|
||||
return NS_ERROR_ILLEGAL_VALUE;
|
||||
|
@ -1221,7 +1221,7 @@ nsFocusManager::SetFocusInner(nsIContent* aNewContent, int32_t aFlags,
|
||||
}
|
||||
bool subsumes = false;
|
||||
focusedPrincipal->Subsumes(newPrincipal, &subsumes);
|
||||
if (!subsumes && !nsContentUtils::IsCallerChrome()) {
|
||||
if (!subsumes && !nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
NS_WARNING("Not allowed to focus the new window!");
|
||||
return;
|
||||
}
|
||||
@ -1275,7 +1275,7 @@ nsFocusManager::SetFocusInner(nsIContent* aNewContent, int32_t aFlags,
|
||||
// * isn't called by trusted event (i.e., called by untrusted event or by js)
|
||||
// * the focus is moved to another document's element
|
||||
// we need to check the permission.
|
||||
if (sendFocusEvent && mFocusedContent &&
|
||||
if (sendFocusEvent && mFocusedContent && !nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
mFocusedContent->OwnerDoc() != aNewContent->OwnerDoc()) {
|
||||
// If the caller cannot access the current focused node, the caller should
|
||||
// not be able to steal focus from it. E.g., When the current focused node
|
||||
@ -1453,8 +1453,10 @@ nsFocusManager::AdjustWindowFocus(nsPIDOMWindow* aWindow,
|
||||
// When aCheckPermission is true, we should check whether the caller can
|
||||
// access the window or not. If it cannot access, we should stop the
|
||||
// adjusting.
|
||||
if (aCheckPermission && !nsContentUtils::CanCallerAccess(window))
|
||||
if (aCheckPermission && !nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(window)) {
|
||||
break;
|
||||
}
|
||||
|
||||
window->SetFocusedNode(frameElement);
|
||||
}
|
||||
|
@ -2085,7 +2085,7 @@ nsGlobalWindow::SetInitialPrincipalToSubject()
|
||||
MOZ_ASSERT(IsOuterWindow());
|
||||
|
||||
// First, grab the subject principal.
|
||||
nsCOMPtr<nsIPrincipal> newWindowPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
nsCOMPtr<nsIPrincipal> newWindowPrincipal = nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller();
|
||||
|
||||
// Now, if we're about to use the system principal or an nsExpandedPrincipal,
|
||||
// make sure we're not using it for a content docshell.
|
||||
@ -4549,7 +4549,7 @@ nsGlobalWindow::GetOpenerWindowOuter()
|
||||
nsGlobalWindow* win = static_cast<nsGlobalWindow*>(opener.get());
|
||||
|
||||
// First, check if we were called from a privileged chrome script
|
||||
if (nsContentUtils::IsCallerChrome()) {
|
||||
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
// Catch the case where we're chrome but the opener is not...
|
||||
if (GetPrincipal() == nsContentUtils::GetSystemPrincipal() &&
|
||||
win->GetPrincipal() != nsContentUtils::GetSystemPrincipal()) {
|
||||
@ -6513,7 +6513,7 @@ nsGlobalWindow::SetFullscreenInternal(FullscreenReason aReason,
|
||||
|
||||
// Only chrome can change our fullscreen mode. Otherwise, the state
|
||||
// can only be changed for DOM fullscreen.
|
||||
if (aReason == eForFullscreenMode && !nsContentUtils::IsCallerChrome()) {
|
||||
if (aReason == eForFullscreenMode && !nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -8249,7 +8249,7 @@ bool
|
||||
nsGlobalWindow::CanSetProperty(const char *aPrefName)
|
||||
{
|
||||
// Chrome can set any property.
|
||||
if (nsContentUtils::IsCallerChrome()) {
|
||||
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -10054,6 +10054,7 @@ nsGlobalWindow::AddSystemEventListener(const nsAString& aType,
|
||||
"explicit by making optional_argc non-zero.");
|
||||
|
||||
if (IsOuterWindow() && mInnerWindow &&
|
||||
!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(mInnerWindow)) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
@ -12181,7 +12182,7 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName,
|
||||
nsIPrincipal::APP_STATUS_INSTALLED;
|
||||
}
|
||||
|
||||
const bool checkForPopup = !nsContentUtils::IsCallerChrome() &&
|
||||
const bool checkForPopup = !nsContentUtils::LegacyIsCallerChromeOrNativeCode() &&
|
||||
!isApp && !aDialog && !WindowExists(aName, !aCalledNoScript);
|
||||
|
||||
// Note: it's very important that this be an nsXPIDLCString, since we want
|
||||
|
@ -1156,7 +1156,7 @@ nsObjectLoadingContent::OnStopRequest(nsIRequest *aRequest,
|
||||
}
|
||||
}
|
||||
|
||||
NS_ENSURE_TRUE(nsContentUtils::IsCallerChrome(), NS_ERROR_NOT_AVAILABLE);
|
||||
NS_ENSURE_TRUE(nsContentUtils::LegacyIsCallerChromeOrNativeCode(), NS_ERROR_NOT_AVAILABLE);
|
||||
|
||||
if (aRequest != mChannel) {
|
||||
return NS_BINDING_ABORTED;
|
||||
@ -1183,7 +1183,7 @@ nsObjectLoadingContent::OnDataAvailable(nsIRequest *aRequest,
|
||||
nsIInputStream *aInputStream,
|
||||
uint64_t aOffset, uint32_t aCount)
|
||||
{
|
||||
NS_ENSURE_TRUE(nsContentUtils::IsCallerChrome(), NS_ERROR_NOT_AVAILABLE);
|
||||
NS_ENSURE_TRUE(nsContentUtils::LegacyIsCallerChromeOrNativeCode(), NS_ERROR_NOT_AVAILABLE);
|
||||
|
||||
if (aRequest != mChannel) {
|
||||
return NS_BINDING_ABORTED;
|
||||
@ -2825,7 +2825,8 @@ nsObjectLoadingContent::ScriptRequestPluginInstance(JSContext* aCx,
|
||||
// so the ensuing expression is short-circuited.
|
||||
MOZ_ASSERT_IF(nsContentUtils::GetCurrentJSContext(),
|
||||
aCx == nsContentUtils::GetCurrentJSContext());
|
||||
bool callerIsContentJS = (!nsContentUtils::IsCallerChrome() &&
|
||||
bool callerIsContentJS = (nsContentUtils::GetCurrentJSContext() &&
|
||||
!nsContentUtils::IsCallerChrome() &&
|
||||
!nsContentUtils::IsCallerContentXBL() &&
|
||||
JS_IsRunning(aCx));
|
||||
|
||||
|
@ -1138,7 +1138,8 @@ nsRange::IsValidBoundary(nsINode* aNode)
|
||||
void
|
||||
nsRange::SetStart(nsINode& aNode, uint32_t aOffset, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1190,7 +1191,8 @@ nsRange::SetStart(nsINode* aParent, int32_t aOffset)
|
||||
void
|
||||
nsRange::SetStartBefore(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1215,7 +1217,8 @@ nsRange::SetStartBefore(nsIDOMNode* aSibling)
|
||||
void
|
||||
nsRange::SetStartAfter(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1240,7 +1243,8 @@ nsRange::SetStartAfter(nsIDOMNode* aSibling)
|
||||
void
|
||||
nsRange::SetEnd(nsINode& aNode, uint32_t aOffset, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1291,7 +1295,8 @@ nsRange::SetEnd(nsINode* aParent, int32_t aOffset)
|
||||
void
|
||||
nsRange::SetEndBefore(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1316,7 +1321,8 @@ nsRange::SetEndBefore(nsIDOMNode* aSibling)
|
||||
void
|
||||
nsRange::SetEndAfter(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1367,7 +1373,8 @@ nsRange::SelectNode(nsIDOMNode* aN)
|
||||
void
|
||||
nsRange::SelectNode(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -1403,7 +1410,8 @@ nsRange::SelectNodeContents(nsIDOMNode* aN)
|
||||
void
|
||||
nsRange::SelectNodeContents(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -2451,7 +2459,8 @@ nsRange::InsertNode(nsIDOMNode* aNode)
|
||||
void
|
||||
nsRange::InsertNode(nsINode& aNode, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNode)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
@ -2548,7 +2557,8 @@ nsRange::SurroundContents(nsIDOMNode* aNewParent)
|
||||
void
|
||||
nsRange::SurroundContents(nsINode& aNewParent, ErrorResult& aRv)
|
||||
{
|
||||
if (!nsContentUtils::CanCallerAccess(&aNewParent)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aNewParent)) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return;
|
||||
}
|
||||
|
@ -67,7 +67,7 @@ CallbackObject::CallSetup::CallSetup(CallbackObject* aCallback,
|
||||
// do anything that might perturb the relevant state.
|
||||
nsIPrincipal* webIDLCallerPrincipal = nullptr;
|
||||
if (aIsJSImplementedWebIDL) {
|
||||
webIDLCallerPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
webIDLCallerPrincipal = nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller();
|
||||
}
|
||||
|
||||
// We need to produce a useful JSContext here. Ideally one that the callback
|
||||
|
@ -904,7 +904,7 @@ Event::GetScreenCoords(nsPresContext* aPresContext,
|
||||
WidgetEvent* aEvent,
|
||||
LayoutDeviceIntPoint aPoint)
|
||||
{
|
||||
if (!nsContentUtils::IsCallerChrome() &&
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode() &&
|
||||
nsContentUtils::ResistFingerprinting()) {
|
||||
// When resisting fingerprinting, return client coordinates instead.
|
||||
CSSIntPoint clientCoords = GetClientCoords(aPresContext, aEvent, aPoint, CSSIntPoint(0, 0));
|
||||
|
@ -36,6 +36,7 @@
|
||||
#include "mozilla/dom/TouchEvent.h"
|
||||
#include "mozilla/dom/TransitionEvent.h"
|
||||
#include "mozilla/dom/WheelEvent.h"
|
||||
#include "mozilla/dom/WorkerPrivate.h"
|
||||
#include "mozilla/dom/XULCommandEvent.h"
|
||||
#include "mozilla/EventDispatcher.h"
|
||||
#include "mozilla/EventListenerManager.h"
|
||||
@ -709,7 +710,9 @@ EventDispatcher::DispatchDOMEvent(nsISupports* aTarget,
|
||||
|
||||
if (!dontResetTrusted) {
|
||||
//Check security state to determine if dispatcher is trusted
|
||||
aDOMEvent->SetTrusted(nsContentUtils::ThreadsafeIsCallerChrome());
|
||||
bool trusted = NS_IsMainThread() ? nsContentUtils::LegacyIsCallerChromeOrNativeCode()
|
||||
: mozilla::dom::workers::IsCurrentThreadRunningChromeWorker();
|
||||
aDOMEvent->SetTrusted(trusted);
|
||||
}
|
||||
|
||||
return EventDispatcher::Dispatch(aTarget, aPresContext, innerEvent,
|
||||
|
@ -93,6 +93,7 @@ Touch::GetTarget() const
|
||||
{
|
||||
nsCOMPtr<nsIContent> content = do_QueryInterface(mTarget);
|
||||
if (content && content->ChromeOnlyAccess() &&
|
||||
!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanAccessNativeAnon()) {
|
||||
return content->FindFirstNonChromeOnlyAccessContent();
|
||||
}
|
||||
|
@ -1419,7 +1419,7 @@ Geolocation::GetCurrentPosition(GeoPositionCallback& callback,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!mOwner && !nsContentUtils::IsCallerChrome()) {
|
||||
if (!mOwner && !nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
@ -1442,7 +1442,7 @@ Geolocation::GetCurrentPositionReady(nsGeolocationRequest* aRequest)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
@ -1513,7 +1513,7 @@ Geolocation::WatchPosition(GeoPositionCallback& aCallback,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!mOwner && !nsContentUtils::IsCallerChrome()) {
|
||||
if (!mOwner && !nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
@ -1535,7 +1535,7 @@ Geolocation::WatchPositionReady(nsGeolocationRequest* aRequest)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
@ -1417,7 +1417,7 @@ HTMLInputElement::GetValueInternal(nsAString& aValue) const
|
||||
return NS_OK;
|
||||
|
||||
case VALUE_MODE_FILENAME:
|
||||
if (nsContentUtils::IsCallerChrome()) {
|
||||
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
#ifndef MOZ_CHILD_PERMISSIONS
|
||||
aValue.Assign(mFirstFilePath);
|
||||
#else
|
||||
@ -2994,7 +2994,7 @@ HTMLInputElement::DispatchSelectEvent(nsPresContext* aPresContext)
|
||||
|
||||
// If already handling select event, don't dispatch a second.
|
||||
if (!mHandlingSelectEvent) {
|
||||
WidgetEvent event(nsContentUtils::IsCallerChrome(), eFormSelect);
|
||||
WidgetEvent event(nsContentUtils::LegacyIsCallerChromeOrNativeCode(), eFormSelect);
|
||||
|
||||
mHandlingSelectEvent = true;
|
||||
EventDispatcher::Dispatch(static_cast<nsIContent*>(this),
|
||||
|
@ -1472,7 +1472,7 @@ HTMLMediaElement::Seek(double aTime,
|
||||
|
||||
// Detect if user has interacted with element by seeking so that
|
||||
// play will not be blocked when initiated by a script.
|
||||
if (EventStateManager::IsHandlingUserInput() || nsContentUtils::IsCallerChrome()) {
|
||||
if (EventStateManager::IsHandlingUserInput() || nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
mHasUserInteraction = true;
|
||||
}
|
||||
|
||||
|
@ -2792,7 +2792,8 @@ nsGenericHTMLElement::GetEditor(nsIEditor** aEditor)
|
||||
{
|
||||
*aEditor = nullptr;
|
||||
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
// See also HTMLTextFieldAccessible::GetEditor.
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
|
@ -2929,7 +2929,7 @@ nsHTMLDocument::SetDesignMode(const nsAString & aDesignMode)
|
||||
void
|
||||
nsHTMLDocument::SetDesignMode(const nsAString& aDesignMode, ErrorResult& rv)
|
||||
{
|
||||
if (!nsContentUtils::SubjectPrincipal()->Subsumes(NodePrincipal())) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() && !nsContentUtils::SubjectPrincipal()->Subsumes(NodePrincipal())) {
|
||||
rv.Throw(NS_ERROR_DOM_PROP_ACCESS_DENIED);
|
||||
return;
|
||||
}
|
||||
|
@ -3575,7 +3575,7 @@ QuotaManager::GetInfoForChrome(nsACString* aGroup,
|
||||
bool* aIsApp)
|
||||
{
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
MOZ_ASSERT(nsContentUtils::IsCallerChrome());
|
||||
MOZ_ASSERT(nsContentUtils::LegacyIsCallerChromeOrNativeCode());
|
||||
|
||||
if (aGroup) {
|
||||
ChromeOrigin(*aGroup);
|
||||
|
@ -101,7 +101,9 @@ XPathExpression::EvaluateWithContext(nsINode& aContextNode,
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
if (!nsContentUtils::CanCallerAccess(&aContextNode)) {
|
||||
if (!nsContentUtils::LegacyIsCallerNativeCode() &&
|
||||
!nsContentUtils::CanCallerAccess(&aContextNode))
|
||||
{
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
|
@ -598,7 +598,8 @@ txMozillaXSLTProcessor::ImportStylesheet(nsIDOMNode *aStyle)
|
||||
NS_ENSURE_TRUE(!mStylesheetDocument && !mStylesheet,
|
||||
NS_ERROR_NOT_IMPLEMENTED);
|
||||
|
||||
if (!nsContentUtils::CanCallerAccess(aStyle)) {
|
||||
nsCOMPtr<nsINode> node = do_QueryInterface(aStyle);
|
||||
if (!node || !nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller()->Subsumes(node->NodePrincipal())) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
@ -713,8 +714,13 @@ txMozillaXSLTProcessor::TransformToFragment(nsIDOMNode *aSource,
|
||||
NS_ENSURE_ARG_POINTER(aResult);
|
||||
NS_ENSURE_SUCCESS(mCompileResult, mCompileResult);
|
||||
|
||||
if (!nsContentUtils::CanCallerAccess(aSource) ||
|
||||
!nsContentUtils::CanCallerAccess(aOutput)) {
|
||||
nsCOMPtr<nsINode> node = do_QueryInterface(aSource);
|
||||
nsCOMPtr<nsIDocument> doc = do_QueryInterface(aOutput);
|
||||
NS_ENSURE_TRUE(node && doc, NS_ERROR_DOM_SECURITY_ERR);
|
||||
nsIPrincipal* subject = nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller();
|
||||
if (!subject->Subsumes(node->NodePrincipal()) ||
|
||||
!subject->Subsumes(doc->NodePrincipal()))
|
||||
{
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
|
@ -135,7 +135,8 @@ nsXULCommandDispatcher::GetFocusedElement(nsIDOMElement** aElement)
|
||||
CallQueryInterface(focusedContent, aElement);
|
||||
|
||||
// Make sure the caller can access the focused element.
|
||||
if (!nsContentUtils::CanCallerAccess(*aElement)) {
|
||||
nsCOMPtr<nsINode> node = do_QueryInterface(*aElement);
|
||||
if (!node || !nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller()->Subsumes(node->NodePrincipal())) {
|
||||
// XXX This might want to return null, but we use that return value
|
||||
// to mean "there is no focused element," so to be clear, throw an
|
||||
// exception.
|
||||
|
@ -237,7 +237,7 @@ nsCommandManager::GetControllerForCommand(const char* aCommand,
|
||||
|
||||
// check if we're in content or chrome
|
||||
// if we're not chrome we must have a target window or we bail
|
||||
if (!nsContentUtils::IsCallerChrome()) {
|
||||
if (!nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
|
||||
if (!aTargetWindow) {
|
||||
return rv;
|
||||
}
|
||||
|
@ -593,7 +593,7 @@ nsWindowWatcher::OpenWindowInternal(nsIDOMWindow* aParent,
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
|
||||
bool isCallerChrome =
|
||||
nsContentUtils::IsCallerChrome() && !openedFromRemoteTab;
|
||||
nsContentUtils::LegacyIsCallerChromeOrNativeCode() && !openedFromRemoteTab;
|
||||
|
||||
dom::AutoJSAPI jsapiChromeGuard;
|
||||
|
||||
@ -1514,7 +1514,7 @@ nsWindowWatcher::CalculateChromeFlags(nsIDOMWindow* aParent,
|
||||
|
||||
bool openedFromContentScript =
|
||||
aOpenedFromRemoteTab ? aCalledFromJS
|
||||
: !nsContentUtils::IsCallerChrome();
|
||||
: !nsContentUtils::LegacyIsCallerChromeOrNativeCode();
|
||||
|
||||
/* This function has become complicated since browser windows and
|
||||
dialogs diverged. The difference is, browser windows assume all
|
||||
|
@ -148,7 +148,7 @@ bool
|
||||
nsTreeContentView::CanTrustTreeSelection(nsISupports* aValue)
|
||||
{
|
||||
// Untrusted content is only allowed to specify known-good views
|
||||
if (nsContentUtils::IsCallerChrome())
|
||||
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode())
|
||||
return true;
|
||||
nsCOMPtr<nsINativeTreeSelection> nativeTreeSel = do_QueryInterface(aValue);
|
||||
return nativeTreeSel && NS_SUCCEEDED(nativeTreeSel->EnsureNative());
|
||||
|
@ -213,7 +213,7 @@ nsresult nsWebShellWindow::Initialize(nsIXULWindow* aParent,
|
||||
// and then blowing it away with a second one, which can cause problems for the
|
||||
// top-level chrome window case. See bug 789773.
|
||||
if (nsContentUtils::IsInitialized()) { // Sometimes this happens really early See bug 793370.
|
||||
rv = mDocShell->CreateAboutBlankContentViewer(nsContentUtils::SubjectPrincipal());
|
||||
rv = mDocShell->CreateAboutBlankContentViewer(nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIDocument> doc = mDocShell ? mDocShell->GetDocument() : nullptr;
|
||||
NS_ENSURE_TRUE(!!doc, NS_ERROR_FAILURE);
|
||||
|
Loading…
Reference in New Issue
Block a user