mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 05:41:12 +00:00
Use the principal doing the load to decide on the URI to pass to content policies. This will help do the right thing for data:/javascript:/about:blank, as well as allow us to skip content policies altogether if the caller is system. Bug 388597, r+sr=sicking
This commit is contained in:
parent
52166cc918
commit
16e6040261
@ -39,6 +39,9 @@
|
||||
/*
|
||||
* Utility routines for checking content load/process policy settings,
|
||||
* and routines helpful for content policy implementors.
|
||||
*
|
||||
* XXXbz it would be nice if some of this stuff could be out-of-lined in
|
||||
* nsContentUtils. That would work for almost all the callers...
|
||||
*/
|
||||
|
||||
#ifndef __nsContentPolicyUtils_h__
|
||||
@ -50,6 +53,8 @@
|
||||
#include "nsIContentPolicy.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsIContent.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPrincipal.h"
|
||||
|
||||
//XXXtw sadly, this makes consumers of nsContentPolicyUtils depend on widget
|
||||
#include "nsIDocument.h"
|
||||
@ -163,21 +168,57 @@ NS_CP_ContentTypeName(PRUint32 contentType)
|
||||
PR_END_MACRO
|
||||
|
||||
/**
|
||||
* Alias for calling ShouldLoad on the content policy service.
|
||||
* Parameters are the same as nsIContentPolicy::shouldLoad, except for
|
||||
* the last parameter, which can be used to pass in a pointer to the
|
||||
* service if the caller already has one.
|
||||
* Check whether we can short-circuit this check and bail out. If not, get the
|
||||
* origin URI to use.
|
||||
*
|
||||
* Note: requestOrigin is scoped outside the PR_BEGIN_MACRO/PR_END_MACRO on
|
||||
* purpose */
|
||||
#define CHECK_PRINCIPAL \
|
||||
nsCOMPtr<nsIURI> requestOrigin; \
|
||||
PR_BEGIN_MACRO \
|
||||
if (originPrincipal) { \
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan = aSecMan; \
|
||||
if (!secMan) { \
|
||||
secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); \
|
||||
} \
|
||||
if (secMan) { \
|
||||
PRBool isSystem; \
|
||||
nsresult rv = secMan->IsSystemPrincipal(originPrincipal, \
|
||||
&isSystem); \
|
||||
NS_ENSURE_SUCCESS(rv, rv); \
|
||||
if (isSystem) { \
|
||||
*decision = nsIContentPolicy::ACCEPT; \
|
||||
return NS_OK; \
|
||||
} \
|
||||
} \
|
||||
nsresult rv = originPrincipal->GetURI(getter_AddRefs(requestOrigin)); \
|
||||
NS_ENSURE_SUCCESS(rv, rv); \
|
||||
} else { \
|
||||
requestOrigin = originURI; \
|
||||
} \
|
||||
PR_END_MACRO
|
||||
|
||||
/**
|
||||
* Alias for calling ShouldLoad on the content policy service. Parameters are
|
||||
* the same as nsIContentPolicy::shouldLoad, except for the originPrincipal
|
||||
* parameter, which should be non-null if possible, and the last two
|
||||
* parameters, which can be used to pass in pointer to some useful services if
|
||||
* the caller already has them. |originURI| is only used if |originPrincipal|
|
||||
* is null.
|
||||
*/
|
||||
inline nsresult
|
||||
NS_CheckContentLoadPolicy(PRUint32 contentType,
|
||||
nsIURI *contentLocation,
|
||||
nsIURI *requestOrigin,
|
||||
nsIURI *originURI,
|
||||
nsIPrincipal *originPrincipal,
|
||||
nsISupports *context,
|
||||
const nsACString &mimeType,
|
||||
nsISupports *extra,
|
||||
PRInt16 *decision,
|
||||
nsIContentPolicy *policyService = nsnull)
|
||||
nsIContentPolicy *policyService = nsnull,
|
||||
nsIScriptSecurityManager* aSecMan = nsnull)
|
||||
{
|
||||
CHECK_PRINCIPAL;
|
||||
if (policyService) {
|
||||
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldLoad, policyService);
|
||||
}
|
||||
@ -185,19 +226,26 @@ NS_CheckContentLoadPolicy(PRUint32 contentType,
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias for calling ShouldProcess on the content policy service.
|
||||
* Parameters are the same as nsIContentPolicy::shouldProcess.
|
||||
* Alias for calling ShouldProcess on the content policy service. Parameters
|
||||
* are the same as nsIContentPolicy::shouldLoad, except for the originPrincipal
|
||||
* parameter, which should be non-null if possible, and the last two
|
||||
* parameters, which can be used to pass in pointer to some useful services if
|
||||
* the caller already has them. |originURI| is only used if |originPrincipal|
|
||||
* is null.
|
||||
*/
|
||||
inline nsresult
|
||||
NS_CheckContentProcessPolicy(PRUint32 contentType,
|
||||
nsIURI *contentLocation,
|
||||
nsIURI *requestOrigin,
|
||||
nsIURI *originURI,
|
||||
nsIPrincipal *originPrincipal,
|
||||
nsISupports *context,
|
||||
const nsACString &mimeType,
|
||||
nsISupports *extra,
|
||||
PRInt16 *decision,
|
||||
nsIContentPolicy *policyService = nsnull)
|
||||
nsIContentPolicy *policyService = nsnull,
|
||||
nsIScriptSecurityManager* aSecMan = nsnull)
|
||||
{
|
||||
CHECK_PRINCIPAL;
|
||||
if (policyService) {
|
||||
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldProcess, policyService);
|
||||
}
|
||||
|
@ -2116,20 +2116,18 @@ nsContentUtils::CanLoadImage(nsIURI* aURI, nsISupports* aContext,
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> loadingURI;
|
||||
rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI));
|
||||
NS_ENSURE_SUCCESS(rv, PR_FALSE);
|
||||
|
||||
PRInt16 decision = nsIContentPolicy::ACCEPT;
|
||||
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_IMAGE,
|
||||
aURI,
|
||||
loadingURI,
|
||||
nsnull,
|
||||
aLoadingPrincipal,
|
||||
aContext,
|
||||
EmptyCString(), //mime guess
|
||||
nsnull, //extra
|
||||
&decision,
|
||||
GetContentPolicy());
|
||||
GetContentPolicy(),
|
||||
sSecurityManager);
|
||||
|
||||
if (aImageBlockingStatus) {
|
||||
*aImageBlockingStatus =
|
||||
@ -3611,13 +3609,11 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad,
|
||||
const nsACString& aMimeGuess,
|
||||
nsISupports* aExtra)
|
||||
{
|
||||
NS_PRECONDITION(aLoadingPrincipal, "Must have a loading principal here");
|
||||
|
||||
// XXXbz do we want to fast-path skin stylesheets loading XBL here somehow?
|
||||
nsCOMPtr<nsIURI> loadingURI;
|
||||
nsresult rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// CheckLoadURIWithPrincipal
|
||||
rv = sSecurityManager->
|
||||
nsresult rv = sSecurityManager->
|
||||
CheckLoadURIWithPrincipal(aLoadingPrincipal, aURIToLoad, aCheckLoadFlags);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
@ -3625,12 +3621,14 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad,
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(aContentPolicyType,
|
||||
aURIToLoad,
|
||||
loadingURI,
|
||||
nsnull,
|
||||
aLoadingPrincipal,
|
||||
aContext,
|
||||
aMimeGuess,
|
||||
aExtra,
|
||||
&shouldLoad,
|
||||
GetContentPolicy());
|
||||
GetContentPolicy(),
|
||||
sSecurityManager);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (NS_CP_REJECTED(shouldLoad)) {
|
||||
return NS_ERROR_CONTENT_BLOCKED;
|
||||
@ -3642,6 +3640,10 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad,
|
||||
SchemeIs(aURIToLoad, "chrome"))) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> loadingURI;
|
||||
rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad);
|
||||
}
|
||||
|
||||
|
@ -891,12 +891,14 @@ nsObjectLoadingContent::LoadObject(nsIURI* aURI,
|
||||
rv =
|
||||
NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT,
|
||||
aURI,
|
||||
doc->GetDocumentURI(),
|
||||
nsnull,
|
||||
doc->NodePrincipal(),
|
||||
static_cast<nsIImageLoadingContent*>(this),
|
||||
aTypeHint,
|
||||
nsnull, //extra
|
||||
&shouldLoad,
|
||||
nsContentUtils::GetContentPolicy());
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
|
||||
// Must call UnloadContent first, as it overwrites
|
||||
// mSuppressed/mUserDisabled. It also takes care of setting the type to
|
||||
|
@ -425,15 +425,16 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
|
||||
|
||||
// After the security manager, the content-policy stuff gets a veto
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
nsIURI *docURI = mDocument->GetDocumentURI();
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
|
||||
scriptURI,
|
||||
docURI,
|
||||
nsnull,
|
||||
mDocument->NodePrincipal(),
|
||||
aElement,
|
||||
NS_LossyConvertUTF16toASCII(type),
|
||||
nsnull, //extra
|
||||
&shouldLoad,
|
||||
nsContentUtils::GetContentPolicy());
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
|
||||
if (NS_FAILED(rv) || shouldLoad != nsIContentPolicy::REJECT_TYPE) {
|
||||
return NS_ERROR_CONTENT_BLOCKED;
|
||||
|
@ -1264,11 +1264,14 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_XMLHTTPREQUEST,
|
||||
uri,
|
||||
(doc ? doc->GetDocumentURI() : nsnull),
|
||||
nsnull,
|
||||
(doc ? doc->NodePrincipal() : nsnull),
|
||||
doc,
|
||||
EmptyCString(), //mime guess
|
||||
nsnull, //extra
|
||||
&shouldLoad);
|
||||
&shouldLoad,
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
if (NS_CP_REJECTED(shouldLoad)) {
|
||||
// Disallowed by content policy
|
||||
|
@ -185,16 +185,24 @@ ImageListener::OnStartRequest(nsIRequest* request, nsISupports *ctxt)
|
||||
|
||||
nsCAutoString mimeType;
|
||||
channel->GetContentType(mimeType);
|
||||
|
||||
|
||||
nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
|
||||
nsCOMPtr<nsIPrincipal> channelPrincipal;
|
||||
if (secMan) {
|
||||
secMan->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal));
|
||||
}
|
||||
|
||||
PRInt16 decision = nsIContentPolicy::ACCEPT;
|
||||
nsresult rv = NS_CheckContentProcessPolicy(nsIContentPolicy::TYPE_IMAGE,
|
||||
channelURI,
|
||||
nsnull,
|
||||
channelPrincipal,
|
||||
domWindow->GetFrameElementInternal(),
|
||||
mimeType,
|
||||
nsnull,
|
||||
&decision,
|
||||
nsContentUtils::GetContentPolicy());
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
secMan);
|
||||
|
||||
if (NS_FAILED(rv) || NS_CP_REJECTED(decision)) {
|
||||
request->Cancel(NS_ERROR_CONTENT_BLOCKED);
|
||||
|
@ -110,6 +110,7 @@ nsXBLResourceLoader::LoadResources(PRBool* aResult)
|
||||
|
||||
nsICSSLoader* cssLoader = doc->CSSLoader();
|
||||
nsIURI *docURL = doc->GetDocumentURI();
|
||||
nsIPrincipal* docPrincipal = doc->NodePrincipal();
|
||||
|
||||
nsCOMPtr<nsIURI> url;
|
||||
|
||||
@ -122,7 +123,7 @@ nsXBLResourceLoader::LoadResources(PRBool* aResult)
|
||||
continue;
|
||||
|
||||
if (curr->mType == nsGkAtoms::image) {
|
||||
if (!nsContentUtils::CanLoadImage(url, doc, doc, doc->NodePrincipal())) {
|
||||
if (!nsContentUtils::CanLoadImage(url, doc, doc, docPrincipal)) {
|
||||
// We're not permitted to load this image, move on...
|
||||
continue;
|
||||
}
|
||||
@ -131,7 +132,7 @@ nsXBLResourceLoader::LoadResources(PRBool* aResult)
|
||||
// Passing NULL for pretty much everything -- cause we don't care!
|
||||
// XXX: initialDocumentURI is NULL!
|
||||
nsCOMPtr<imgIRequest> req;
|
||||
nsContentUtils::LoadImage(url, doc, doc->NodePrincipal(), docURL, nsnull,
|
||||
nsContentUtils::LoadImage(url, doc, docPrincipal, docURL, nsnull,
|
||||
nsIRequest::LOAD_BACKGROUND,
|
||||
getter_AddRefs(req));
|
||||
}
|
||||
@ -155,7 +156,7 @@ nsXBLResourceLoader::LoadResources(PRBool* aResult)
|
||||
}
|
||||
else
|
||||
{
|
||||
rv = cssLoader->LoadSheet(url, docURL, doc->NodePrincipal(), this);
|
||||
rv = cssLoader->LoadSheet(url, docPrincipal, this);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
++mPendingSheets;
|
||||
}
|
||||
|
@ -763,12 +763,14 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
|
||||
PRInt16 decision = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET,
|
||||
url,
|
||||
mDocument->GetDocumentURI(),
|
||||
nsnull,
|
||||
mDocument->NodePrincipal(),
|
||||
aElement,
|
||||
type,
|
||||
nsnull,
|
||||
&decision,
|
||||
nsContentUtils::GetContentPolicy());
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
@ -448,9 +448,11 @@ CheckLoadURI(nsIURI *aUri, nsIURI *aReferrerUri,
|
||||
// Then do a content policy check.
|
||||
PRInt16 decision = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET,
|
||||
aUri, aReferrerUri, aContext,
|
||||
aUri, nsnull, aReferrerPrincipal, aContext,
|
||||
NS_LITERAL_CSTRING("application/xml"), nsnull,
|
||||
&decision);
|
||||
&decision,
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_CP_REJECTED(decision) ? NS_ERROR_XSLT_LOAD_BLOCKED_ERROR : NS_OK;
|
||||
@ -473,9 +475,9 @@ protected:
|
||||
nsAutoRefCnt mRefCnt;
|
||||
|
||||
private:
|
||||
nsCOMPtr<nsIPrincipal> mCallerPrincipal;
|
||||
nsRefPtr<txMozillaXSLTProcessor> mProcessor;
|
||||
nsCOMPtr<nsILoadGroup> mLoadGroup;
|
||||
nsCOMPtr<nsIPrincipal> mCallerPrincipal;
|
||||
|
||||
protected:
|
||||
// This exists solely to suppress a warning from nsDerivedSafe
|
||||
|
@ -3700,7 +3700,7 @@ nsXULDocument::AddPrototypeSheets()
|
||||
nsCOMPtr<nsIURI> uri = sheets[i];
|
||||
|
||||
nsCOMPtr<nsICSSStyleSheet> incompleteSheet;
|
||||
rv = CSSLoader()->LoadSheet(uri, mCurrentPrototype->GetURI(),
|
||||
rv = CSSLoader()->LoadSheet(uri,
|
||||
mCurrentPrototype->DocumentPrincipal(),
|
||||
this, getter_AddRefs(incompleteSheet));
|
||||
|
||||
|
@ -6380,9 +6380,11 @@ nsDocShell::InternalLoad(nsIURI * aURI,
|
||||
if (!context) {
|
||||
context = mScriptGlobal;
|
||||
}
|
||||
// XXXbz would be nice to know the loading principal here... but we don't
|
||||
rv = NS_CheckContentLoadPolicy(contentType,
|
||||
aURI,
|
||||
aReferrer,
|
||||
nsnull,
|
||||
context,
|
||||
EmptyCString(), //mime guess
|
||||
nsnull, //extra
|
||||
|
@ -220,14 +220,10 @@ CheckPingURI(nsIURI* uri, nsIContent* content)
|
||||
|
||||
// Check with contentpolicy
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
nsIURI* docURI = nsnull;
|
||||
nsIDocument* doc = content->GetOwnerDoc();
|
||||
if (doc) {
|
||||
docURI = doc->GetDocumentURI();
|
||||
}
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_PING,
|
||||
uri,
|
||||
docURI,
|
||||
nsnull,
|
||||
content->NodePrincipal(),
|
||||
content,
|
||||
EmptyCString(), // mime hint
|
||||
nsnull, //extra
|
||||
|
@ -3552,7 +3552,7 @@ nsHTMLEditor::ReplaceStyleSheet(const nsAString& aURL)
|
||||
rv = NS_NewURI(getter_AddRefs(uaURI), aURL);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = cssLoader->LoadSheet(uaURI, nsnull, nsnull, this);
|
||||
rv = cssLoader->LoadSheet(uaURI, nsnull, this);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_OK;
|
||||
|
@ -69,6 +69,8 @@ REQUIRES = xpcom \
|
||||
locale \
|
||||
embed_base \
|
||||
view \
|
||||
caps \
|
||||
xpconnect \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_PHOENIX
|
||||
|
@ -60,6 +60,9 @@ REQUIRES = xpcom \
|
||||
layout \
|
||||
pref \
|
||||
docshell \
|
||||
caps \
|
||||
xpconnect \
|
||||
js \
|
||||
$(NULL)
|
||||
|
||||
CPPSRCS = \
|
||||
|
@ -920,7 +920,6 @@ CSSLoaderImpl::IsAlternate(const nsAString& aTitle, PRBool aHasAlternateRel)
|
||||
* CheckLoadAllowed will return success if the load is allowed,
|
||||
* failure otherwise.
|
||||
*
|
||||
* @param aSourceURI the uri of the document or parent sheet loading the sheet
|
||||
* @param aSourcePrincipal the principal of the node or document or parent
|
||||
* sheet loading the sheet
|
||||
* @param aTargetURI the uri of the sheet to be loaded
|
||||
@ -928,8 +927,7 @@ CSSLoaderImpl::IsAlternate(const nsAString& aTitle, PRBool aHasAlternateRel)
|
||||
* owning the stylesheet (possibly indirectly, for child sheets)
|
||||
*/
|
||||
nsresult
|
||||
CSSLoaderImpl::CheckLoadAllowed(nsIURI* aSourceURI,
|
||||
nsIPrincipal* aSourcePrincipal,
|
||||
CSSLoaderImpl::CheckLoadAllowed(nsIPrincipal* aSourcePrincipal,
|
||||
nsIURI* aTargetURI,
|
||||
nsISupports* aContext)
|
||||
{
|
||||
@ -946,22 +944,22 @@ CSSLoaderImpl::CheckLoadAllowed(nsIURI* aSourceURI,
|
||||
if (NS_FAILED(rv)) { // failure is normal here; don't warn
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
LOG((" Passed security check"));
|
||||
LOG((" Passed security check"));
|
||||
|
||||
if (aSourceURI) {
|
||||
// Check with content policy
|
||||
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET,
|
||||
aTargetURI,
|
||||
aSourceURI,
|
||||
nsnull,
|
||||
aSourcePrincipal,
|
||||
aContext,
|
||||
NS_LITERAL_CSTRING("text/css"),
|
||||
nsnull, //extra param
|
||||
&shouldLoad,
|
||||
nsContentUtils::GetContentPolicy());
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
|
||||
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
|
||||
LOG((" Load blocked by content policy"));
|
||||
@ -1772,10 +1770,6 @@ CSSLoaderImpl::LoadStyleLink(nsIContent* aElement,
|
||||
|
||||
NS_ENSURE_TRUE(mDocument, NS_ERROR_NOT_INITIALIZED);
|
||||
|
||||
// Check whether we should even load
|
||||
nsIURI *docURI = mDocument->GetDocumentURI();
|
||||
if (!docURI) return NS_ERROR_FAILURE;
|
||||
|
||||
nsIPrincipal* principal =
|
||||
aElement ? aElement->NodePrincipal() : mDocument->NodePrincipal();
|
||||
|
||||
@ -1783,7 +1777,7 @@ CSSLoaderImpl::LoadStyleLink(nsIContent* aElement,
|
||||
if (!context) {
|
||||
context = mDocument;
|
||||
}
|
||||
nsresult rv = CheckLoadAllowed(docURI, principal, aURL, context);
|
||||
nsresult rv = CheckLoadAllowed(principal, aURL, context);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
LOG((" Passed load check"));
|
||||
@ -1865,17 +1859,12 @@ CSSLoaderImpl::LoadChildSheet(nsICSSStyleSheet* aParentSheet,
|
||||
|
||||
LOG_URI(" Child uri: '%s'", aURL);
|
||||
|
||||
// Check whether we should even load
|
||||
nsCOMPtr<nsIURI> sheetURI;
|
||||
nsresult rv = aParentSheet->GetSheetURI(getter_AddRefs(sheetURI));
|
||||
if (NS_FAILED(rv) || !sheetURI) return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIDOMNode> owningNode;
|
||||
|
||||
// check for an owning document: if none, don't bother walking up the parent
|
||||
// sheets
|
||||
nsCOMPtr<nsIDocument> owningDoc;
|
||||
rv = aParentSheet->GetOwningDocument(*getter_AddRefs(owningDoc));
|
||||
nsresult rv = aParentSheet->GetOwningDocument(*getter_AddRefs(owningDoc));
|
||||
if (NS_SUCCEEDED(rv) && owningDoc) {
|
||||
nsCOMPtr<nsIDOMStyleSheet> nextParentSheet(do_QueryInterface(aParentSheet));
|
||||
NS_ENSURE_TRUE(nextParentSheet, NS_ERROR_FAILURE); //Not a stylesheet!?
|
||||
@ -1896,7 +1885,7 @@ CSSLoaderImpl::LoadChildSheet(nsICSSStyleSheet* aParentSheet,
|
||||
}
|
||||
|
||||
nsIPrincipal* principal = aParentSheet->Principal();
|
||||
rv = CheckLoadAllowed(sheetURI, principal, aURL, context);
|
||||
rv = CheckLoadAllowed(principal, aURL, context);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
LOG((" Passed load check"));
|
||||
@ -1984,37 +1973,34 @@ CSSLoaderImpl::LoadSheetSync(nsIURI* aURL, PRBool aAllowUnsafeRules,
|
||||
{
|
||||
LOG(("CSSLoaderImpl::LoadSheetSync"));
|
||||
return InternalLoadNonDocumentSheet(aURL, aAllowUnsafeRules, nsnull,
|
||||
nsnull, aSheet, nsnull);
|
||||
aSheet, nsnull);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CSSLoaderImpl::LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver,
|
||||
nsICSSStyleSheet** aSheet)
|
||||
{
|
||||
LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver, aSheet) api call"));
|
||||
NS_PRECONDITION(aSheet, "aSheet is null");
|
||||
return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginURI,
|
||||
aOriginPrincipal, aSheet, aObserver);
|
||||
return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal,
|
||||
aSheet, aObserver);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CSSLoaderImpl::LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver)
|
||||
{
|
||||
LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver) api call"));
|
||||
return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginURI,
|
||||
aOriginPrincipal, nsnull, aObserver);
|
||||
return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal,
|
||||
nsnull, aObserver);
|
||||
}
|
||||
|
||||
nsresult
|
||||
CSSLoaderImpl::InternalLoadNonDocumentSheet(nsIURI* aURL,
|
||||
PRBool aAllowUnsafeRules,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSStyleSheet** aSheet,
|
||||
nsICSSLoaderObserver* aObserver)
|
||||
@ -2034,7 +2020,7 @@ CSSLoaderImpl::InternalLoadNonDocumentSheet(nsIURI* aURL,
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
nsresult rv = CheckLoadAllowed(aOriginURI, aOriginPrincipal, aURL, mDocument);
|
||||
nsresult rv = CheckLoadAllowed(aOriginPrincipal, aURL, mDocument);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
@ -342,13 +342,11 @@ public:
|
||||
nsICSSStyleSheet** aSheet);
|
||||
|
||||
NS_IMETHOD LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver,
|
||||
nsICSSStyleSheet** aSheet);
|
||||
|
||||
NS_IMETHOD LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver);
|
||||
|
||||
@ -379,10 +377,9 @@ public:
|
||||
PRBool IsAlternate(const nsAString& aTitle, PRBool aHasAlternateRel);
|
||||
|
||||
private:
|
||||
// Note: null aSourceURI or aSourcePrincipal indicates that the content
|
||||
// policy or CheckLoadURI checks (respectively) should be skipped.
|
||||
nsresult CheckLoadAllowed(nsIURI* aSourceURI,
|
||||
nsIPrincipal* aSourcePrincipal,
|
||||
// Note: null aSourcePrincipal indicates that the content policy and
|
||||
// CheckLoadURI checks should be skipped.
|
||||
nsresult CheckLoadAllowed(nsIPrincipal* aSourcePrincipal,
|
||||
nsIURI* aTargetURI,
|
||||
nsISupports* aContext);
|
||||
|
||||
@ -418,7 +415,6 @@ private:
|
||||
|
||||
nsresult InternalLoadNonDocumentSheet(nsIURI* aURL,
|
||||
PRBool aAllowUnsafeRules,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSStyleSheet** aSheet,
|
||||
nsICSSLoaderObserver* aObserver);
|
||||
|
@ -58,10 +58,10 @@ class nsICSSImportRule;
|
||||
class nsIPrincipal;
|
||||
|
||||
// IID for the nsICSSLoader interface
|
||||
// eed4ac28-0add-43a7-84bf-fb53109ae40c
|
||||
// 0c6d7e76-dddc-4727-b557-7ef531127e11
|
||||
#define NS_ICSS_LOADER_IID \
|
||||
{ 0xeed4ac28, 0x0add, 0x43a7, \
|
||||
{ 0x84, 0xbf, 0xfb, 0x53, 0x10, 0x9a, 0xe4, 0x0c } }
|
||||
{ 0x0c6d7e76, 0xdddc, 0x4727, \
|
||||
{ 0xb5, 0x57, 0x7e, 0xf5, 0x31, 0x12, 0x7e, 0x11 } }
|
||||
|
||||
typedef void (*nsCSSLoaderCallbackFunc)(nsICSSStyleSheet* aSheet, void *aData, PRBool aDidNotify);
|
||||
|
||||
@ -203,9 +203,6 @@ public:
|
||||
* sheets not associated with a document.
|
||||
*
|
||||
* @param aURL the URL of the sheet to load
|
||||
* @param aOriginURI the URI the load originated from, for content policy
|
||||
* checks. This can be null to indicate that these checks
|
||||
* should be skipped.
|
||||
* @param aOriginPrincipal the principal to use for security checks. This
|
||||
* can be null to indicate that these checks should
|
||||
* be skipped.
|
||||
@ -215,7 +212,6 @@ public:
|
||||
* not be loaded by the time this method returns.
|
||||
*/
|
||||
NS_IMETHOD LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver,
|
||||
nsICSSStyleSheet** aSheet) = 0;
|
||||
@ -225,7 +221,6 @@ public:
|
||||
* not-yet-loaded sheet.
|
||||
*/
|
||||
NS_IMETHOD LoadSheet(nsIURI* aURL,
|
||||
nsIURI* aOriginURI,
|
||||
nsIPrincipal* aOriginPrincipal,
|
||||
nsICSSLoaderObserver* aObserver) = 0;
|
||||
|
||||
|
@ -3457,7 +3457,8 @@ NS_IMETHODIMP nsPluginHostImpl::InstantiateEmbeddedPlugin(const char *aMimeType,
|
||||
nsresult rv =
|
||||
NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT,
|
||||
aURL,
|
||||
doc->GetDocumentURI(),
|
||||
nsnull,
|
||||
doc->NodePrincipal(),
|
||||
elem,
|
||||
nsDependentCString(aMimeType ? aMimeType : ""),
|
||||
nsnull, //extra
|
||||
@ -5909,7 +5910,8 @@ NS_IMETHODIMP nsPluginHostImpl::NewPluginURLStream(const nsString& aURL,
|
||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
||||
url,
|
||||
(doc ? doc->GetDocumentURI() : nsnull),
|
||||
nsnull,
|
||||
(doc ? doc->NodePrincipal() : nsnull),
|
||||
element,
|
||||
EmptyCString(), //mime guess
|
||||
nsnull, //extra
|
||||
|
Loading…
Reference in New Issue
Block a user