mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-10 09:19:28 +00:00
Bug 956382 - Remove usage of explicit *IgnoringDomain variants. r=mrbkap
This commit is contained in:
Bobby Holley
parent
5489839173
commit
1c600e7056
@ -56,13 +56,7 @@ DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
|
|||||||
if (CORSUsed)
|
if (CORSUsed)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
// Ignore document.domain in this check.
|
if (aCanvasElement->NodePrincipal()->Subsumes(aPrincipal)) {
|
||||||
bool subsumes;
|
|
||||||
nsresult rv =
|
|
||||||
aCanvasElement->NodePrincipal()->SubsumesIgnoringDomain(aPrincipal,
|
|
||||||
&subsumes);
|
|
||||||
|
|
||||||
if (NS_SUCCEEDED(rv) && subsumes) {
|
|
||||||
// This canvas has access to that image anyway
|
// This canvas has access to that image anyway
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -295,11 +295,7 @@ SVGFEImageElement::OutputIsTainted(const nsTArray<bool>& aInputsAreTainted,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ignore document.domain in this check.
|
if (aReferencePrincipal->Subsumes(principal)) {
|
||||||
bool subsumes;
|
|
||||||
rv = aReferencePrincipal->SubsumesIgnoringDomain(principal, &subsumes);
|
|
||||||
|
|
||||||
if (NS_SUCCEEDED(rv) && subsumes) {
|
|
||||||
// The page is allowed to read from the image.
|
// The page is allowed to read from the image.
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7720,7 +7720,7 @@ PostMessageEvent::Run()
|
|||||||
// don't do that in other places it seems better to hold the line for
|
// don't do that in other places it seems better to hold the line for
|
||||||
// now. Long-term, we want HTML5 to address this so that we can
|
// now. Long-term, we want HTML5 to address this so that we can
|
||||||
// be compliant while being safer.
|
// be compliant while being safer.
|
||||||
if (!targetPrin->EqualsIgnoringDomain(mProvidedPrincipal)) {
|
if (!targetPrin->Equals(mProvidedPrincipal)) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -319,29 +319,7 @@ DOMStorage::PrincipalEquals(nsIPrincipal* aPrincipal)
|
|||||||
bool
|
bool
|
||||||
DOMStorage::CanAccess(nsIPrincipal* aPrincipal)
|
DOMStorage::CanAccess(nsIPrincipal* aPrincipal)
|
||||||
{
|
{
|
||||||
// Allow C++ callers to access the storage
|
return !aPrincipal || aPrincipal->Subsumes(mPrincipal);
|
||||||
if (!aPrincipal) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// For content, either the code base or domain must be the same. When code
|
|
||||||
// base is the same, this is enough to say it is safe for a page to access
|
|
||||||
// this storage.
|
|
||||||
|
|
||||||
bool subsumes;
|
|
||||||
nsresult rv = aPrincipal->SubsumesIgnoringDomain(mPrincipal, &subsumes);
|
|
||||||
if (NS_FAILED(rv)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!subsumes) {
|
|
||||||
nsresult rv = aPrincipal->Subsumes(mPrincipal, &subsumes);
|
|
||||||
if (NS_FAILED(rv)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return subsumes;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
nsTArray<nsString>*
|
nsTArray<nsString>*
|
||||||
|
|||||||
@ -91,17 +91,7 @@ PrincipalsEqual(nsIPrincipal* aObjectPrincipal, nsIPrincipal* aSubjectPrincipal)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool equals;
|
return aSubjectPrincipal->Equals(aObjectPrincipal);
|
||||||
nsresult rv = aSubjectPrincipal->EqualsIgnoringDomain(aObjectPrincipal, &equals);
|
|
||||||
|
|
||||||
NS_ASSERTION(NS_SUCCEEDED(rv) && equals,
|
|
||||||
"Trying to get DOM storage for wrong principal!");
|
|
||||||
|
|
||||||
if (NS_FAILED(rv) || !equals) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMPL_ISUPPORTS1(DOMStorageManager,
|
NS_IMPL_ISUPPORTS1(DOMStorageManager,
|
||||||
|
|||||||
@ -51,15 +51,6 @@ AccessCheck::subsumes(JSObject *a, JSObject *b)
|
|||||||
return subsumes(js::GetObjectCompartment(a), js::GetObjectCompartment(b));
|
return subsumes(js::GetObjectCompartment(a), js::GetObjectCompartment(b));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Same as above, but ignoring document.domain.
|
|
||||||
bool
|
|
||||||
AccessCheck::subsumesIgnoringDomain(JSCompartment *a, JSCompartment *b)
|
|
||||||
{
|
|
||||||
nsIPrincipal *aprin = GetCompartmentPrincipal(a);
|
|
||||||
nsIPrincipal *bprin = GetCompartmentPrincipal(b);
|
|
||||||
return aprin->SubsumesIgnoringDomain(bprin);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Same as above, but considering document.domain.
|
// Same as above, but considering document.domain.
|
||||||
bool
|
bool
|
||||||
AccessCheck::subsumesConsideringDomain(JSCompartment *a, JSCompartment *b)
|
AccessCheck::subsumesConsideringDomain(JSCompartment *a, JSCompartment *b)
|
||||||
|
|||||||
@ -20,7 +20,6 @@ class AccessCheck {
|
|||||||
static bool subsumes(JSCompartment *a, JSCompartment *b);
|
static bool subsumes(JSCompartment *a, JSCompartment *b);
|
||||||
static bool subsumes(JSObject *a, JSObject *b);
|
static bool subsumes(JSObject *a, JSObject *b);
|
||||||
static bool wrapperSubsumes(JSObject *wrapper);
|
static bool wrapperSubsumes(JSObject *wrapper);
|
||||||
static bool subsumesIgnoringDomain(JSCompartment *a, JSCompartment *b);
|
|
||||||
static bool subsumesConsideringDomain(JSCompartment *a, JSCompartment *b);
|
static bool subsumesConsideringDomain(JSCompartment *a, JSCompartment *b);
|
||||||
static bool isChrome(JSCompartment *compartment);
|
static bool isChrome(JSCompartment *compartment);
|
||||||
static bool isChrome(JSObject *obj);
|
static bool isChrome(JSObject *obj);
|
||||||
|
|||||||
@ -166,9 +166,9 @@ WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
|
|||||||
//
|
//
|
||||||
// NB: We need to ignore domain here so that the security relationship we
|
// NB: We need to ignore domain here so that the security relationship we
|
||||||
// compute here can't change over time. See the comment above the other
|
// compute here can't change over time. See the comment above the other
|
||||||
// subsumesIgnoringDomain call below.
|
// subsumes call below.
|
||||||
bool subsumes = AccessCheck::subsumesIgnoringDomain(js::GetContextCompartment(cx),
|
bool subsumes = AccessCheck::subsumes(js::GetContextCompartment(cx),
|
||||||
js::GetObjectCompartment(obj));
|
js::GetObjectCompartment(obj));
|
||||||
XrayType xrayType = GetXrayType(obj);
|
XrayType xrayType = GetXrayType(obj);
|
||||||
if (!subsumes && xrayType == NotXray) {
|
if (!subsumes && xrayType == NotXray) {
|
||||||
JSProtoKey key = JSProto_Null;
|
JSProtoKey key = JSProto_Null;
|
||||||
@ -269,8 +269,8 @@ WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
|
|||||||
// the correct (opaque) wrapper for the object below given the security
|
// the correct (opaque) wrapper for the object below given the security
|
||||||
// characteristics of the two compartments.
|
// characteristics of the two compartments.
|
||||||
if (!AccessCheck::isChrome(js::GetObjectCompartment(wrapScope)) &&
|
if (!AccessCheck::isChrome(js::GetObjectCompartment(wrapScope)) &&
|
||||||
AccessCheck::subsumesIgnoringDomain(js::GetObjectCompartment(wrapScope),
|
AccessCheck::subsumes(js::GetObjectCompartment(wrapScope),
|
||||||
js::GetObjectCompartment(obj)))
|
js::GetObjectCompartment(obj)))
|
||||||
{
|
{
|
||||||
return DoubleWrap(cx, obj, flags);
|
return DoubleWrap(cx, obj, flags);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -350,7 +350,6 @@ XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,
|
|||||||
|
|
||||||
// First, compare the principals.
|
// First, compare the principals.
|
||||||
nsIPrincipal *o = GetExpandoObjectPrincipal(expandoObject);
|
nsIPrincipal *o = GetExpandoObjectPrincipal(expandoObject);
|
||||||
bool equal;
|
|
||||||
// Note that it's very important here to ignore document.domain. We
|
// Note that it's very important here to ignore document.domain. We
|
||||||
// pull the principal for the expando object off of the first consumer
|
// pull the principal for the expando object off of the first consumer
|
||||||
// for a given origin, and freely share the expandos amongst multiple
|
// for a given origin, and freely share the expandos amongst multiple
|
||||||
@ -358,9 +357,8 @@ XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,
|
|||||||
// no way to know whether _all_ consumers have opted in to collaboration
|
// no way to know whether _all_ consumers have opted in to collaboration
|
||||||
// by explicitly setting document.domain. So we just mandate that expando
|
// by explicitly setting document.domain. So we just mandate that expando
|
||||||
// sharing is unaffected by it.
|
// sharing is unaffected by it.
|
||||||
nsresult rv = consumerOrigin->EqualsIgnoringDomain(o, &equal);
|
if (!consumerOrigin->Equals(o))
|
||||||
if (NS_FAILED(rv) || !equal)
|
return false;
|
||||||
return false;
|
|
||||||
|
|
||||||
// Sandboxes want exclusive expando objects.
|
// Sandboxes want exclusive expando objects.
|
||||||
JSObject *owner = JS_GetReservedSlot(expandoObject,
|
JSObject *owner = JS_GetReservedSlot(expandoObject,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user