Backed out changeset 764fab821251 (bug 1478037) for crashtest failures on 439184-1.html. CLOSED TREE

2024-10-21 01:05:45 +00:00 · 2019-05-31 21:21:10 +03:00 · 2019-05-31 21:21:10 +03:00 · 25d57e0fbd
commit 25d57e0fbd
parent 63db2e3489
1 changed files with 37 additions and 32 deletions
--- a/dom/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/jsurl/nsJSProtocolHandler.cpp
@ -39,6 +39,7 @@
 #include "nsThreadUtils.h"
 #include "nsIScriptChannel.h"
 #include "mozilla/dom/Document.h"
+#include "nsILoadInfo.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsITextToSubURI.h"
@ -48,9 +49,9 @@
 #include "mozilla/CycleCollectedJSContext.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/PopupBlocker.h"
+#include "nsILoadInfo.h"
 #include "nsContentSecurityManager.h"

-#include "mozilla/LoadInfo.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/ipc/URIUtils.h"

@ -159,10 +160,8 @@ nsresult nsJSThunk::EvaluateScript(
  nsresult rv;

  // CSP check: javascript: URIs disabled unless "inline" scripts are
-  // allowed.  Here we use the CSP of the thing that started the load,
-  // which is the CSPToInherit of the loadInfo.
-  nsCOMPtr<nsIContentSecurityPolicy> csp =
-      static_cast<mozilla::net::LoadInfo*>(loadInfo.get())->GetCSPToInherit();
+  // allowed.
+  nsCOMPtr<nsIContentSecurityPolicy> csp = loadInfo->GetCsp();
  if (csp) {
    bool allowsInlineScript = true;
    rv = csp->GetAllowsInline(nsIContentPolicy::TYPE_SCRIPT,
@ -176,26 +175,33 @@ nsresult nsJSThunk::EvaluateScript(
                              &allowsInlineScript);

    // return early if inline scripts are not allowed
-    if (NS_FAILED(rv) || !allowsInlineScript) {
+    if (!allowsInlineScript) {
      return NS_ERROR_DOM_RETVAL_UNDEFINED;
    }
  }

-  // Based on the outcome of https://github.com/whatwg/html/issues/4651 we may
-  // want to also test against the CSP of the document we'll be running against
-  // (which is targetDoc below).  If we do that, we should make sure to only do
-  // that test if targetDoc->NodePrincipal() subsumes
-  // loadInfo->TriggeringPrincipal().  If it doesn't, then someone
-  // more-privileged (our UI or an extension) started the load and the load
-  // should not be subject to the target document's CSP.
-  //
-  // The "more privileged" assumption is safe, because if the triggering
-  // principal does not subsume targetDoc->NodePrincipal() we won't run the
-  // script at all.  More precisely, we test that "principal" subsumes the
-  // target's principal, but "principal" should never be higher-privilege than
-  // the triggering principal here: it's either the triggering principal, or the
-  // principal of the document we started the load against if the triggering
-  // principal is system.
+  // for document navigations we need to check the CSP of the previous document.
+  csp = nullptr;
+  mozilla::dom::Document* prevDoc = aOriginalInnerWindow->GetExtantDoc();
+  if (prevDoc) {
+    csp = prevDoc->GetCsp();
+  }
+  if (csp) {
+    bool allowsInlineScript = true;
+    rv = csp->GetAllowsInline(nsIContentPolicy::TYPE_SCRIPT,
+                              EmptyString(),  // aNonce
+                              true,           // aParserCreated
+                              nullptr,        // aElement,
+                              nullptr,        // nsICSPEventListener
+                              EmptyString(),  // aContent
+                              0,              // aLineNumber
+                              0,              // aColumnNumber
+                              &allowsInlineScript);
+    // return early if inline scripts are not allowed
+    if (!allowsInlineScript) {
+      return NS_ERROR_DOM_RETVAL_UNDEFINED;
+    }
+  }

  // Get the global object we should be running on.
  nsIScriptGlobalObject* global = GetGlobalObject(aChannel);
@ -203,6 +209,16 @@ nsresult nsJSThunk::EvaluateScript(
    return NS_ERROR_FAILURE;
  }

+  // Sandboxed document check: javascript: URI's are disabled
+  // in a sandboxed document unless 'allow-scripts' was specified.
+  mozilla::dom::Document* doc = aOriginalInnerWindow->GetExtantDoc();
+  if (doc && doc->HasScriptsBlockedBySandbox()) {
+    return NS_ERROR_DOM_RETVAL_UNDEFINED;
+  }
+
+  // Push our popup control state
+  AutoPopupStatePusher popupStatePusher(aPopupState);
+
  // Make sure we still have the same inner window as we used to.
  nsCOMPtr<nsPIDOMWindowOuter> win = do_QueryInterface(global);
  nsPIDOMWindowInner* innerWin = win->GetCurrentInnerWindow();
@ -211,17 +227,6 @@ nsresult nsJSThunk::EvaluateScript(
    return NS_ERROR_UNEXPECTED;
  }

-  mozilla::dom::Document* targetDoc = innerWin->GetExtantDoc();
-
-  // Sandboxed document check: javascript: URI execution is disabled
-  // in a sandboxed document unless 'allow-scripts' was specified.
-  if (targetDoc && targetDoc->HasScriptsBlockedBySandbox()) {
-    return NS_ERROR_DOM_RETVAL_UNDEFINED;
-  }
-
-  // Push our popup control state
-  AutoPopupStatePusher popupStatePusher(aPopupState);
-
  nsCOMPtr<nsIScriptGlobalObject> innerGlobal = do_QueryInterface(innerWin);

  // So far so good: get the script context from its owner.