mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1364016 - Explicitly pass a triggeringPrincipal to openURI. r=gijs,baku
This commit is contained in:
Christoph Kerschbaumer
parent
1be37cf55c
commit
2ad43ee9bd
@ -5122,7 +5122,7 @@ nsBrowserAccess.prototype = {
|
||||
return browser;
|
||||
},
|
||||
|
||||
openURI(aURI, aOpener, aWhere, aFlags) {
|
||||
openURI(aURI, aOpener, aWhere, aFlags, aTriggeringPrincipal) {
|
||||
// This function should only ever be called if we're opening a URI
|
||||
// from a non-remote browser window (via nsContentTreeOwner).
|
||||
if (aOpener && Cu.isCrossProcessWrapper(aOpener)) {
|
||||
@ -5154,11 +5154,9 @@ nsBrowserAccess.prototype = {
|
||||
}
|
||||
|
||||
let referrer = aOpener ? makeURI(aOpener.location.href) : null;
|
||||
let triggeringPrincipal = null;
|
||||
let referrerPolicy = Ci.nsIHttpChannel.REFERRER_POLICY_UNSET;
|
||||
if (aOpener && aOpener.document) {
|
||||
referrerPolicy = aOpener.document.referrerPolicy;
|
||||
triggeringPrincipal = aOpener.document.nodePrincipal;
|
||||
}
|
||||
let isPrivate = aOpener
|
||||
? PrivateBrowsingUtils.isContentWindowPrivate(aOpener)
|
||||
@ -5192,7 +5190,7 @@ nsBrowserAccess.prototype = {
|
||||
let browser = this._openURIInNewTab(aURI, referrer, referrerPolicy,
|
||||
isPrivate, isExternal,
|
||||
forceNotRemote, userContextId,
|
||||
openerWindow, triggeringPrincipal);
|
||||
openerWindow, aTriggeringPrincipal);
|
||||
if (browser)
|
||||
newWindow = browser.contentWindow;
|
||||
break;
|
||||
@ -5203,7 +5201,7 @@ nsBrowserAccess.prototype = {
|
||||
Ci.nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL :
|
||||
Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
|
||||
gBrowser.loadURIWithFlags(aURI.spec, {
|
||||
triggeringPrincipal,
|
||||
aTriggeringPrincipal,
|
||||
flags: loadflags,
|
||||
referrerURI: referrer,
|
||||
referrerPolicy,
|
||||
|
||||
@ -4,7 +4,8 @@ function test() {
|
||||
window.browserDOMWindow.openURI(makeURI("about:blank"),
|
||||
null,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL);
|
||||
Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
is(gBrowser.tabs.length, tabCount + 1,
|
||||
"'--new-tab about:blank' opens a new tab");
|
||||
is(gBrowser.selectedTab, gBrowser.tabs[tabCount],
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
add_task(async function() {
|
||||
let browserLoadedPromise = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
|
||||
window.browserDOMWindow.openURI(makeURI("about:"), null,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, null)
|
||||
Ci.nsIBrowserDOMWindow.OPEN_CURRENTWINDOW, null,
|
||||
Services.scriptSecurityManager.getSystemPrincipal())
|
||||
await browserLoadedPromise;
|
||||
is(gBrowser.currentURI.spec, "about:", "page loads in the current content window");
|
||||
});
|
||||
|
||||
@ -3,7 +3,8 @@ function test() {
|
||||
window.browserDOMWindow.openURI(makeURI(URI),
|
||||
null,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL);
|
||||
Ci.nsIBrowserDOMWindow.OPEN_EXTERNAL,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
|
||||
is(gBrowser.userTypedValue, URI, "userTypedValue matches test URI");
|
||||
is(gURLBar.value, URI, "location bar value matches test URI");
|
||||
|
||||
@ -343,7 +343,8 @@ nsBrowserContentHandler.prototype = {
|
||||
try {
|
||||
while ((uriparam = cmdLine.handleFlagWithParam("new-tab", false))) {
|
||||
let uri = resolveURIInternal(cmdLine, uriparam);
|
||||
handURIToExistingBrowser(uri, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine);
|
||||
handURIToExistingBrowser(uri, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, false,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
cmdLine.preventDefault = true;
|
||||
}
|
||||
} catch (e) {
|
||||
@ -391,7 +392,8 @@ nsBrowserContentHandler.prototype = {
|
||||
var privateWindowParam = cmdLine.handleFlagWithParam("private-window", false);
|
||||
if (privateWindowParam) {
|
||||
let resolvedURI = resolveURIInternal(cmdLine, privateWindowParam);
|
||||
handURIToExistingBrowser(resolvedURI, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, true);
|
||||
handURIToExistingBrowser(resolvedURI, nsIBrowserDOMWindow.OPEN_NEWTAB, cmdLine, true,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
cmdLine.preventDefault = true;
|
||||
}
|
||||
} catch (e) {
|
||||
@ -607,8 +609,8 @@ nsBrowserContentHandler.prototype = {
|
||||
}
|
||||
|
||||
request.QueryInterface(nsIChannel);
|
||||
handURIToExistingBrowser(request.URI,
|
||||
nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, null);
|
||||
handURIToExistingBrowser(request.URI, nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, null, false,
|
||||
request.loadInfo.triggeringPrincipal);
|
||||
request.cancel(NS_BINDING_ABORTED);
|
||||
},
|
||||
|
||||
@ -642,7 +644,7 @@ nsBrowserContentHandler.prototype = {
|
||||
};
|
||||
var gBrowserContentHandler = new nsBrowserContentHandler();
|
||||
|
||||
function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate) {
|
||||
function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate, triggeringPrincipal) {
|
||||
if (!shouldLoadURI(uri))
|
||||
return;
|
||||
|
||||
@ -667,7 +669,7 @@ function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate) {
|
||||
.getInterface(nsIDOMWindow);
|
||||
var bwin = rootWin.QueryInterface(nsIDOMChromeWindow).browserDOMWindow;
|
||||
bwin.openURI(uri, null, location,
|
||||
nsIBrowserDOMWindow.OPEN_EXTERNAL);
|
||||
nsIBrowserDOMWindow.OPEN_EXTERNAL, triggeringPrincipal);
|
||||
}
|
||||
|
||||
function nsDefaultCommandLineHandler() {
|
||||
@ -742,7 +744,8 @@ nsDefaultCommandLineHandler.prototype = {
|
||||
// Try to find an existing window and load our URI into the
|
||||
// current tab, new tab, or new window as prefs determine.
|
||||
try {
|
||||
handURIToExistingBrowser(urilist[0], nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, cmdLine);
|
||||
handURIToExistingBrowser(urilist[0], nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW, cmdLine, false,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
return;
|
||||
} catch (e) {
|
||||
}
|
||||
|
||||
@ -241,13 +241,18 @@ function tunnelToInnerBrowser(outer, inner) {
|
||||
let { detail } = event;
|
||||
event.preventDefault();
|
||||
let uri = Services.io.newURI(detail.url);
|
||||
let sourceNode = event.dataTransfer.mozSourceNode;
|
||||
let triggeringPrincipal = sourceNode
|
||||
? sourceNode.nodePrincipal
|
||||
: Services.scriptSecurityManager.getSystemPrincipal();
|
||||
// This API is used mainly because it's near the path used for <a target/> with
|
||||
// regular browser tabs (which calls `openURIInFrame`). The more elaborate APIs
|
||||
// that support openers, window features, etc. didn't seem callable from JS and / or
|
||||
// this event doesn't give enough info to use them.
|
||||
browserWindow.browserDOMWindow
|
||||
.openURI(uri, null, Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEW);
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEW,
|
||||
triggeringPrincipal);
|
||||
},
|
||||
|
||||
stop() {
|
||||
|
||||
@ -99,11 +99,12 @@ interface nsIBrowserDOMWindow : nsISupports
|
||||
* @param aFlags flags which control the behavior of the load. The
|
||||
* OPEN_EXTERNAL/OPEN_NEW flag is only used when
|
||||
* aWhere == OPEN_DEFAULTWINDOW.
|
||||
* @param aTriggeringPrincipal the principal that triggered the load of aURI
|
||||
* @return the window into which the URI was opened.
|
||||
*/
|
||||
mozIDOMWindowProxy
|
||||
openURI(in nsIURI aURI, in mozIDOMWindowProxy aOpener,
|
||||
in short aWhere, in long aFlags);
|
||||
in short aWhere, in long aFlags, in nsIPrincipal aTriggeringPrincipal);
|
||||
|
||||
/**
|
||||
* As above, but return the nsIFrameLoaderOwner for the new window.
|
||||
|
||||
@ -4650,6 +4650,7 @@ ContentParent::CommonCreateWindow(PBrowserParent* aThisTab,
|
||||
aResult = newBrowserDOMWin->OpenURI(aURIToLoad, openerWindow,
|
||||
nsIBrowserDOMWindow::OPEN_CURRENTWINDOW,
|
||||
nsIBrowserDOMWindow::OPEN_NEW,
|
||||
aTriggeringPrincipal,
|
||||
getter_AddRefs(win));
|
||||
}
|
||||
|
||||
|
||||
@ -754,10 +754,14 @@ private:
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> triggeringPrincipal = workerPrivate->GetPrincipal();
|
||||
MOZ_DIAGNOSTIC_ASSERT(triggeringPrincipal);
|
||||
|
||||
nsCOMPtr<mozIDOMWindowProxy> win;
|
||||
rv = bwin->OpenURI(uri, nullptr,
|
||||
nsIBrowserDOMWindow::OPEN_DEFAULTWINDOW,
|
||||
nsIBrowserDOMWindow::OPEN_NEW,
|
||||
triggeringPrincipal,
|
||||
getter_AddRefs(win));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
#include "nsNativeAppSupportBase.h"
|
||||
#include "nsNativeAppSupportWin.h"
|
||||
#include "nsAppRunner.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "nsString.h"
|
||||
#include "nsIBrowserDOMWindow.h"
|
||||
@ -1463,6 +1464,7 @@ nsNativeAppSupportWin::OpenBrowserWindow()
|
||||
rv = bwin->OpenURI( uri, 0,
|
||||
nsIBrowserDOMWindow::OPEN_DEFAULTWINDOW,
|
||||
nsIBrowserDOMWindow::OPEN_EXTERNAL,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
getter_AddRefs( container ) );
|
||||
if ( NS_SUCCEEDED( rv ) )
|
||||
return NS_OK;
|
||||
|
||||
@ -12,6 +12,7 @@ const Cu = Components.utils;
|
||||
|
||||
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||
Cu.import("resource://gre/modules/NetUtil.jsm");
|
||||
Cu.import('resource://gre/modules/Services.jsm');
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
//// nsWebHandler class
|
||||
@ -143,7 +144,8 @@ nsWebHandlerApp.prototype = {
|
||||
browserDOMWin.openURI(uriToSend,
|
||||
null, // no window.opener
|
||||
Ci.nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW,
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEW);
|
||||
Ci.nsIBrowserDOMWindow.OPEN_NEW,
|
||||
Services.scriptSecurityManager.getSystemPrincipal());
|
||||
|
||||
return;
|
||||
},
|
||||
|
||||
@ -35,6 +35,7 @@
|
||||
#include "nsIMIMEInfo.h"
|
||||
#include "nsIWidget.h"
|
||||
#include "nsWindowWatcher.h"
|
||||
#include "NullPrincipal.h"
|
||||
#include "mozilla/BrowserElementParent.h"
|
||||
|
||||
#include "nsIDOMDocument.h"
|
||||
@ -923,13 +924,15 @@ nsContentTreeOwner::ProvideWindow(mozIDOMWindowProxy* aParent,
|
||||
}
|
||||
|
||||
// Get a new rendering area from the browserDOMWin. We don't want
|
||||
// to be starting any loads here, so get it with a null URI.
|
||||
// to be starting any loads here, so get it with a null URI. Since/
|
||||
// we are not loading any URI, we follow the principle of least privlege
|
||||
// and use a nullPrincipal as the triggeringPrincipal.
|
||||
//
|
||||
// This method handles setting the opener for us, so we don't need to set it
|
||||
// ourselves.
|
||||
return browserDOMWin->OpenURI(nullptr, aParent,
|
||||
openLocation,
|
||||
flags, aReturn);
|
||||
RefPtr<NullPrincipal> nullPrincipal = NullPrincipal::Create();
|
||||
return browserDOMWin->OpenURI(nullptr, aParent, openLocation,
|
||||
flags, nullPrincipal, aReturn);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user