Bug 1485577 - Pass triggeringPrincipal into openDialog for window opening code. r=jkt,Standard8 on a CLOSED TREE

Differential Revision: https://phabricator.services.mozilla.com/D4095

--HG--
extra : source : f83d8d85c94f2d1cab19085ec1662808def93fe9
extra : amend_source : 3a291878cce0ab7b780921f55cb613b14aebd189
This commit is contained in:
Gijs Kruitbosch 2018-08-24 16:20:36 +00:00
parent 7027d36dc6
commit 300dbd787f
2 changed files with 39 additions and 18 deletions

View File

@ -5455,7 +5455,13 @@ nsBrowserAccess.prototype = {
}
// Pass all params to openDialog to ensure that "url" isn't passed through
// loadOneOrMoreURIs, which splits based on "|"
newWindow = openDialog(AppConstants.BROWSER_CHROME_URL, "_blank", features, url, null, null, null);
try {
newWindow = openDialog(AppConstants.BROWSER_CHROME_URL, "_blank", features,
// window.arguments
url, null, null, null, null, null, null, null, aTriggeringPrincipal);
} catch (ex) {
Cu.reportError(ex);
}
break;
case Ci.nsIBrowserDOMWindow.OPEN_NEWTAB :
// If we have an opener, that means that the caller is expecting access

View File

@ -19,6 +19,9 @@ XPCOMUtils.defineLazyModuleGetters(this, {
XPCOMUtils.defineLazyServiceGetter(this, "WindowsUIUtils",
"@mozilla.org/windows-ui-utils;1", "nsIWindowsUIUtils");
XPCOMUtils.defineLazyGetter(this, "gSystemPrincipal",
() => Services.scriptSecurityManager.getSystemPrincipal());
function shouldLoadURI(aURI) {
if (aURI && !aURI.schemeIs("chrome"))
return true;
@ -162,6 +165,8 @@ function getPostUpdateOverridePage(defaultOverridePage) {
* The nsICommandLine object given to nsICommandLineHandler's handle
* method.
* Used to check if we are processing the command line for the initial launch.
* @param triggeringPrincipal
* The nsIPrincipal to use as triggering principal for the page load(s).
* @param urlOrUrlList (optional)
* When omitted, the browser window will be opened with the default
* arguments, which will usually load the homepage.
@ -175,15 +180,20 @@ function getPostUpdateOverridePage(defaultOverridePage) {
* @param forcePrivate (optional)
* Boolean. If set to true, the new window will be a private browsing one.
*/
function openBrowserWindow(cmdLine, urlOrUrlList, postData = null,
function openBrowserWindow(cmdLine, triggeringPrincipal, urlOrUrlList, postData = null,
forcePrivate = false) {
let chromeURL = AppConstants.BROWSER_CHROME_URL;
let args;
if (!urlOrUrlList) {
// Just pass in the defaultArgs directly
// Just pass in the defaultArgs directly. We'll use system principal on the other end.
args = [gBrowserContentHandler.defaultArgs];
} else if (Array.isArray(urlOrUrlList)) {
// There isn't an explicit way to pass a principal here, so we load multiple URLs
// with system principal when we get to actually loading them.
if (!triggeringPrincipal || !triggeringPrincipal.equals(gSystemPrincipal)) {
throw new Error("Can't open multiple URLs with something other than system principal.");
}
// Passing an nsIArray for the url disables the "|"-splitting behavior.
let uriArray = Cc["@mozilla.org/array;1"]
.createInstance(Ci.nsIMutableArray);
@ -197,10 +207,17 @@ function openBrowserWindow(cmdLine, urlOrUrlList, postData = null,
} else {
// Always pass at least 3 arguments to avoid the "|"-splitting behavior,
// ie. avoid the loadOneOrMoreURIs function.
// Also, we need to pass the triggering principal.
args = [urlOrUrlList,
null, // charset
null, // referer
postData];
postData,
undefined, // allowThirdPartyFixup; this would be `false` but that
// needs a conversion. Hopefully bug 1485961 will fix.
undefined, // referrer policy
undefined, // user context id
null, // origin principal
triggeringPrincipal];
}
if (cmdLine.state == Ci.nsICommandLine.STATE_INITIAL_LAUNCH) {
@ -257,7 +274,7 @@ function openPreferences(cmdLine, extraArgs) {
} else {
Services.telemetry.getHistogramById("FX_PREFERENCES_OPENED_VIA").add("other");
}
openBrowserWindow(cmdLine, "about:preferences");
openBrowserWindow(cmdLine, gSystemPrincipal, "about:preferences");
}
function doSearch(searchTerm, cmdLine) {
@ -270,7 +287,7 @@ function doSearch(searchTerm, cmdLine) {
// XXXbsmedberg: use handURIToExistingBrowser to obey tabbed-browsing
// preferences, but need nsIBrowserDOMWindow extensions
openBrowserWindow(cmdLine, submission.uri.spec, submission.postData);
openBrowserWindow(cmdLine, gSystemPrincipal, submission.uri.spec, submission.postData);
}
function nsBrowserContentHandler() {
@ -295,7 +312,7 @@ nsBrowserContentHandler.prototype = {
/* nsICommandLineHandler */
handle: function bch_handle(cmdLine) {
if (cmdLine.handleFlag("browser", false)) {
openBrowserWindow(cmdLine);
openBrowserWindow(cmdLine, gSystemPrincipal);
cmdLine.preventDefault = true;
}
@ -316,7 +333,7 @@ nsBrowserContentHandler.prototype = {
let uri = resolveURIInternal(cmdLine, uriparam);
if (!shouldLoadURI(uri))
continue;
openBrowserWindow(cmdLine, uri.spec);
openBrowserWindow(cmdLine, gSystemPrincipal, uri.spec);
cmdLine.preventDefault = true;
}
} catch (e) {
@ -328,7 +345,7 @@ nsBrowserContentHandler.prototype = {
let uri = resolveURIInternal(cmdLine, uriparam);
handURIToExistingBrowser(uri, Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
cmdLine, false,
Services.scriptSecurityManager.getSystemPrincipal());
gSystemPrincipal);
cmdLine.preventDefault = true;
}
} catch (e) {
@ -391,8 +408,7 @@ nsBrowserContentHandler.prototype = {
resolvedURI = resolveURIInternal(cmdLine, privateWindowParam);
}
handURIToExistingBrowser(resolvedURI, Ci.nsIBrowserDOMWindow.OPEN_NEWTAB,
cmdLine, forcePrivate,
Services.scriptSecurityManager.getSystemPrincipal());
cmdLine, forcePrivate, gSystemPrincipal);
cmdLine.preventDefault = true;
}
} catch (e) {
@ -401,7 +417,7 @@ nsBrowserContentHandler.prototype = {
}
// NS_ERROR_INVALID_ARG is thrown when flag exists, but has no param.
if (cmdLine.handleFlag("private-window", false)) {
openBrowserWindow(cmdLine, "about:privatebrowsing", null,
openBrowserWindow(cmdLine, gSystemPrincipal, "about:privatebrowsing", null,
PrivateBrowsingUtils.enabled);
cmdLine.preventDefault = true;
}
@ -434,7 +450,7 @@ nsBrowserContentHandler.prototype = {
if (fileParam) {
var file = cmdLine.resolveFile(fileParam);
var fileURI = Services.io.newFileURI(file);
openBrowserWindow(cmdLine, fileURI.spec);
openBrowserWindow(cmdLine, gSystemPrincipal, fileURI.spec);
cmdLine.preventDefault = true;
}
@ -663,7 +679,7 @@ function handURIToExistingBrowser(uri, location, cmdLine, forcePrivate, triggeri
var navWin = BrowserWindowTracker.getTopWindow({private: allowPrivate});
if (!navWin) {
// if we couldn't load it in an existing window, open a new one
openBrowserWindow(cmdLine, uri.spec, null, forcePrivate);
openBrowserWindow(cmdLine, triggeringPrincipal, uri.spec, null, forcePrivate);
return;
}
@ -744,8 +760,7 @@ nsDefaultCommandLineHandler.prototype = {
// current tab, new tab, or new window as prefs determine.
try {
handURIToExistingBrowser(urilist[0], Ci.nsIBrowserDOMWindow.OPEN_DEFAULTWINDOW,
cmdLine, false,
Services.scriptSecurityManager.getSystemPrincipal());
cmdLine, false, gSystemPrincipal);
return;
} catch (e) {
}
@ -753,7 +768,7 @@ nsDefaultCommandLineHandler.prototype = {
var URLlist = urilist.filter(shouldLoadURI).map(u => u.spec);
if (URLlist.length) {
openBrowserWindow(cmdLine, URLlist);
openBrowserWindow(cmdLine, gSystemPrincipal, URLlist);
}
} else if (!cmdLine.preventDefault) {
@ -767,7 +782,7 @@ nsDefaultCommandLineHandler.prototype = {
return;
}
}
openBrowserWindow(cmdLine);
openBrowserWindow(cmdLine, gSystemPrincipal);
} else {
// Need a better solution in the future to avoid opening the blank window
// when command line parameters say we are not going to show a browser