From 3400605cfd1fb045fe26240f06694865ea5b1736 Mon Sep 17 00:00:00 2001 From: Tom Schuster Date: Fri, 15 Jul 2022 16:33:46 +0000 Subject: [PATCH] Bug 1740420 - Improve sandbox error message when accessing storages. r=saschanaz Differential Revision: https://phabricator.services.mozilla.com/D150255 --- dom/base/Document.cpp | 14 +++++++++----- dom/base/nsGlobalWindowInner.cpp | 17 ++++++++++++++--- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index b765256dd090..b5986249b625 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -6462,7 +6462,7 @@ void Document::GetReferrer(nsAString& aReferrer) const { CopyUTF8toUTF16(uri, aReferrer); } -void Document::GetCookie(nsAString& aCookie, ErrorResult& rv) { +void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) { aCookie.Truncate(); // clear current cookie in case service fails; // no cookie isn't an error condition. @@ -6470,10 +6470,12 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& rv) { return; } - // If the document's sandboxed origin flag is set, access to read cookies + // If the document's sandboxed origin flag is set, then reading cookies // is prohibited. if (mSandboxFlags & SANDBOXED_ORIGIN) { - rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + aRv.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); return; } @@ -6509,10 +6511,12 @@ void Document::SetCookie(const nsAString& aCookie, ErrorResult& aRv) { return; } - // If the document's sandboxed origin flag is set, access to write cookies + // If the document's sandboxed origin flag is set, then setting cookies // is prohibited. if (mSandboxFlags & SANDBOXED_ORIGIN) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); + aRv.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); return; } diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index 0bd8389926b5..685ddf100e53 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -4829,15 +4829,17 @@ Storage* nsGlobalWindowInner::GetSessionStorage(ErrorResult& aError) { } } - // If the document has the sandboxed origin flag set - // don't allow access to sessionStorage. if (!mDoc) { aError.Throw(NS_ERROR_FAILURE); return nullptr; } + // If the document's sandboxed origin flag is set, then accessing + // sessionStorage is prohibited. if (mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN) { - aError.Throw(NS_ERROR_DOM_SECURITY_ERR); + aError.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); return nullptr; } @@ -4924,6 +4926,15 @@ Storage* nsGlobalWindowInner::GetLocalStorage(ErrorResult& aError) { return nullptr; } + // If the document's sandboxed origin flag is set, then accessing localStorage + // is prohibited. + if (mDoc && mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN) { + aError.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); + return nullptr; + } + // LocalStorage needs to be exposed in every context except for sandboxes and // NullPrincipals (data: URLs, for instance). But we need to keep data // separate in some scenarios: private-browsing and partitioned trackers.