Bug 1542204 - Normalize "_blank" to "" before calling SendCreateWindowInDifferentProcess. r=nika

Differential Revision: https://phabricator.services.mozilla.com/D26300 --HG-- extra : moz-landing-system : lando
2024-10-10 03:45:46 +00:00 · 2019-04-05 20:14:03 +00:00 · 2019-04-05 20:14:03 +00:00 · 56fffce764
commit 56fffce764
parent fa0b54611b
4 changed files with 24 additions and 4 deletions
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -10342,12 +10342,17 @@ nsContentUtils::UserInteractionObserver::Observe(nsISupports* aSubject,
 Atomic<bool> nsContentUtils::UserInteractionObserver::sUserActive(false);
 NS_IMPL_ISUPPORTS(nsContentUtils::UserInteractionObserver, nsIObserver)

+/* static */
+bool nsContentUtils::IsSpecialName(const nsAString& aName) {
+  return aName.LowerCaseEqualsLiteral("_blank") ||
+         aName.LowerCaseEqualsLiteral("_top") ||
+         aName.LowerCaseEqualsLiteral("_parent") ||
+         aName.LowerCaseEqualsLiteral("_self");
+}
+
 /* static */
 bool nsContentUtils::IsOverridingWindowName(const nsAString& aName) {
-  return !aName.IsEmpty() && !aName.LowerCaseEqualsLiteral("_blank") &&
-         !aName.LowerCaseEqualsLiteral("_top") &&
-         !aName.LowerCaseEqualsLiteral("_parent") &&
-         !aName.LowerCaseEqualsLiteral("_self");
+  return !aName.IsEmpty() && !IsSpecialName(aName);
 }

 // Unfortunately, we can't unwrap an IDL object using only a concrete type.
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@ -3287,6 +3287,12 @@ class nsContentUtils {
  // bytecode out of the nsCacheInfoChannel.
  static nsCString& JSBytecodeMimeType() { return *sJSBytecodeMimeType; }

+  /**
+   * Checks if the passed-in name is one of the special names: "_blank", "_top",
+   * "_parent" or "_self".
+   */
+  static bool IsSpecialName(const nsAString& aName);
+
  /**
   * Checks if the passed-in name should override an existing name on the
   * window. Values which should not override include: "", "_blank", "_top",
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -897,6 +897,13 @@ nsresult ContentChild::ProvideWindowCommon(

    Maybe<URIParams> uriToLoad;
    SerializeURI(aURI, uriToLoad);
+
+    if (name.LowerCaseEqualsLiteral("_blank")) {
+      name = EmptyString();
+    }
+
+    MOZ_DIAGNOSTIC_ASSERT(!nsContentUtils::IsSpecialName(name));
+
    Unused << SendCreateWindowInDifferentProcess(
        aTabOpener, aChromeFlags, aCalledFromJS, aPositionSpecified,
        aSizeSpecified, uriToLoad, features, fullZoom, name,
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -4988,6 +4988,8 @@ mozilla::ipc::IPCResult ContentParent::RecvCreateWindowInDifferentProcess(
    const nsCString& aFeatures, const float& aFullZoom, const nsString& aName,
    const IPC::Principal& aTriggeringPrincipal, nsIContentSecurityPolicy* aCsp,
    nsIReferrerInfo* aReferrerInfo) {
+  MOZ_DIAGNOSTIC_ASSERT(!nsContentUtils::IsSpecialName(aName));
+
  nsCOMPtr<nsITabParent> newRemoteTab;
  bool windowIsNew;
  nsCOMPtr<nsIURI> uriToLoad = DeserializeURI(aURIToLoad);