mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
Bug 1582512 - Add in exception cases where we disable the javascript load restrictions r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D53245 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
c6d83e8581
commit
571911416d
@ -706,6 +706,39 @@ bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
|
||||
return true;
|
||||
}
|
||||
|
||||
// We only perform a check of this preference on the Main Thread
|
||||
// (because a String-based preference check is only safe on Main Thread.)
|
||||
// The consequence of this is that if a user is using userChromeJS _and_
|
||||
// the scripts they use start a worker - we will enter this function,
|
||||
// skip over this pref check that would normally cause us to allow the
|
||||
// load - and we will block it.
|
||||
// While not ideal, we do not officially support userChromeJS, and hopefully
|
||||
// the usage of workers is even lower than userChromeJS usage.
|
||||
if (NS_IsMainThread()) {
|
||||
// This preference is a file used for autoconfiguration of Firefox
|
||||
// by administrators. It has also been (ab)used by the userChromeJS
|
||||
// project to run legacy-style 'extensions', some of which use eval,
|
||||
// all of which run in the System Principal context.
|
||||
nsAutoString jsConfigPref;
|
||||
Preferences::GetString("general.config.filename", jsConfigPref);
|
||||
if (!jsConfigPref.IsEmpty()) {
|
||||
MOZ_LOG(sCSMLog, LogLevel::Debug,
|
||||
("Allowing a javascript load of %s because of "
|
||||
"general.config.filename",
|
||||
aFilename));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if (XRE_IsE10sParentProcess() &&
|
||||
!StaticPrefs::extensions_webextensions_remote()) {
|
||||
MOZ_LOG(sCSMLog, LogLevel::Debug,
|
||||
("Allowing a javascript load of %s because the web extension "
|
||||
"process is disabled.",
|
||||
aFilename));
|
||||
return true;
|
||||
}
|
||||
|
||||
NS_ConvertUTF8toUTF16 filenameU(aFilename);
|
||||
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
|
||||
// If it's a chrome:// url, allow it
|
||||
|
Loading…
Reference in New Issue
Block a user