Bug 1312272 - Marquee event handlers to adhere CSP. r=smaug

MozReview-Commit-ID: 6MxGnFAIhMP --HG-- extra : histedit_source : 592bae3f50983d107169811411ab444d5efa3f22
2025-03-04 15:51:37 +00:00 · 2016-11-04 22:54:59 -04:00 · 2016-11-04 22:54:59 -04:00 · 61b919525e
commit 61b919525e
parent 373d124f68
4 changed files with 29 additions and 1 deletions
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@ -12258,6 +12258,24 @@ nsIDocument::HasScriptsBlockedBySandbox()
  return mSandboxFlags & SANDBOXED_SCRIPTS;
 }

+bool
+nsIDocument::InlineScriptAllowedByCSP()
+{
+  nsCOMPtr<nsIContentSecurityPolicy> csp;
+  nsresult rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
+  NS_ENSURE_SUCCESS(rv, true);
+  bool allowsInlineScript = true;
+  if (csp) {
+    nsresult rv = csp->GetAllowsInline(nsIContentPolicy::TYPE_SCRIPT,
+                                       EmptyString(), // aNonce
+                                       EmptyString(), // FIXME get script sample (bug 1314567)
+                                       0,             // aLineNumber
+                                       &allowsInlineScript);
+    NS_ENSURE_SUCCESS(rv, true);
+  }
+  return allowsInlineScript;
+}
+
 static bool
 MightBeAboutOrChromeScheme(nsIURI* aURI)
 {
--- a/dom/base/nsIDocument.h
+++ b/dom/base/nsIDocument.h
@ -2840,6 +2840,8 @@ public:

  bool HasScriptsBlockedBySandbox();

+  bool InlineScriptAllowedByCSP();
+
  void ReportHasScrollLinkedEffect();
  bool HasScrollLinkedEffect() const
  {
--- a/dom/webidl/Document.webidl
+++ b/dom/webidl/Document.webidl
@ -436,9 +436,11 @@ partial interface Document {
 };

 // Extension to give chrome and XBL JS the ability to determine whether
-// the document is sandboxed without permission to run scripts.
+// the document is sandboxed without permission to run scripts
+// and whether inline scripts are blocked by the document's CSP.
 partial interface Document {
  [Func="IsChromeOrXBL"] readonly attribute boolean hasScriptsBlockedBySandbox;
+  [Func="IsChromeOrXBL"] readonly attribute boolean inlineScriptAllowedByCSP;
 };

 Document implements XPathEvaluator;
--- a/layout/style/xbl-marquee/xbl-marquee.xml
+++ b/layout/style/xbl-marquee/xbl-marquee.xml
@ -285,6 +285,12 @@
            return true;
          }

+          // attribute event handlers should only be added if the
+          // document's CSP allows it.
+          if (!document.inlineScriptAllowedByCSP) {
+            return true;
+          }
+
          if (this._ignoreNextCall) {
            return this._ignoreNextCall = false;
          }