mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-20 08:45:46 +00:00
Bug 1609635 - Whitelist about:newtab/home from content sanitization r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D60701 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
fcd2fa44a5
commit
67476c54d8
@ -25,7 +25,8 @@ static const uint32_t ACTIVITY_STREAM_FLAGS =
|
||||
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::ENABLE_INDEXED_DB |
|
||||
nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
|
||||
nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
|
||||
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT;
|
||||
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
|
||||
nsIAboutModule::ALLOW_UNSANITIZED_CONTENT;
|
||||
|
||||
struct RedirEntry {
|
||||
const char* id;
|
||||
|
@ -46,8 +46,10 @@ test_newtab({
|
||||
type: "SET_MESSAGE",
|
||||
data,
|
||||
});
|
||||
|
||||
return data;
|
||||
},
|
||||
test: async function test_simple_snippet() {
|
||||
test: async function test_simple_snippet(msg) {
|
||||
// Verify the simple_snippet renders in the footer and the container below
|
||||
// searchbox is not rendered.
|
||||
await ContentTaskUtils.waitForCondition(
|
||||
@ -57,6 +59,22 @@ test_newtab({
|
||||
),
|
||||
"Should find the snippet inside the footer container"
|
||||
);
|
||||
await ContentTaskUtils.waitForCondition(
|
||||
() =>
|
||||
content.document.querySelector(
|
||||
"#footer-asrouter-container .SimpleSnippet .icon"
|
||||
),
|
||||
"Should render an icon"
|
||||
);
|
||||
await ContentTaskUtils.waitForCondition(
|
||||
() =>
|
||||
content.document.querySelector(
|
||||
`#footer-asrouter-container .SimpleSnippet a[href='${
|
||||
msg.content.links.syncLink.url
|
||||
}']`
|
||||
),
|
||||
"Should render an anchor with the correct href"
|
||||
);
|
||||
|
||||
ok(
|
||||
!content.document.querySelector(".below-search-snippet"),
|
||||
|
@ -4822,6 +4822,17 @@ uint32_t computeSanitizationFlags(nsIPrincipal* aPrincipal, int32_t aFlags) {
|
||||
return sanitizationFlags;
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool AllowsUnsanitizedContentForAboutNewTab(nsIPrincipal* aPrincipal) {
|
||||
if (StaticPrefs::dom_about_newtab_sanitization_enabled() ||
|
||||
!aPrincipal->SchemeIs("about")) {
|
||||
return false;
|
||||
}
|
||||
uint32_t aboutModuleFlags = 0;
|
||||
aPrincipal->GetAboutModuleFlags(&aboutModuleFlags);
|
||||
return aboutModuleFlags & nsIAboutModule::ALLOW_UNSANITIZED_CONTENT;
|
||||
}
|
||||
|
||||
/* static */
|
||||
nsresult nsContentUtils::ParseFragmentHTML(
|
||||
const nsAString& aSourceBuffer, nsIContent* aTargetNode,
|
||||
@ -4864,8 +4875,11 @@ nsresult nsContentUtils::ParseFragmentHTML(
|
||||
bool shouldSanitize = nodePrincipal->IsSystemPrincipal() ||
|
||||
nodePrincipal->SchemeIs("about") || aFlags >= 0;
|
||||
if (shouldSanitize) {
|
||||
fragment = new DocumentFragment(aTargetNode->OwnerDoc()->NodeInfoManager());
|
||||
target = fragment;
|
||||
if (!AllowsUnsanitizedContentForAboutNewTab(nodePrincipal)) {
|
||||
fragment =
|
||||
new DocumentFragment(aTargetNode->OwnerDoc()->NodeInfoManager());
|
||||
target = fragment;
|
||||
}
|
||||
}
|
||||
|
||||
nsresult rv = sHTMLFragmentParser->ParseFragment(
|
||||
|
@ -2950,6 +2950,14 @@
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# about:home and about:newtab include remote snippets that contain arbitrarily
|
||||
# placed anchor tags in their content; we want sanitization to be turned off
|
||||
# in order to render them correctly
|
||||
- name: dom.about_newtab_sanitization.enabled
|
||||
type: bool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Prefs starting with "editor"
|
||||
#---------------------------------------------------------------------------
|
||||
|
@ -86,6 +86,12 @@ interface nsIAboutModule : nsISupports
|
||||
*/
|
||||
const unsigned long URI_MUST_LOAD_IN_EXTENSION_PROCESS = (1 << 9);
|
||||
|
||||
/**
|
||||
* A flag that indicates that this about: URI needs to allow unsanitized content.
|
||||
* Only to be used by about:home and about:newtab.
|
||||
*/
|
||||
const unsigned long ALLOW_UNSANITIZED_CONTENT = (1 << 10);
|
||||
|
||||
/**
|
||||
* A method to get the flags that apply to a given about: URI. The URI
|
||||
* passed in is guaranteed to be one of the URIs that this module
|
||||
|
Loading…
Reference in New Issue
Block a user