mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 03:15:11 +00:00
Bug 1292432 part 5 - Unify completeness check and security check to StyleSheet. r=heycam
MozReview-Commit-ID: CmQ2Q9UrLAA --HG-- extra : source : cb459bc28ecf5ee409374a715247b788831afd88
This commit is contained in:
parent
727c0552af
commit
73c9f14ff1
@ -1685,16 +1685,7 @@ CSSRuleList*
|
||||
CSSStyleSheet::GetCssRules(nsIPrincipal& aSubjectPrincipal,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
// No doing this on incomplete sheets!
|
||||
if (!mInner->mComplete) {
|
||||
aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
//-- Security check: Only scripts whose principal subsumes that of the
|
||||
// style sheet can access rule collections.
|
||||
SubjectSubsumesInnerPrincipal(aSubjectPrincipal, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
if (!AreRulesAvailable(aSubjectPrincipal, aRv)) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
@ -1722,13 +1713,9 @@ CSSStyleSheet::InsertRule(const nsAString& aRule, uint32_t aIndex,
|
||||
nsIPrincipal& aSubjectPrincipal,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
//-- Security check: Only scripts whose principal subsumes that of the
|
||||
// style sheet can modify rule collections.
|
||||
SubjectSubsumesInnerPrincipal(aSubjectPrincipal, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
if (!AreRulesAvailable(aSubjectPrincipal, aRv)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return InsertRuleInternal(aRule, aIndex, aRv);
|
||||
}
|
||||
|
||||
@ -1748,11 +1735,7 @@ CSSStyleSheet::InsertRuleInternal(const nsAString& aRule,
|
||||
uint32_t aIndex,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
// No doing this if the sheet is not complete!
|
||||
if (!mInner->mComplete) {
|
||||
aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
|
||||
return 0;
|
||||
}
|
||||
MOZ_ASSERT(mInner->mComplete);
|
||||
|
||||
WillDirty();
|
||||
|
||||
@ -1880,16 +1863,7 @@ CSSStyleSheet::DeleteRule(uint32_t aIndex,
|
||||
nsIPrincipal& aSubjectPrincipal,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
// No doing this if the sheet is not complete!
|
||||
if (!mInner->mComplete) {
|
||||
aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
|
||||
return;
|
||||
}
|
||||
|
||||
//-- Security check: Only scripts whose principal subsumes that of the
|
||||
// style sheet can modify rule collections.
|
||||
SubjectSubsumesInnerPrincipal(aSubjectPrincipal, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
if (!AreRulesAvailable(aSubjectPrincipal, aRv)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -193,4 +193,22 @@ StyleSheet::SubjectSubsumesInnerPrincipal(nsIPrincipal& aSubjectPrincipal,
|
||||
DidDirty();
|
||||
}
|
||||
|
||||
bool
|
||||
StyleSheet::AreRulesAvailable(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
// Rules are not available on incomplete sheets.
|
||||
if (!SheetInfo().mComplete) {
|
||||
aRv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
|
||||
return false;
|
||||
}
|
||||
//-- Security check: Only scripts whose principal subsumes that of the
|
||||
// style sheet can access rule collections.
|
||||
SubjectSubsumesInnerPrincipal(aSubjectPrincipal, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace mozilla
|
||||
|
@ -145,6 +145,13 @@ private:
|
||||
inline StyleSheetInfo& SheetInfo();
|
||||
inline const StyleSheetInfo& SheetInfo() const;
|
||||
|
||||
// Check if the rules are available for read and write.
|
||||
// It does the security check as well as whether the rules have been
|
||||
// completely loaded. aRv will have an exception set if this function
|
||||
// returns false.
|
||||
bool AreRulesAvailable(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
|
||||
ErrorResult& aRv);
|
||||
|
||||
protected:
|
||||
// Return success if the subject principal subsumes the principal of our
|
||||
// inner, error otherwise. This will also succeed if the subject has
|
||||
|
Loading…
Reference in New Issue
Block a user