Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 05:41:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1306248 - Use NeedsSubjectPrincipal in DOMStorage, r=ehsan

Browse Source
This commit is contained in:
Andrea Marchesini 2016-10-03 16:10:27 +02:00
parent c85da869c4
commit 7de21588c7
6 changed files with 81 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dom/base/nsGlobalWindow.cpp
View File

@ -10577,7 +10577,8 @@ nsGlobalWindow::GetSessionStorage(ErrorResult& aError)
}
DOMStorage*
nsGlobalWindow::GetLocalStorage(ErrorResult& aError)
nsGlobalWindow::GetLocalStorage(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aError)
{
MOZ_RELEASE_ASSERT(IsInnerWindow());
@ -10586,7 +10587,7 @@ nsGlobalWindow::GetLocalStorage(ErrorResult& aError)
}
if (!mLocalStorage) {
if (!DOMStorage::CanUseStorage(AsInner())) {
if (!DOMStorage::CanUseStorage(AsInner(), aSubjectPrincipal)) {
aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
return nullptr;
}
@ -11535,8 +11536,7 @@ nsGlobalWindow::Observe(nsISupports* aSubject, const char* aTopic,
// Clone the storage event included in the observer notification. We want
// to dispatch clones rather than the original event.
ErrorResult error;
RefPtr<StorageEvent> newEvent = CloneStorageEvent(eventType,
event, error);
RefPtr<StorageEvent> newEvent = CloneStorageEvent(eventType, event, error);
if (error.Failed()) {
return error.StealNSResult();
}
@ -11653,7 +11653,10 @@ nsGlobalWindow::CloneStorageEvent(const nsAString& aType,
RefPtr<DOMStorage> storage;
if (storageArea->GetType() == DOMStorage::LocalStorage) {
storage = GetLocalStorage(aRv);
storage = GetLocalStorage(nsContentUtils::GetCurrentJSContext()
? Some(nsContentUtils::SubjectPrincipal())
: Nothing(),
aRv);
} else {
MOZ_ASSERT(storageArea->GetType() == DOMStorage::SessionStorage);
storage = GetSessionStorage(aRv);

4
dom/base/nsGlobalWindow.h
View File

@ -1044,7 +1044,9 @@ public:
void Btoa(const nsAString& aBinaryData, nsAString& aAsciiBase64String,
mozilla::ErrorResult& aError);
mozilla::dom::DOMStorage* GetSessionStorage(mozilla::ErrorResult& aError);
mozilla::dom::DOMStorage* GetLocalStorage(mozilla::ErrorResult& aError);
mozilla::dom::DOMStorage*
GetLocalStorage(const mozilla::Maybe<nsIPrincipal*>& aSubjectPrincipal,
mozilla::ErrorResult& aError);
mozilla::dom::Selection* GetSelectionOuter();
mozilla::dom::Selection* GetSelection(mozilla::ErrorResult& aError);
already_AddRefed<nsISelection> GetSelection() override;

55
dom/storage/DOMStorage.cpp
View File

@ -67,9 +67,12 @@ DOMStorage::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
}
uint32_t
DOMStorage::GetLength(ErrorResult& aRv)
DOMStorage::GetLength(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return 0;
}
@ -80,9 +83,13 @@ DOMStorage::GetLength(ErrorResult& aRv)
}
void
DOMStorage::Key(uint32_t aIndex, nsAString& aResult, ErrorResult& aRv)
DOMStorage::Key(uint32_t aIndex, nsAString& aResult,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@ -91,9 +98,13 @@ DOMStorage::Key(uint32_t aIndex, nsAString& aResult, ErrorResult& aRv)
}
void
DOMStorage::GetItem(const nsAString& aKey, nsAString& aResult, ErrorResult& aRv)
DOMStorage::GetItem(const nsAString& aKey, nsAString& aResult,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@ -103,9 +114,12 @@ DOMStorage::GetItem(const nsAString& aKey, nsAString& aResult, ErrorResult& aRv)
void
DOMStorage::SetItem(const nsAString& aKey, const nsAString& aData,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@ -129,9 +143,13 @@ DOMStorage::SetItem(const nsAString& aKey, const nsAString& aData,
}
void
DOMStorage::RemoveItem(const nsAString& aKey, ErrorResult& aRv)
DOMStorage::RemoveItem(const nsAString& aKey,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@ -148,9 +166,12 @@ DOMStorage::RemoveItem(const nsAString& aKey, ErrorResult& aRv)
}
void
DOMStorage::Clear(ErrorResult& aRv)
DOMStorage::Clear(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
if (!CanUseStorage(nullptr, this)) {
MOZ_ASSERT(aSubjectPrincipal.isSome());
if (!CanUseStorage(nullptr, aSubjectPrincipal, this)) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@ -226,7 +247,9 @@ static const char kStorageEnabled[] = "dom.storage.enabled";
// static, public
bool
DOMStorage::CanUseStorage(nsPIDOMWindowInner* aWindow, DOMStorage* aStorage)
DOMStorage::CanUseStorage(nsPIDOMWindowInner* aWindow,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
DOMStorage* aStorage)
{
// This method is responsible for correct setting of mIsSessionOnly.
@ -248,9 +271,8 @@ DOMStorage::CanUseStorage(nsPIDOMWindowInner* aWindow, DOMStorage* aStorage)
if (aStorage) {
aStorage->mIsSessionOnly = access <= nsContentUtils::StorageAccess::eSessionScoped;
nsCOMPtr<nsIPrincipal> subjectPrincipal =
nsContentUtils::SubjectPrincipal();
return aStorage->CanAccess(subjectPrincipal);
MOZ_ASSERT(aSubjectPrincipal.isSome());
return aStorage->CanAccess(aSubjectPrincipal.value());
}
return true;
@ -298,7 +320,8 @@ DOMStorage::CanAccess(nsIPrincipal* aPrincipal)
void
DOMStorage::GetSupportedNames(nsTArray<nsString>& aKeys)
{
if (!CanUseStorage(nullptr, this)) {
if (!CanUseStorage(nullptr, Some(nsContentUtils::SubjectPrincipal()),
this)) {
// return just an empty array
aKeys.Clear();
return;

33
dom/storage/DOMStorage.h
View File

@ -9,6 +9,7 @@
#include "mozilla/Attributes.h"
#include "mozilla/ErrorResult.h"
#include "mozilla/Maybe.h"
#include "nsIDOMStorage.h"
#include "nsCycleCollectionParticipant.h"
#include "nsWeakReference.h"
@ -69,40 +70,53 @@ public:
return mWindow;
}
uint32_t GetLength(ErrorResult& aRv);
uint32_t GetLength(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
void Key(uint32_t aIndex, nsAString& aResult, ErrorResult& aRv);
void Key(uint32_t aIndex, nsAString& aResult,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
void GetItem(const nsAString& aKey, nsAString& aResult, ErrorResult& aRv);
void GetItem(const nsAString& aKey, nsAString& aResult,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
void GetSupportedNames(nsTArray<nsString>& aKeys);
void NamedGetter(const nsAString& aKey, bool& aFound, nsAString& aResult,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
GetItem(aKey, aResult, aRv);
GetItem(aKey, aResult, aSubjectPrincipal, aRv);
aFound = !aResult.IsVoid();
}
void SetItem(const nsAString& aKey, const nsAString& aValue,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
void NamedSetter(const nsAString& aKey, const nsAString& aValue,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
SetItem(aKey, aValue, aRv);
SetItem(aKey, aValue, aSubjectPrincipal, aRv);
}
void RemoveItem(const nsAString& aKey, ErrorResult& aRv);
void RemoveItem(const nsAString& aKey,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
void NamedDeleter(const nsAString& aKey, bool& aFound, ErrorResult& aRv)
void NamedDeleter(const nsAString& aKey, bool& aFound,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv)
{
RemoveItem(aKey, aRv);
RemoveItem(aKey, aSubjectPrincipal, aRv);
aFound = !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION);
}
void Clear(ErrorResult& aRv);
void Clear(const Maybe<nsIPrincipal*>& aSubjectPrincipal,
ErrorResult& aRv);
// The method checks whether the caller can use a storage.
// CanUseStorage is called before any DOM initiated operation
@ -112,6 +126,7 @@ public:
// state determination are complex and share the code (comes hand in
// hand together).
static bool CanUseStorage(nsPIDOMWindowInner* aWindow,
const Maybe<nsIPrincipal*>& aSubjectPrincipal,
DOMStorage* aStorage = nullptr);
bool IsPrivate() const;

12
dom/webidl/Storage.webidl
View File

@ -12,22 +12,22 @@
*/
interface Storage {
[Throws]
[Throws, NeedsSubjectPrincipal]
readonly attribute unsigned long length;
[Throws]
[Throws, NeedsSubjectPrincipal]
DOMString? key(unsigned long index);
[Throws]
[Throws, NeedsSubjectPrincipal]
getter DOMString? getItem(DOMString key);
[Throws]
[Throws, NeedsSubjectPrincipal]
setter creator void setItem(DOMString key, DOMString value);
[Throws]
[Throws, NeedsSubjectPrincipal]
deleter void removeItem(DOMString key);
[Throws]
[Throws, NeedsSubjectPrincipal]
void clear();
[ChromeOnly]

2
dom/webidl/Window.webidl
View File

@ -129,7 +129,7 @@ Window implements WindowSessionStorage;
// http://www.whatwg.org/specs/web-apps/current-work/
[NoInterfaceObject]
interface WindowLocalStorage {
[Throws] readonly attribute Storage? localStorage;
[Throws, NeedsSubjectPrincipal] readonly attribute Storage? localStorage;
};
Window implements WindowLocalStorage;