Bug 1317873, don't allow any internal types to be assigned to a DataTransfer, r=nika

Differential Revision: https://phabricator.services.mozilla.com/D118004
2024-11-23 21:01:08 +00:00 · 2021-12-15 19:26:22 +00:00 · 2021-12-15 19:26:22 +00:00 · 8631c3f5e6
commit 8631c3f5e6
parent fa743afaf0
2 changed files with 18 additions and 17 deletions
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@ -570,21 +570,17 @@ bool DataTransfer::PrincipalMaySetData(const nsAString& aType,
      return false;
    }

-    if (aType.EqualsASCII(kFileMime) || aType.EqualsASCII(kFilePromiseMime)) {
-      NS_WARNING(
-          "Disallowing adding x-moz-file or x-moz-file-promize types to "
-          "DataTransfer");
-      return false;
-    }
-
-    // Disallow content from creating x-moz-place flavors, so that it cannot
-    // create fake Places smart queries exposing user data, but give a free
-    // pass to WebExtensions.
-    auto principal = BasePrincipal::Cast(aPrincipal);
-    if (!principal->AddonPolicy() &&
-        StringBeginsWith(aType, u"text/x-moz-place"_ns)) {
-      NS_WARNING("Disallowing adding moz-place types to DataTransfer");
-      return false;
+    // Don't allow adding internal types of the form */x-moz-*, but
+    // special-case the url types as they are simple variations of urls.
+    // In addition, allow x-moz-place flavors to be added by WebExtensions.
+    if (FindInReadable(kInternal_Mimetype_Prefix, aType) &&
+        !StringBeginsWith(aType, u"text/x-moz-url"_ns)) {
+      auto principal = BasePrincipal::Cast(aPrincipal);
+      if (!principal->AddonPolicy() ||
+          !StringBeginsWith(aType, u"text/x-moz-place"_ns)) {
+        NS_WARNING("Disallowing adding this type to DataTransfer");
+        return false;
+      }
    }
  }

--- a/widget/nsITransferable.idl
+++ b/widget/nsITransferable.idl
@ -14,12 +14,17 @@ interface nsIPrincipal;

 %{ C++

+// Internal formats must have their second part starting with 'x-moz-',
+// for example text/x-moz-internaltype. These cannot be assigned by
+// unprivileged content but all other types can.
+#define kInternal_Mimetype_Prefix   u"/x-moz-"_ns
+
 // these probably shouldn't live here, but in some central repository shared
 // by the entire app.
 #define kTextMime                   "text/plain"
 #define kRTFMime                    "text/rtf"
 #define kUnicodeMime                "text/unicode"
-#define kMozTextInternal          "text/x-moz-text-internal"  // text data which isn't suppoed to be parsed by other apps.
+#define kMozTextInternal            "text/x-moz-text-internal"  // text data which isn't suppoed to be parsed by other apps.
 #define kHTMLMime                   "text/html"
 #define kAOLMailMime                "AOLMAIL"
 #define kPNGImageMime               "image/png"
@ -46,7 +51,7 @@ interface nsIPrincipal;
 // local application handler for the request's MIME type accepts images with
 // the given filename extension (from kFilePromiseDestFilename). When the
 // image is dragged out, we replace the extension with a compatible extension.
-#define kImageRequestMime           "text/_moz_requestmime"
+#define kImageRequestMime           "text/x-moz-requestmime"

 // the source URL for a file promise
 #define kFilePromiseURLMime         "application/x-moz-file-promise-url"