Get IRCChat working without compromising security.

Fix bugs 20261, 23518
r=rginda,mstoltz

caps/src/nsCodebasePrincipal.cpp

@@ -101,10 +101,14 @@ nsCodebasePrincipal::CanEnableCapability(const char *capability,
 		return NS_ERROR_FAILURE;
 	PRBool enabled;
     if (NS_FAILED(prefs->GetBoolPref(pref, &enabled)) || !enabled) {
-        // XXX check to see if subject is executing from file: and then 
-        // fall through to return ENABLE_WITH_USER_PERMISSION
-        *result = nsIPrincipal::ENABLE_DENIED;
-        return NS_OK;
+        // Unless subject is executing from file:, return denied 
+        nsXPIDLCString scheme;
+        if (NS_FAILED(mURI->GetScheme(getter_Copies(scheme))) ||
+            PL_strcmp(scheme, "file") != 0) 
+        {
+            *result = nsIPrincipal::ENABLE_DENIED;
+            return NS_OK;
+        }
     }
     rv = nsBasePrincipal::CanEnableCapability(capability, result);
     if (*result == nsIPrincipal::ENABLE_UNKNOWN)
@@ -132,9 +136,15 @@ nsCodebasePrincipal::GetOrigin(char **origin)
         return NS_ERROR_FAILURE;
     nsAutoString t = (const char *) s;
     t += "://";
-    if (NS_FAILED(mURI->GetHost(getter_Copies(s))))
+    if (NS_SUCCEEDED(mURI->GetHost(getter_Copies(s)))) {
+        t += s;
+    } else if (NS_SUCCEEDED(mURI->GetSpec(getter_Copies(s)))) {
+        // Some URIs (e.g., nsSimpleURI) don't support host. Just
+        // get the full spec.
+        t = s;
+    } else {
         return NS_ERROR_FAILURE;
-    t += s;
+    }
     *origin = t.ToNewCString();
     return *origin ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
 }
@@ -172,6 +182,18 @@ nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result)
         if (PL_strcmp(scheme1, "file") == 0) {
             // All file: urls are considered to have the same origin.
             *result = PR_TRUE;
+        } else if (PL_strcmp(scheme1, "imap") == 0 ||
+                   PL_strcmp(scheme1, "mailbox") == 0) 
+        {
+            // Each message is a distinct trust domain; use the 
+            // whole spec for comparison
+            nsXPIDLCString spec1;
+            if (NS_FAILED(otherURI->GetSpec(getter_Copies(spec1))))
+                return NS_ERROR_FAILURE;
+            nsXPIDLCString spec2;
+            if (NS_FAILED(mURI->GetSpec(getter_Copies(spec2))))
+                return NS_ERROR_FAILURE;
+            *result = PL_strcmp(spec1, spec2) == 0;
         } else {
             // Need to check the host
             char *host1 = nsnull;

caps/src/nsScriptSecurityManager.cpp

@@ -945,6 +945,18 @@ nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj,
             return NS_OK;
     }
 
+    // Allow access to about:blank
+    nsCOMPtr<nsICodebasePrincipal> objectCodebase = do_QueryInterface(object);
+    if (objectCodebase) {
+        nsXPIDLCString origin;
+        if (NS_FAILED(objectCodebase->GetOrigin(getter_Copies(origin))))
+            return NS_ERROR_FAILURE;
+        if (nsCRT::strcmp(origin, "about:blank") == 0) {
+            *aResult = PR_TRUE;
+            return NS_OK;
+        }
+    }
+
     /*
     ** If we failed the origin tests it still might be the case that we
     ** are a signed script and have permissions to do this operation.

extensions/irc/js/lib/connection-xpcom.js

@@ -35,6 +35,7 @@
 
 function toScriptableInputStream (i)
 {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
     var si = Components.classes["component://netscape/scriptableinputstream"];
     
     si = si.createInstance();
@@ -47,7 +48,7 @@ function toScriptableInputStream (i)
 
 function CBSConnection ()
 {
-
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
     var sockServiceClass =
         Components.classesByID["{c07e81e0-ef12-11d2-92b6-00105a1b0d64}"];
     
@@ -65,6 +66,7 @@ function CBSConnection ()
 
 CBSConnection.prototype.connect = function(host, port, bind, tcp_flag)
 {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
     if (typeof tcp_flag == "undefined")
 		tcp_flag = false;
     

extensions/irc/js/lib/utils.js

@@ -46,6 +46,9 @@ else
 
 var jsenv = new Object();
 
+if (netscape && netscape.security) {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+}
 jsenv.HAS_XPCOM = ((typeof Components == "function") &&
                    (typeof Components.classes == "function"));
 jsenv.HAS_JAVA = (typeof java == "object");
@@ -240,6 +243,7 @@ function newObject(progID, iface)
     if (!jsenv.HAS_XPCOM)
         return null;
 
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
     var obj = Components.classes[progID].createInstance();
     var rv;
 

extensions/irc/xul/tests/index.html

@@ -56,6 +56,7 @@
 	    </td>	
 	    <td>
 	      <script language="javascript">
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
 		if (Components.classes["component://misc/bs/connection"])
 		  document.write ("OK");
 		else
@@ -69,6 +70,7 @@
 	    </td>
 	    <td>
 	      <script language="javascript">
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
 		if (Components.interfaces.bsIConnection)
 	          document.write ("OK");
 		else

extensions/irc/xul/tests/test3-readprefs.js

@@ -1,5 +1,6 @@
 function readIRCPrefs (rootNode)
 {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
     var pref =
         Components.classes["component://netscape/preferences"].createInstance();
     if(!pref)

modules/libpref/src/init/all.js

@@ -300,8 +300,8 @@ pref("mime.table.allow_remove", true);
 pref("netcenter.register", false);
 
 pref("security.checkuri", true);
-pref("security.checkdomprops", false);
-pref("security.checkxpconnect", false);
+pref("security.checkdomprops", true);
+pref("security.checkxpconnect", true);
 
 pref("signed.applets.codebase_principal_support", false);