Bug 1597645 - Make sure XSLT inherits the CSP r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D53997

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Sebastian Streich 2019-11-26 16:56:17 +00:00
parent 13542a780b
commit ac3a4ffc75
7 changed files with 80 additions and 0 deletions

View File

View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="file_xslt_inherits_csp.xsl"?>
<root>
<t>This is some Title</t>
</root>

View File

@ -0,0 +1,2 @@
Content-Security-Policy: script-src 'self'
Cache-Control: no-cache

View File

@ -0,0 +1,26 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.1">
<xsl:output method="html"/>
<xsl:variable name="title" select="/root/t"/>
<xsl:template match="/">
<html>
<head>
<title>
<xsl:value-of select="$title"/>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<p>
Below is some inline JavaScript generating some red text.
</p>
<p id="bug"/>
<script>
document.body.append("JS DID EXCECUTE");
</script>
<a onClick='document.body.append("JS DID EXCECUTE");' href="#">link with lineOnClick</a>
</body>
</html>
</xsl:template>
</xsl:stylesheet>

View File

@ -402,3 +402,8 @@ support-files =
file_navigate_to.sjs
file_navigate_to_request.html
[test_independent_iframe_csp.html]
[test_xslt_inherits_csp.html]
support-files =
file_xslt_inherits_csp.xml
file_xslt_inherits_csp.xml^headers^
file_xslt_inherits_csp.xsl

View File

@ -0,0 +1,33 @@
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Bug 1597645: Make sure XSLT inherits the CSP r=ckerschb</title>
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<body>
<iframe src="file_xslt_inherits_csp.xml"></iframe>
<script class="testbody">
SimpleTest.requestCompleteLog();
SimpleTest.waitForExplicitFinish();
let frame = document.querySelector("iframe");
window.addEventListener("load",()=>{
let link = frame.contentWindow.document.querySelector("a");
link.click(); //
requestAnimationFrame(()=>{
// Wait one Frame to let the browser catch up
// before checking the dom.
let res = !frame.contentWindow.document.body.innerText.includes("JS DID EXCECUTE");
ok(res, "The CSP did block injected JS ");
SimpleTest.finish();
});
})
</script>
</html>

View File

@ -9,6 +9,7 @@
#include "nsIHttpChannelInternal.h"
#include "nsIPrincipal.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/dom/nsCSPContext.h"
using mozilla::dom::Document;
using mozilla::net::LoadInfo;
@ -70,6 +71,13 @@ void URIUtils::ResetWithSource(Document* aNewDoc, nsINode* aSourceNode) {
aNewDoc->SetPrincipals(sourcePrincipal, sourceStoragePrincipal);
aNewDoc->SetBaseURI(sourceDoc->GetDocBaseURI());
// Inherit the csp if there is one
nsCOMPtr<nsIContentSecurityPolicy> csp = sourceDoc->GetCsp();
if (csp) {
RefPtr<nsCSPContext> cspToInherit = new nsCSPContext();
cspToInherit->InitFromOther(static_cast<nsCSPContext*>(csp.get()));
aNewDoc->SetCsp(cspToInherit);
}
// Copy charset
aNewDoc->SetDocumentCharacterSetSource(
sourceDoc->GetDocumentCharacterSetSource());