Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-01 08:42:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 591198 - Don't make elements disappear if XBL bindings fail due to security restrictions. r=jst a2.0=blocking

Browse Source
This commit is contained in:
Jonas Sicking 2010-09-14 02:22:06 +02:00
parent 47d5ddfc13
commit b8642ba6d0
4 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/base/public/nsContentErrors.h
View File

@ -91,4 +91,8 @@
#define NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, 99)
/* Error codes for XBL */
#define NS_ERROR_XBL_BLOCKED \
NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_CONTENT, 15)
#endif // nsContentErrors_h___

7
content/xbl/src/nsXBLService.cpp
View File

@ -76,6 +76,7 @@
#include "nsIDOM3Node.h"
#include "nsContentPolicyUtils.h"
#include "nsTArray.h"
#include "nsContentErrors.h"
#include "nsIPresShell.h"
#include "nsIDocumentObserver.h"
@ -1107,7 +1108,7 @@ nsXBLService::LoadBindingDocumentInfo(nsIContent* aBoundElement,
gAllowDataURIs,
nsIContentPolicy::TYPE_XBL,
aBoundDocument);
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_SUCCESS(rv, NS_ERROR_XBL_BLOCKED);
if (!IsSystemOrChromeURLPrincipal(aOriginPrincipal)) {
// Also make sure that we're same-origin with the bound document
@ -1116,12 +1117,12 @@ nsXBLService::LoadBindingDocumentInfo(nsIContent* aBoundElement,
!SchemeIs(aBindingURI, "chrome")) {
rv = aBoundDocument->NodePrincipal()->CheckMayLoad(aBindingURI,
PR_TRUE);
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_SUCCESS(rv, NS_ERROR_XBL_BLOCKED);
}
// Finally check if this document is allowed to use XBL at all.
NS_ENSURE_TRUE(aBoundDocument->AllowXULXBL(),
NS_ERROR_NOT_AVAILABLE);
NS_ERROR_XBL_BLOCKED);
}
}

3
content/xbl/test/Makefile.in
View File

@ -72,6 +72,9 @@ _TEST_FILES = \
file_bug481558.xbl \
test_bug526178.xhtml \
test_bug542406.xhtml \
test_bug591198.html \
file_bug591198_xbl.xml \
file_bug591198_inner.html \
$(NULL)
libs:: $(_TEST_FILES)

28
layout/base/nsCSSFrameConstructor.cpp
View File

@ -2341,7 +2341,7 @@ nsCSSFrameConstructor::ConstructDocElementFrame(Element* aDocEle
display->mBinding->mOriginPrincipal,
PR_FALSE, getter_AddRefs(binding),
&resolveStyle);
if (NS_FAILED(rv))
if (NS_FAILED(rv) && rv != NS_ERROR_XBL_BLOCKED)
return NS_OK; // Binding will load asynchronously.
if (binding) {
@ -2349,12 +2349,12 @@ nsCSSFrameConstructor::ConstructDocElementFrame(Element* aDocEle
// after all of its kids' constructors. So tell the binding
// manager about it right now.
mDocument->BindingManager()->AddToAttachedQueue(binding);
}
if (resolveStyle) {
styleContext = mPresShell->StyleSet()->ResolveStyleFor(aDocElement,
nsnull);
display = styleContext->GetStyleDisplay();
if (resolveStyle) {
styleContext = mPresShell->StyleSet()->ResolveStyleFor(aDocElement,
nsnull);
display = styleContext->GetStyleDisplay();
}
}
}
@ -5095,22 +5095,22 @@ nsCSSFrameConstructor::AddFrameConstructionItemsInternal(nsFrameConstructorState
PR_FALSE,
getter_AddRefs(newPendingBinding->mBinding),
&resolveStyle);
if (NS_FAILED(rv))
if (NS_FAILED(rv) && rv != NS_ERROR_XBL_BLOCKED)
return;
if (newPendingBinding->mBinding) {
pendingBinding = newPendingBinding;
// aState takes over owning newPendingBinding
aState.AddPendingBinding(newPendingBinding.forget());
}
if (resolveStyle) {
styleContext = ResolveStyleContext(styleContext->GetParent(), aContent);
display = styleContext->GetStyleDisplay();
aStyleContext = styleContext;
if (resolveStyle) {
styleContext = ResolveStyleContext(styleContext->GetParent(), aContent);
display = styleContext->GetStyleDisplay();
aStyleContext = styleContext;
}
aTag = mDocument->BindingManager()->ResolveTag(aContent, &aNameSpaceID);
}
aTag = mDocument->BindingManager()->ResolveTag(aContent, &aNameSpaceID);
}
PRBool isGeneratedContent = ((aFlags & ITEM_IS_GENERATED_CONTENT) != 0);