diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp index b03383edddb2..8496f37bdef5 100644 --- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -139,8 +139,7 @@ PRUint32 nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin; static nsresult -GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal, - nsACString& aOrigin) +GetOriginFromURI(nsIURI* aURI, nsACString& aOrigin) { if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin > 1) { // Allow a single recursive call to GetPrincipalDomainOrigin, since that @@ -151,16 +150,8 @@ GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal, } nsAutoInPrincipalDomainOriginSetter autoSetter; - aOrigin.Truncate(); - nsCOMPtr uri; - aPrincipal->GetDomain(getter_AddRefs(uri)); - if (!uri) { - aPrincipal->GetURI(getter_AddRefs(uri)); - } - NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED); - - uri = NS_GetInnermostURI(uri); + nsCOMPtr uri = NS_GetInnermostURI(aURI); NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED); nsCAutoString hostPort; @@ -182,6 +173,22 @@ GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal, return NS_OK; } +static +nsresult +GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal, + nsACString& aOrigin) +{ + + nsCOMPtr uri; + aPrincipal->GetDomain(getter_AddRefs(uri)); + if (!uri) { + aPrincipal->GetURI(getter_AddRefs(uri)); + } + NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED); + + return GetOriginFromURI(uri, aOrigin); +} + // Inline copy of JS_GetPrivate() for better inlining and optimization // possibilities. Also doesn't take a cx argument as it's not // needed. We access the private data only on objects whose private @@ -831,35 +838,81 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, NS_ConvertUTF8toUTF16 className(classInfoData.GetName()); nsCAutoString subjectOrigin; + nsCAutoString subjectDomain; if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin) { - GetPrincipalDomainOrigin(subjectPrincipal, subjectOrigin); + nsCOMPtr uri, domain; + subjectPrincipal->GetURI(getter_AddRefs(uri)); + // Subject can't be system if we failed the security + // check, so |uri| is non-null. + NS_ASSERTION(uri, "How did that happen?"); + GetOriginFromURI(uri, subjectOrigin); + subjectPrincipal->GetDomain(getter_AddRefs(domain)); + if (domain) { + GetOriginFromURI(domain, subjectDomain); + } } else { subjectOrigin.AssignLiteral("the security manager"); } NS_ConvertUTF8toUTF16 subjectOriginUnicode(subjectOrigin); + NS_ConvertUTF8toUTF16 subjectDomainUnicode(subjectDomain); nsCAutoString objectOrigin; + nsCAutoString objectDomain; if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin && objectPrincipal) { - GetPrincipalDomainOrigin(objectPrincipal, objectOrigin); + nsCOMPtr uri, domain; + objectPrincipal->GetURI(getter_AddRefs(uri)); + if (uri) { // Object principal might be system + GetOriginFromURI(uri, objectOrigin); + } + objectPrincipal->GetDomain(getter_AddRefs(domain)); + if (domain) { + GetOriginFromURI(domain, objectDomain); + } } NS_ConvertUTF8toUTF16 objectOriginUnicode(objectOrigin); - + NS_ConvertUTF8toUTF16 objectDomainUnicode(objectDomain); + nsXPIDLString errorMsg; const PRUnichar *formatStrings[] = { subjectOriginUnicode.get(), className.get(), JSValIDToString(cx, aProperty), - objectOriginUnicode.get() + objectOriginUnicode.get(), + subjectDomainUnicode.get(), + objectDomainUnicode.get() }; PRUint32 length = NS_ARRAY_LENGTH(formatStrings); + // XXXbz Our localization system is stupid and can't handle not showing + // some strings that get passed in. Which means that we have to get + // our length precisely right: it has to be exactly the number of + // strings our format string wants. This means we'll have to move + // strings in the array as needed, sadly... if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin || !objectPrincipal) { stringName.AppendLiteral("OnlySubject"); - --length; + length -= 3; + } else { + // default to a length that doesn't include the domains, then + // increase it as needed. + length -= 2; + if (!subjectDomainUnicode.IsEmpty()) { + stringName.AppendLiteral("SubjectDomain"); + length += 1; + } + if (!objectDomainUnicode.IsEmpty()) { + stringName.AppendLiteral("ObjectDomain"); + length += 1; + if (length != NS_ARRAY_LENGTH(formatStrings)) { + // We have an object domain but not a subject domain. + // Scoot our string over one slot. See the XXX comment + // above for why we need to do this. + formatStrings[length-1] = formatStrings[length]; + } + } } // We need to keep our existing failure rv and not override it diff --git a/dom/locales/en-US/chrome/security/caps.properties b/dom/locales/en-US/chrome/security/caps.properties index 09aa7c39318c..5628acdfaf52 100644 --- a/dom/locales/en-US/chrome/security/caps.properties +++ b/dom/locales/en-US/chrome/security/caps.properties @@ -43,9 +43,106 @@ EnableCapabilityQuery = A script from "%S" is requesting enhanced abilities that EnableCapabilityDenied = A script from "%S" was denied %S privileges. CheckLoadURIError = Security Error: Content at %S may not load or link to %S. CheckSameOriginError = Security Error: Content at %S may not load data from %S. -GetPropertyDeniedOrigins = Permission denied for <%S> to get property %S.%S from <%S>. -SetPropertyDeniedOrigins = Permission denied for <%S> to set property %S.%S on <%S>. -CallMethodDeniedOrigins = Permission denied for <%S> to call method %S.%S on <%S>. + +# LOCALIZATION NOTE (GetPropertyDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +GetPropertyDeniedOrigins = Permission denied for <%1$S> to get property %2$S.%3$S from <%4$S>. +# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +GetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (GetPropertyDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +GetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to get property %2$S.%3$S from <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +GetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain=<%6$S>). + +# LOCALIZATION NOTE (SetPropertyDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +SetPropertyDeniedOrigins = Permission denied for <%1$S> to set property %2$S.%3$S on <%4$S>. +# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +SetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (SetPropertyDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +SetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to set property %2$S.%3$S on <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the property of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +SetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain=<%6$S>). + +# LOCALIZATION NOTE (CallMethodDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the method of that object that access was denied for. +CallMethodDeniedOrigins = Permission denied for <%1$S> to call method %2$S.%3$S on <%4$S>. +# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the method of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +CallMethodDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (CallMethodDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the method of that object that access was denied for. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +CallMethodDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to call method %2$S.%3$S on <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the origin of the object access was denied to. +# %3$S is the type of object it was. +# %4$S is the method of that object that access was denied for. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +CallMethodDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain=<%6$S>). + GetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to get property %S.%S SetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to set property %S.%S CallMethodDeniedOriginsOnlySubject = Permission denied for <%S> to call method %S.%S