Bug 624621 part 3. Use the pre-redirect filename as the script filename and the channel principal as the origin principal, and base our cross-origin check on the origin principal. r=mrbkap

This commit is contained in:
Boris Zbarsky 2011-12-19 12:48:12 -05:00
parent 553111de9c
commit dee08cd634
4 changed files with 29 additions and 27 deletions

View File

@ -120,7 +120,7 @@ public:
nsString mScriptText; // Holds script for loaded scripts
PRUint32 mJSVersion;
nsCOMPtr<nsIURI> mURI;
nsCOMPtr<nsIURI> mFinalURI;
nsCOMPtr<nsIPrincipal> mOriginPrincipal;
PRInt32 mLineNo;
};
@ -882,8 +882,6 @@ nsScriptLoader::EvaluateScript(nsScriptLoadRequest* aRequest,
return NS_ERROR_FAILURE;
}
nsIURI* uri = aRequest->mFinalURI ? aRequest->mFinalURI : aRequest->mURI;
bool oldProcessingScriptTag = context->GetProcessingScriptTag();
context->SetProcessingScriptTag(true);
@ -891,13 +889,15 @@ nsScriptLoader::EvaluateScript(nsScriptLoadRequest* aRequest,
nsCOMPtr<nsIScriptElement> oldCurrent = mCurrentScript;
mCurrentScript = aRequest->mElement;
// It's very important to use aRequest->mURI, not the final URI of the channel
// aRequest ended up getting script data from, as the script filename.
nsCAutoString url;
nsContentUtils::GetWrapperSafeScriptFilename(mDocument, uri, url);
nsContentUtils::GetWrapperSafeScriptFilename(mDocument, aRequest->mURI, url);
bool isUndefined;
rv = context->EvaluateString(aScript, globalObject->GetGlobalJSObject(),
mDocument->NodePrincipal(),
mDocument->NodePrincipal(),
aRequest->mOriginPrincipal,
url.get(), aRequest->mLineNo,
aRequest->mJSVersion, nsnull, &isUndefined);
@ -1214,7 +1214,10 @@ nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest,
}
nsCOMPtr<nsIChannel> channel = do_QueryInterface(req);
NS_GetFinalChannelURI(channel, getter_AddRefs(aRequest->mFinalURI));
rv = nsContentUtils::GetSecurityManager()->
GetChannelPrincipal(channel, getter_AddRefs(aRequest->mOriginPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
if (aStringLen) {
// Check the charset attribute to determine script charset.
nsAutoString hintCharset;

View File

@ -19,7 +19,9 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=461735
var errorFired = false;
window.onerror = function(message, uri, line) {
is(message, "Script error.", "Should have empty error message");
is(uri, "", "Should have empty error location URI");
is(uri,
"http://mochi.test:8888/tests/content/base/test/bug461735-redirect1.sjs",
"Should have pre-redirect error location URI");
is(line, 0, "Shouldn't have a line here");
errorFired = true;
}
@ -32,7 +34,9 @@ window.onerror = function(message, uri, line) {
<script type="application/javascript">
window.onerror = function(message, uri, line) {
is(message, "c is not defined", "Should have correct error message");
is(uri, "http://mochi.test:8888/tests/content/base/test/bug461735-post-redirect.js", "Unexpected error location URI");
is(uri,
"http://mochi.test:8888/tests/content/base/test/bug461735-redirect2.sjs",
"Unexpected error location URI");
is(line, 3, "Should have a line here");
errorFired = true;
}

View File

@ -89,6 +89,8 @@
#include "nsGlobalWindow.h"
#include "nsScriptNameSpaceManager.h"
#include "nsJSPrincipals.h"
#ifdef XP_MACOSX
// AssertMacros.h defines 'check' and conflicts with AccessCheck.h
#undef check
@ -283,13 +285,15 @@ class ScriptErrorEvent : public nsRunnable
{
public:
ScriptErrorEvent(nsIScriptGlobalObject* aScriptGlobal,
nsIPrincipal* aScriptOriginPrincipal,
PRUint32 aLineNr, PRUint32 aColumn, PRUint32 aFlags,
const nsAString& aErrorMsg,
const nsAString& aFileName,
const nsAString& aSourceLine,
bool aDispatchEvent,
PRUint64 aInnerWindowID)
: mScriptGlobal(aScriptGlobal), mLineNr(aLineNr), mColumn(aColumn),
: mScriptGlobal(aScriptGlobal), mOriginPrincipal(aScriptOriginPrincipal),
mLineNr(aLineNr), mColumn(aColumn),
mFlags(aFlags), mErrorMsg(aErrorMsg), mFileName(aFileName),
mSourceLine(aSourceLine), mDispatchEvent(aDispatchEvent),
mInnerWindowID(aInnerWindowID)
@ -320,17 +324,11 @@ public:
nsIPrincipal* p = sop->GetPrincipal();
NS_ENSURE_STATE(p);
bool sameOrigin = mFileName.IsVoid();
bool sameOrigin = !mOriginPrincipal;
if (p && !sameOrigin) {
nsCOMPtr<nsIURI> errorURI;
NS_NewURI(getter_AddRefs(errorURI), mFileName);
if (errorURI) {
// FIXME: Once error reports contain the origin of the
// error (principals) we should change this to do the
// security check based on the principals and not
// URIs. See bug 387476.
sameOrigin = NS_SUCCEEDED(p->CheckMayLoad(errorURI, false));
if (NS_FAILED(p->Subsumes(mOriginPrincipal, &sameOrigin))) {
sameOrigin = false;
}
}
@ -342,13 +340,6 @@ public:
NS_WARNING("Not same origin error!");
errorevent.errorMsg = xoriginMsg.get();
errorevent.lineNr = 0;
// FIXME: once the principal of the script is not tied to
// the filename, we can stop using the post-redirect
// filename if we want and remove this line. Note that
// apparently we can't handle null filenames in the error
// event dispatching code.
static PRUnichar nullFilename[] = { PRUnichar(0) };
errorevent.fileName = nullFilename;
}
nsEventDispatcher::Dispatch(win, presContext, &errorevent, nsnull,
@ -407,6 +398,7 @@ public:
nsCOMPtr<nsIScriptGlobalObject> mScriptGlobal;
nsCOMPtr<nsIPrincipal> mOriginPrincipal;
PRUint32 mLineNr;
PRUint32 mColumn;
PRUint32 mFlags;
@ -502,8 +494,11 @@ NS_ScriptErrorReporter(JSContext *cx,
innerWindowID = innerWin->WindowID();
}
}
JSPrincipals *prin = report->originPrincipals;
nsIPrincipal *principal =
prin ? static_cast<nsJSPrincipals*>(prin)->nsIPrincipalPtr : nsnull;
nsContentUtils::AddScriptRunner(
new ScriptErrorEvent(globalObject, report->lineno,
new ScriptErrorEvent(globalObject, principal, report->lineno,
report->uctokenptr - report->uclinebuf,
report->flags, msg, fileName, sourceLine,
report->errorNumber != JSMSG_OUT_OF_MEMORY,

View File

@ -51,7 +51,7 @@ if (typeof window == 'undefined')
}
else
{
expect = /(Script error.|uncaught exception: Permission denied to get property UnnamedClass.classes)/;
expect = /(Script error.|Permission denied for <file:\/\/> to get property XPCComponents.classes)/;
window._onerror = window.onerror;
window.onerror = (function (msg, page, line) {