From e11ba4792592fe3f959948a3fe80d0d23c0f4988 Mon Sep 17 00:00:00 2001 From: Kris Maglione Date: Thu, 5 Oct 2017 16:19:19 -0700 Subject: [PATCH] Bug 1406278: Part 7 - Use subject principal as triggering principal in "src" attribute. r=bz MozReview-Commit-ID: 8DZOwqBrA2i --HG-- extra : rebase_source : 9c2b4611f72f4aa18e67ef6f3b144c85a92b59e7 --- dom/html/HTMLInputElement.cpp | 37 ++++++++++++------- dom/html/HTMLInputElement.h | 11 ++++-- dom/webidl/HTMLInputElement.webidl | 2 +- ...t_ext_contentscript_triggeringPrincipal.js | 6 ++- 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/dom/html/HTMLInputElement.cpp b/dom/html/HTMLInputElement.cpp index 096bf2395601..09e14a5dcb97 100644 --- a/dom/html/HTMLInputElement.cpp +++ b/dom/html/HTMLInputElement.cpp @@ -1338,18 +1338,6 @@ HTMLInputElement::BeforeSetAttr(int32_t aNameSpaceID, nsAtom* aName, mType == NS_FORM_INPUT_RADIO && (mForm || mDoneCreating)) { WillRemoveFromRadioGroup(); - } else if (aNotify && aName == nsGkAtoms::src && - mType == NS_FORM_INPUT_IMAGE) { - if (aValue) { - // Mark channel as urgent-start before load image if the image load is - // initaiated by a user interaction. - mUseUrgentStartForChannel = EventStateManager::IsHandlingUserInput(); - - LoadImage(aValue->String(), true, aNotify, eImageLoadType_Normal); - } else { - // Null value means the attr got unset; drop the image - CancelImageRequests(aNotify); - } } else if (aNotify && aName == nsGkAtoms::disabled) { mDisabledChanged = true; } else if (mType == NS_FORM_INPUT_RADIO && aName == nsGkAtoms::required) { @@ -1394,6 +1382,25 @@ HTMLInputElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName, UpdateValueMissingValidityStateForRadio(false); } + if (aName == nsGkAtoms::src) { + mSrcTriggeringPrincipal = nsContentUtils::GetAttrTriggeringPrincipal( + this, aValue ? aValue->GetStringValue() : EmptyString(), + aSubjectPrincipal); + if (aNotify && mType == NS_FORM_INPUT_IMAGE) { + if (aValue) { + // Mark channel as urgent-start before load image if the image load is + // initiated by a user interaction. + mUseUrgentStartForChannel = EventStateManager::IsHandlingUserInput(); + + LoadImage(aValue->GetStringValue(), true, aNotify, eImageLoadType_Normal, + mSrcTriggeringPrincipal); + } else { + // Null value means the attr got unset; drop the image + CancelImageRequests(aNotify); + } + } + } + // If @value is changed and BF_VALUE_CHANGED is false, @value is the value // of the element so, if the value of the element is different than @value, // we have to re-set it. This is only the case when GetValueMode() returns @@ -4797,7 +4804,8 @@ HTMLInputElement::MaybeLoadImage() nsAutoString uri; if (mType == NS_FORM_INPUT_IMAGE && GetAttr(kNameSpaceID_None, nsGkAtoms::src, uri) && - (NS_FAILED(LoadImage(uri, false, true, eImageLoadType_Normal)) || + (NS_FAILED(LoadImage(uri, false, true, eImageLoadType_Normal, + mSrcTriggeringPrincipal)) || !LoadingEnabled())) { CancelImageRequests(true); } @@ -5043,7 +5051,8 @@ HTMLInputElement::HandleTypeChange(uint8_t aNewType, bool aNotify) // initaiated by a user interaction. mUseUrgentStartForChannel = EventStateManager::IsHandlingUserInput(); - LoadImage(src, false, aNotify, eImageLoadType_Normal); + LoadImage(src, false, aNotify, eImageLoadType_Normal, + mSrcTriggeringPrincipal); } } diff --git a/dom/html/HTMLInputElement.h b/dom/html/HTMLInputElement.h index e27430aa451e..240d4cfbe299 100644 --- a/dom/html/HTMLInputElement.h +++ b/dom/html/HTMLInputElement.h @@ -707,13 +707,13 @@ public: SetUnsignedIntAttr(nsGkAtoms::size, aValue, DEFAULT_COLS, aRv); } - void GetSrc(nsAString& aValue) + void GetSrc(nsAString& aValue, nsIPrincipal&) { GetURIAttr(nsGkAtoms::src, nullptr, aValue); } - void SetSrc(const nsAString& aValue, ErrorResult& aRv) + void SetSrc(const nsAString& aValue, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv) { - SetHTMLAttr(nsGkAtoms::src, aValue, aRv); + SetHTMLAttr(nsGkAtoms::src, aValue, aTriggeringPrincipal, aRv); } void GetStep(nsAString& aValue) @@ -1617,6 +1617,11 @@ protected: */ nsTextEditorState::SelectionProperties mSelectionProperties; + /** + * The triggering principal for the src attribute. + */ + nsCOMPtr mSrcTriggeringPrincipal; + /* * InputType object created based on input type. */ diff --git a/dom/webidl/HTMLInputElement.webidl b/dom/webidl/HTMLInputElement.webidl index b5c5988d0399..dfb299be0583 100644 --- a/dom/webidl/HTMLInputElement.webidl +++ b/dom/webidl/HTMLInputElement.webidl @@ -81,7 +81,7 @@ interface HTMLInputElement : HTMLElement { attribute boolean required; [CEReactions, Pure, SetterThrows] attribute unsigned long size; - [CEReactions, Pure, SetterThrows] + [CEReactions, Pure, NeedsSubjectPrincipal, SetterThrows] attribute DOMString src; [CEReactions, Pure, SetterThrows] attribute DOMString step; diff --git a/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js b/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js index 624c005d1c76..3fad93b269ef 100644 --- a/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js +++ b/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js @@ -44,7 +44,7 @@ const BASE_URL = `http://localhost:${server.identity.primaryPort}`; * A set of tags which are automatically closed in HTML documents, and * do not require an explicit closing tag. */ -const AUTOCLOSE_TAGS = new Set(["img", "source"]); +const AUTOCLOSE_TAGS = new Set(["img", "input", "source"]); /** * An object describing the elements to create for a specific test. @@ -455,6 +455,10 @@ add_task(async function test_contentscript_triggeringPrincipals() { src: "imgset.png", srcAttr: "srcset", }, + { + element: ["input", {type: "image"}], + src: "input.png", + }, { element: ["picture", {}, ["source", {}], ["img", {}]], src: "picture.png",