Bug 477979 - Add CheckLoadURI checks for more script loads. r+sr=jst

2024-11-29 07:42:04 +00:00 · 2009-02-11 15:51:37 +01:00 · 2009-02-11 15:51:37 +01:00 · e29d8ab4e4
commit e29d8ab4e4
parent 2936e74b81
3 changed files with 47 additions and 10 deletions
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@ -199,14 +199,15 @@ IsScriptEventHandler(nsIScriptElement *aScriptElement)
 }

 nsresult
-nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest,
+nsScriptLoader::CheckContentPolicy(nsIDocument* aDocument,
                                   nsISupports *aContext,
+                                   nsIURI *aURI,
                                   const nsAString &aType)
 {
  PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
  nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
-                                          aRequest->mURI,
-                                          mDocument->NodePrincipal(),
+                                          aURI,
+                                          aDocument->NodePrincipal(),
                                          aContext,
                                          NS_LossyConvertUTF16toASCII(aType),
                                          nsnull,    //extra
@ -224,20 +225,34 @@ nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest,
 }

 nsresult
-nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
+nsScriptLoader::ShouldLoadScript(nsIDocument* aDocument,
+                                 nsISupports* aContext,
+                                 nsIURI* aURI,
+                                 const nsAString &aType)
 {
  // Check that the containing page is allowed to load this URI.
  nsresult rv = nsContentUtils::GetSecurityManager()->
-    CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), aRequest->mURI,
+    CheckLoadURIWithPrincipal(aDocument->NodePrincipal(), aURI,
                              nsIScriptSecurityManager::ALLOW_CHROME);

  NS_ENSURE_SUCCESS(rv, rv);

  // After the security manager, the content-policy stuff gets a veto
+  rv = CheckContentPolicy(aDocument, aContext, aURI, aType);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
+{
  nsISupports *context = aRequest->mElement.get()
                         ? static_cast<nsISupports *>(aRequest->mElement.get())
                         : static_cast<nsISupports *>(mDocument);
-  rv = CheckContentPolicy(aRequest, context, aType);
+  nsresult rv = ShouldLoadScript(mDocument, context, aRequest->mURI, aType);
  if (NS_FAILED(rv)) {
    return rv;
  }
@ -485,7 +500,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
      request->mDefer = mDeferEnabled && aElement->GetScriptDeferred();
      mPreloads.RemoveElementAt(i);

-      rv = CheckContentPolicy(request, aElement, type);
+      rv = CheckContentPolicy(mDocument, aElement, request->mURI, type);
      if (NS_FAILED(rv)) {
        // Note, we're dropping our last ref to request here.
        return rv;
--- a/content/base/src/nsScriptLoader.h
+++ b/content/base/src/nsScriptLoader.h
@ -180,6 +180,15 @@ public:
   */
  void ProcessPendingRequests();

+  /**
+   * Check whether it's OK to load a script from aURI in
+   * aDocument.
+   */
+  static nsresult ShouldLoadScript(nsIDocument* aDocument,
+                                   nsISupports* aContext,
+                                   nsIURI* aURI,
+                                   const nsAString &aType);
+
  /**
   * Check whether it's OK to execute a script loaded via aChannel in
   * aDocument.
@ -233,9 +242,10 @@ protected:
  /**
   * Helper function to check the content policy for a given request.
   */
-  nsresult CheckContentPolicy(nsScriptLoadRequest *aRequest,
-                              nsISupports *aContext,
-                              const nsAString &aType);
+  static nsresult CheckContentPolicy(nsIDocument* aDocument,
+                                     nsISupports *aContext,
+                                     nsIURI *aURI,
+                                     const nsAString &aType);

  /**
   * Start a load for aRequest's URI.
--- a/content/xul/document/src/nsXULDocument.cpp
+++ b/content/xul/document/src/nsXULDocument.cpp
@ -3427,6 +3427,18 @@ nsXULDocument::LoadScript(nsXULPrototypeScript* aScriptProto, PRBool* aBlock)
        }
    }

+    // Allow security manager and content policies to veto the load. Note that
+    // at this point we already lost context information of the script.
+    rv = nsScriptLoader::ShouldLoadScript(
+                            this,
+                            static_cast<nsIDocument*>(this),
+                            aScriptProto->mSrcURI,
+                            NS_LITERAL_STRING("application/x-javascript"));
+    if (NS_FAILED(rv)) {
+      *aBlock = PR_FALSE;
+      return rv;
+    }
+
    // Set the current script prototype so that OnStreamComplete can report
    // the right file if there are errors in the script.
    NS_ASSERTION(!mCurrentScriptProto,