mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
Bug 1582512 - Register a ScriptValidationCallback to examine script loads in the parent process r=Gijs,ckerschb
Additionally, we disable validation on PAC scripts. Differential Revision: https://phabricator.services.mozilla.com/D46500 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
490528b68e
commit
e7037fe85f
@ -514,6 +514,8 @@ pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
|
||||
pref("security.allow_eval_with_system_principal", false);
|
||||
pref("security.allow_eval_in_parent_process", false);
|
||||
|
||||
pref("security.allow_parent_unrestricted_js_loads", false);
|
||||
|
||||
#ifdef NIGHTLY_BUILD
|
||||
pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
|
||||
#else
|
||||
|
@ -18,6 +18,7 @@
|
||||
# include <wininet.h>
|
||||
#endif
|
||||
|
||||
#include "mozilla/Logging.h"
|
||||
#include "mozilla/dom/Document.h"
|
||||
#include "mozilla/StaticPrefs_extensions.h"
|
||||
|
||||
@ -676,3 +677,46 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
|
||||
"about: page must not contain a CSP including 'unsafe-inline'");
|
||||
}
|
||||
#endif
|
||||
|
||||
/* static */
|
||||
bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
|
||||
bool aIsSystemRealm) {
|
||||
// If the pref is permissive, allow everything
|
||||
if (StaticPrefs::security_allow_parent_unrestricted_js_loads()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If we're not in the parent process allow everything (presently)
|
||||
if (!XRE_IsE10sParentProcess()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
NS_ConvertUTF8toUTF16 filenameU(aFilename);
|
||||
|
||||
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
|
||||
// If it's a chrome:// url, allow it
|
||||
return true;
|
||||
}
|
||||
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("resource://"))) {
|
||||
// If it's a resource:// url, allow it
|
||||
return true;
|
||||
}
|
||||
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("file://"))) {
|
||||
// We will temporarily allow all file:// URIs through for now
|
||||
return true;
|
||||
}
|
||||
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("jar:file://"))) {
|
||||
// We will temporarily allow all jar URIs through for now
|
||||
return true;
|
||||
}
|
||||
|
||||
// Log to MOZ_LOG
|
||||
MOZ_LOG(sCSMLog, LogLevel::Info,
|
||||
("ValidateScriptFilename System:%i %s\n", (aIsSystemRealm ? 1 : 0),
|
||||
aFilename));
|
||||
|
||||
// Presently we are not enforcing any restrictions for the script filename,
|
||||
// we're only reporting Telemetry. In the future we will assert in debug
|
||||
// builds and return false to prevent execution in non-debug builds.
|
||||
return true;
|
||||
}
|
@ -38,6 +38,9 @@ class nsContentSecurityUtils {
|
||||
#if defined(DEBUG)
|
||||
static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
|
||||
#endif
|
||||
|
||||
static bool ValidateScriptFilename(const char* aFilename,
|
||||
bool aIsSystemRealm);
|
||||
};
|
||||
|
||||
#endif /* nsContentSecurityUtils_h___ */
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "mozJSComponentLoader.h"
|
||||
#include "nsAutoPtr.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsContentSecurityUtils.h"
|
||||
|
||||
#include "nsExceptionHandler.h"
|
||||
#include "nsIMemoryInfoDumper.h"
|
||||
@ -3075,6 +3076,10 @@ void XPCJSRuntime::Initialize(JSContext* cx) {
|
||||
JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
|
||||
this);
|
||||
JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
|
||||
if (XRE_IsE10sParentProcess()) {
|
||||
JS::SetFilenameValidationCallback(
|
||||
nsContentSecurityUtils::ValidateScriptFilename);
|
||||
}
|
||||
js::SetPreserveWrapperCallback(cx, PreserveWrapper);
|
||||
JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
|
||||
JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);
|
||||
|
@ -7250,6 +7250,13 @@
|
||||
value: 40
|
||||
mirror: always
|
||||
|
||||
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
|
||||
# not allowed for Firefox Desktop in firefox.js
|
||||
- name: security.allow_parent_unrestricted_js_loads
|
||||
type: RelaxedAtomicBool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
|
||||
# not allowed for Firefox Desktop in firefox.js
|
||||
- name: security.allow_eval_with_system_principal
|
||||
|
@ -728,6 +728,7 @@ nsresult ProxyAutoConfig::SetupJS() {
|
||||
|
||||
auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
|
||||
JS::CompileOptions options(cx);
|
||||
options.setSkipFilenameValidation(true);
|
||||
options.setFileAndLine(this->mPACURI.get(), 1);
|
||||
|
||||
// Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,
|
||||
|
Loading…
Reference in New Issue
Block a user