Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz

2024-10-10 20:05:49 +00:00 · 2017-10-16 14:18:52 +02:00 · 2017-10-16 14:18:52 +02:00 · ebfa77072c
commit ebfa77072c
parent 98bf044371
3 changed files with 8 additions and 4 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -9959,10 +9959,13 @@ nsDocShell::InternalLoad(nsIURI* aURI,
    isTargetTopLevelDocShell = true;
  }

+  nsIDocument* doc = mContentViewer ? mContentViewer->GetDocument()
+                                    : nullptr;
  if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
        aURI,
        contentType,
        aTriggeringPrincipal,
+        doc,
        (aLoadType == LOAD_NORMAL_EXTERNAL),
        !aFileName.IsVoid())) {
    // logging to console happens within AllowTopLevelNavigationToDataURI
@ -10097,8 +10100,6 @@ nsDocShell::InternalLoad(nsIURI* aURI,
    }
  }

-  const nsIDocument* doc = mContentViewer ? mContentViewer->GetDocument()
-                                          : nullptr;
  const bool isDocumentAuxSandboxed = doc &&
    (doc->GetSandboxFlags() & SANDBOXED_AUXILIARY_NAVIGATION);

--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@ -26,6 +26,7 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
  nsIURI* aURI,
  nsContentPolicyType aContentPolicyType,
  nsIPrincipal* aTriggeringPrincipal,
+  nsIDocument* aDoc,
  bool aLoadFromExternal,
  bool aIsDownLoad)
 {
@ -73,8 +74,7 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
  const char16_t* params[] = { specUTF16.get() };
  nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
                                  NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),
-                                  // no doc available, log to browser console
-                                  nullptr,
+                                  aDoc,
                                  nsContentUtils::eSECURITY_PROPERTIES,
                                  "BlockTopLevelDataURINavigation",
                                  params, ArrayLength(params));
@ -584,6 +584,7 @@ nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
          uri,
          newLoadInfo->GetExternalContentPolicyType(),
          nullTriggeringPrincipal,
+          nullptr, // no doc available, log to browser console
          false,
          false)) {
        // logging to console happens within AllowTopLevelNavigationToDataURI
--- a/dom/security/nsContentSecurityManager.h
+++ b/dom/security/nsContentSecurityManager.h
@ -12,6 +12,7 @@
 #include "nsIChannelEventSink.h"

 class nsIStreamListener;
+class nsIDocument;

 #define NS_CONTENTSECURITYMANAGER_CONTRACTID "@mozilla.org/contentsecuritymanager;1"
 // cdcc1ab8-3cea-4e6c-a294-a651fa35227f
@ -35,6 +36,7 @@ public:
  static bool AllowTopLevelNavigationToDataURI(nsIURI* aURI,
                                               nsContentPolicyType aContentPolicyType,
                                               nsIPrincipal* aTriggeringPrincipal,
+                                               nsIDocument* aDoc,
                                               bool aLoadFromExternal,
                                               bool aIsDownload);