mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 20:05:49 +00:00
Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz
This commit is contained in:
parent
98bf044371
commit
ebfa77072c
@ -9959,10 +9959,13 @@ nsDocShell::InternalLoad(nsIURI* aURI,
|
||||
isTargetTopLevelDocShell = true;
|
||||
}
|
||||
|
||||
nsIDocument* doc = mContentViewer ? mContentViewer->GetDocument()
|
||||
: nullptr;
|
||||
if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
|
||||
aURI,
|
||||
contentType,
|
||||
aTriggeringPrincipal,
|
||||
doc,
|
||||
(aLoadType == LOAD_NORMAL_EXTERNAL),
|
||||
!aFileName.IsVoid())) {
|
||||
// logging to console happens within AllowTopLevelNavigationToDataURI
|
||||
@ -10097,8 +10100,6 @@ nsDocShell::InternalLoad(nsIURI* aURI,
|
||||
}
|
||||
}
|
||||
|
||||
const nsIDocument* doc = mContentViewer ? mContentViewer->GetDocument()
|
||||
: nullptr;
|
||||
const bool isDocumentAuxSandboxed = doc &&
|
||||
(doc->GetSandboxFlags() & SANDBOXED_AUXILIARY_NAVIGATION);
|
||||
|
||||
|
@ -26,6 +26,7 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
|
||||
nsIURI* aURI,
|
||||
nsContentPolicyType aContentPolicyType,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIDocument* aDoc,
|
||||
bool aLoadFromExternal,
|
||||
bool aIsDownLoad)
|
||||
{
|
||||
@ -73,8 +74,7 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
|
||||
const char16_t* params[] = { specUTF16.get() };
|
||||
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
|
||||
NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),
|
||||
// no doc available, log to browser console
|
||||
nullptr,
|
||||
aDoc,
|
||||
nsContentUtils::eSECURITY_PROPERTIES,
|
||||
"BlockTopLevelDataURINavigation",
|
||||
params, ArrayLength(params));
|
||||
@ -584,6 +584,7 @@ nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
|
||||
uri,
|
||||
newLoadInfo->GetExternalContentPolicyType(),
|
||||
nullTriggeringPrincipal,
|
||||
nullptr, // no doc available, log to browser console
|
||||
false,
|
||||
false)) {
|
||||
// logging to console happens within AllowTopLevelNavigationToDataURI
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "nsIChannelEventSink.h"
|
||||
|
||||
class nsIStreamListener;
|
||||
class nsIDocument;
|
||||
|
||||
#define NS_CONTENTSECURITYMANAGER_CONTRACTID "@mozilla.org/contentsecuritymanager;1"
|
||||
// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
|
||||
@ -35,6 +36,7 @@ public:
|
||||
static bool AllowTopLevelNavigationToDataURI(nsIURI* aURI,
|
||||
nsContentPolicyType aContentPolicyType,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIDocument* aDoc,
|
||||
bool aLoadFromExternal,
|
||||
bool aIsDownload);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user