Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-13 19:41:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1038756: Callsites creating a channel in /dom/xbl/ (r=bz)

Browse Source
This commit is contained in:
Christoph Kerschbaumer 2014-09-21 09:38:38 -07:00
parent dad0acb099
commit fad0c74a59
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dom/xbl/nsXBLService.cpp
View File

@ -994,7 +994,8 @@ nsXBLService::LoadBindingDocumentInfo(nsIContent* aBoundElement,
nsCOMPtr<nsIDocument> document; nsCOMPtr<nsIDocument> document;
FetchBindingDocument(aBoundElement, aBoundDocument, documentURI, FetchBindingDocument(aBoundElement, aBoundDocument, documentURI,
aBindingURI, aForceSyncLoad, getter_AddRefs(document)); aBindingURI, aOriginPrincipal, aForceSyncLoad,
getter_AddRefs(document));
if (document) { if (document) {
nsBindingManager *xblDocBindingManager = document->BindingManager(); nsBindingManager *xblDocBindingManager = document->BindingManager();
@ -1031,7 +1032,8 @@ nsXBLService::LoadBindingDocumentInfo(nsIContent* aBoundElement,
nsresult nsresult
nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoundDocument, nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoundDocument,
nsIURI* aDocumentURI, nsIURI* aBindingURI, nsIURI* aDocumentURI, nsIURI* aBindingURI,
bool aForceSyncLoad, nsIDocument** aResult) nsIPrincipal* aOriginPrincipal, bool aForceSyncLoad,
nsIDocument** aResult)
{ {
nsresult rv = NS_OK; nsresult rv = NS_OK;
// Initialize our out pointer to nullptr // Initialize our out pointer to nullptr
@ -1058,8 +1060,25 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
// Open channel // Open channel
// Note: There are some cases where aOriginPrincipal and aBoundDocument are purposely
// set to null (to bypass security checks) when calling LoadBindingDocumentInfo() which calls
// FetchBindingDocument(). LoadInfo will end up with no principal or node in those cases,
// so we use systemPrincipal. This achieves the same result of bypassing security checks,
// but it gives the wrong information to potential future consumers of loadInfo.
nsCOMPtr<nsIPrincipal> requestingPrincipal = aOriginPrincipal ? aOriginPrincipal
: nsContentUtils::GetSystemPrincipal();
nsCOMPtr<nsIChannel> channel; nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel), aDocumentURI, nullptr, loadGroup); // Note that we are calling NS_NewChannelInternal here with both a node and a principal.
// This is because the principal and node could be different.
rv = NS_NewChannelInternal(getter_AddRefs(channel),
aDocumentURI,
aBoundDocument,
requestingPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIInterfaceRequestor> sameOriginChecker = nsContentUtils::GetSameOriginChecker(); nsCOMPtr<nsIInterfaceRequestor> sameOriginChecker = nsContentUtils::GetSameOriginChecker();

3
dom/xbl/nsXBLService.h
View File

@ -78,7 +78,8 @@ protected:
// This method synchronously loads and parses an XBL file. // This method synchronously loads and parses an XBL file.
nsresult FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoundDocument, nsresult FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoundDocument,
nsIURI* aDocumentURI, nsIURI* aBindingURI, nsIURI* aDocumentURI, nsIURI* aBindingURI,
bool aForceSyncLoad, nsIDocument** aResult); nsIPrincipal* aOriginPrincipal, bool aForceSyncLoad,
nsIDocument** aResult);
/** /**
* This method calls the one below with an empty |aDontExtendURIs| array. * This method calls the one below with an empty |aDontExtendURIs| array.