[Pkg-mozext-commits] [requestpolicy] 62/100: query interface when using aContext, fixes #503
David Prévot
taffit at moszumanska.debian.org
Fri Dec 12 22:56:59 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository requestpolicy.
commit 7ceef9fbd6d2c2d48726c4fc676df6f2b7d6a996
Author: myrdd <myrdd at users.noreply.github.com>
Date: Fri Oct 31 11:38:59 2014 +0100
query interface when using aContext, fixes #503
aContext can be nsIDOMNode or nsIDOMWindow. Previously, it was assumed to be a DOM node, so it caused an error.
see https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy#shouldLoad%28%29
---
src/modules/Request.jsm | 37 ++++++++++----------
src/modules/RequestProcessor.jsm | 74 +++++++++++++++++++++++++---------------
2 files changed, 65 insertions(+), 46 deletions(-)
diff --git a/src/modules/Request.jsm b/src/modules/Request.jsm
index d50f8b3..8a4c326 100644
--- a/src/modules/Request.jsm
+++ b/src/modules/Request.jsm
@@ -147,30 +147,28 @@ NormalRequest.prototype.isInternal = function() {
return true;
}
- if (this.aRequestOrigin == undefined || this.aRequestOrigin == null) {
+ if (this.aRequestOrigin === undefined || this.aRequestOrigin === null) {
return true;
}
- var missingSpecOrHost;
- try {
- // The asciiHost values will exist but be empty strings for the "file"
- // scheme, so we don't want to allow just because they are empty strings,
- // only if not set at all.
- this.aRequestOrigin.asciiHost;
- this.aContentLocation.asciiHost;
+ if (this.aRequestOrigin.spec === "") {
// The spec can be empty if odd things are going on, like the Refcontrol
// extension causing back/forward button-initiated requests to have
// aRequestOrigin be a virtually empty nsIURL object.
- missingSpecOrHost = this.aRequestOrigin.spec === "";
- } catch (e) {
- missingSpecOrHost = true;
+ rp.mod.Logger.info(rp.mod.Logger.TYPE_CONTENT,
+ "Allowing request with empty aRequestOrigin spec!");
+ return true;
}
- if (missingSpecOrHost) {
+ if (this.aRequestOrigin.asciiHost === undefined ||
+ this.aContentLocation.asciiHost === undefined) {
+ // The asciiHost values will exist but be empty strings for the "file"
+ // scheme, so we don't want to allow just because they are empty strings,
+ // only if not set at all.
rp.mod.Logger.info(rp.mod.Logger.TYPE_CONTENT,
- "No asciiHost or empty spec on either aRequestOrigin <"
- + this.aRequestOrigin.spec + "> or aContentLocation <"
- + this.aContentLocation.spec + ">");
+ "Allowing request with no asciiHost on either aRequestOrigin <" +
+ this.aRequestOrigin.spec + "> or aContentLocation <" +
+ this.aContentLocation.spec + ">");
return true;
}
@@ -182,16 +180,17 @@ NormalRequest.prototype.isInternal = function() {
return true;
}
- if (this.aRequestOrigin.scheme == 'about'
- && this.aRequestOrigin.spec.indexOf("about:neterror?") == 0) {
+ // see issue #180
+ if (this.aRequestOrigin.scheme == 'about' &&
+ this.aRequestOrigin.spec.indexOf("about:neterror?") == 0) {
return true;
}
// If there are entities in the document, they may trigger a local file
// request. We'll only allow requests to .dtd files, though, so we don't
// open up all file:// destinations.
- if (this.aContentLocation.scheme == "file"
- && /.\.dtd$/.test(this.aContentLocation.path)) {
+ if (this.aContentLocation.scheme == "file" &&
+ this.aContentType == CI.nsIContentPolicy.TYPE_DTD) {
return true;
}
diff --git a/src/modules/RequestProcessor.jsm b/src/modules/RequestProcessor.jsm
index 61272d8..07b7075 100644
--- a/src/modules/RequestProcessor.jsm
+++ b/src/modules/RequestProcessor.jsm
@@ -174,21 +174,27 @@ RequestProcessor.prototype.process = function(request) {
}
if (originURI == "about:blank" && request.aContext) {
- var newOriginURI;
- if (request.aContext.documentURI &&
- request.aContext.documentURI != "about:blank") {
- newOriginURI = request.aContext.documentURI;
- } else if (request.aContext.ownerDocument &&
- request.aContext.ownerDocument.documentURI &&
- request.aContext.ownerDocument.documentURI != "about:blank") {
- newOriginURI = request.aContext.ownerDocument.documentURI;
- }
- if (newOriginURI) {
- newOriginURI = rp.mod.DomainUtil.stripFragment(newOriginURI);
- rp.mod.Logger.info(rp.mod.Logger.TYPE_CONTENT, "Considering origin <" +
- originURI + "> to be origin <" + newOriginURI + ">");
- originURI = newOriginURI;
- request.setOriginURI(originURI);
+ let domNode;
+ try {
+ domNode = request.aContext.QueryInterface(CI.nsIDOMNode);
+ } catch (e if e.result == Components.results.NS_ERROR_NO_INTERFACE) {}
+ if (domNode && domNode.nodeType == CI.nsIDOMNode.DOCUMENT_NODE) {
+ var newOriginURI;
+ if (request.aContext.documentURI &&
+ request.aContext.documentURI != "about:blank") {
+ newOriginURI = request.aContext.documentURI;
+ } else if (request.aContext.ownerDocument &&
+ request.aContext.ownerDocument.documentURI &&
+ request.aContext.ownerDocument.documentURI != "about:blank") {
+ newOriginURI = request.aContext.ownerDocument.documentURI;
+ }
+ if (newOriginURI) {
+ newOriginURI = rp.mod.DomainUtil.stripFragment(newOriginURI);
+ rp.mod.Logger.info(rp.mod.Logger.TYPE_CONTENT, "Considering origin <" +
+ originURI + "> to be origin <" + newOriginURI + ">");
+ originURI = newOriginURI;
+ request.setOriginURI(originURI);
+ }
}
}
@@ -213,10 +219,16 @@ RequestProcessor.prototype.process = function(request) {
- if (request.aContext && request.aContext.nodeName == "LINK" &&
- (request.aContext.rel == "icon" ||
- request.aContext.rel == "shortcut icon")) {
- this._faviconRequests[destURI] = true;
+ if (request.aContext) {
+ let domNode;
+ try {
+ domNode = request.aContext.QueryInterface(CI.nsIDOMNode);
+ } catch (e if e.result == Components.results.NS_ERROR_NO_INTERFACE) {}
+
+ if (domNode && domNode.nodeName == "LINK" &&
+ (domNode.rel == "icon" || domNode.rel == "shortcut icon")) {
+ this._faviconRequests[destURI] = true;
+ }
}
// Note: If changing the logic here, also make necessary changes to
@@ -311,13 +323,19 @@ RequestProcessor.prototype.process = function(request) {
// window.open() and we can't find a better way to register the source
// and destination before the request is made. This should be able to be
// removed if we can find a better solution for the allowed popup case.
- if (request.aContext && request.aContext.nodeName == "xul:browser" &&
- request.aContext.currentURI &&
- request.aContext.currentURI.spec == "about:blank") {
- request.requestResult = new rp.mod.RequestResult(true,
- rp.mod.REQUEST_REASON_NEW_WINDOW);
- return this.accept("New window (should probably only be an allowed " +
- "popup's initial request)", request, true);
+ if (request.aContext) {
+ let domNode;
+ try {
+ domNode = request.aContext.QueryInterface(CI.nsIDOMNode);
+ } catch (e if e.result == Components.results.NS_ERROR_NO_INTERFACE) {}
+
+ if (domNode && domNode.nodeName == "xul:browser" &&
+ domNode.currentURI && domNode.currentURI.spec == "about:blank") {
+ request.requestResult = new rp.mod.RequestResult(true,
+ rp.mod.REQUEST_REASON_NEW_WINDOW);
+ return this.accept("New window (should probably only be an allowed " +
+ "popup's initial request)", request, true);
+ }
}
// XMLHttpRequests made within chrome's context have these origins.
@@ -1047,7 +1065,9 @@ RequestProcessor.prototype.reject = function(reason, request) {
return CP_OK;
}
- request.aContext.requestpolicyBlocked = true;
+ if (request.aContext) {
+ request.aContext.requestpolicyBlocked = true;
+ }
this._cacheShouldLoadResult(CP_REJECT, request.originURI, request.destURI);
this._recordRejectedRequest(request);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/requestpolicy.git
More information about the Pkg-mozext-commits
mailing list