[Pkg-mozext-commits] [no-resource-uri-leak] 04/09: Added an option to block chrome URIs; Add-ons compatiblity: Whitelist about:addons
Hema Prathaban
hemaprathaban-guest at moszumanska.debian.org
Tue Jul 4 17:19:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
hemaprathaban-guest pushed a commit to branch upstream
in repository no-resource-uri-leak.
commit 2f74f40e4bdab4cfc2b5b239a7f3b034ac8619b8
Author: nord-stream <nord-stream at ochaken.jp.eu.org>
Date: Thu Jun 16 13:05:10 2016 +0000
Added an option to block chrome URIs; Add-ons compatiblity: Whitelist about:addons
---
preferences.json | 9 +++++++++
src/main.js | 4 +++-
src/resource-filter/content-policy.js | 28 +++++++++++++++++++++++-----
src/resource-filter/init.js | 10 ++++++----
tools/jpm.sh | 2 +-
version_info | 5 ++++-
6 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/preferences.json b/preferences.json
new file mode 100644
index 0000000..989f9ed
--- /dev/null
+++ b/preferences.json
@@ -0,0 +1,9 @@
+[
+ {
+ "name": "blockChromeURIs"
+ ,"type": "bool"
+ ,"value": false
+ ,"title": "Block Web-exposed subset of chrome:// URIs"
+ ,"description": "Enabling it may break certain extensions or badly designed Web sites. (Requires a restart)"
+ }
+]
diff --git a/src/main.js b/src/main.js
index 1ca347e..414e80d 100644
--- a/src/main.js
+++ b/src/main.js
@@ -27,7 +27,9 @@ vim: ts=4 noet ai */
// Stop all access attempts to resource:// URIs from the Web
const filteredDomain = void 0; // everything
+const blockChromeURIs = !!require ('sdk/simple-prefs').prefs.blockChromeURIs;
+console.log (require ('sdk/simple-prefs').prefs);
// The core code is under MPL-2.0
-require ('./resource-filter/init').addFilter (filteredDomain);
+require ('./resource-filter/init').addFilter (filteredDomain, blockChromeURIs);
diff --git a/src/resource-filter/content-policy.js b/src/resource-filter/content-policy.js
index f2d22d4..01856a5 100644
--- a/src/resource-filter/content-policy.js
+++ b/src/resource-filter/content-policy.js
@@ -13,6 +13,8 @@ const {XPCOMUtils} = require ('resource://gre/modules/XPCOMUtils.jsm');
const domains = new Set; // disallowed domains: any if empty
const isDenied = domain => 1 > domains.size || domains.has ('' + domain);
+let allowChromeURIs = true;
+
const policy = {__proto__: null
/* nsISupports */
,QueryInterface: XPCOMUtils.generateQI (['nsIContentPolicy', 'nsIFactory'])
@@ -28,8 +30,11 @@ const policy = {__proto__: null
/* nsIContentPolicy */
,shouldLoad (typeCode, uri, originUri, node, expectedMime, extra, principal) {
if (!uri || !uri.schemeIs ('resource') || !originUri
- || originUri.schemeIs ('chrome') || originUri.schemeIs ('resource')){
- return Ci.nsIContentPolicy.ACCEPT;
+ || originUri.schemeIs ('chrome') || originUri.schemeIs ('resource')) {
+
+ if (allowChromeURIs || !uri.schemeIs ('chrome')) {
+ return Ci.nsIContentPolicy.ACCEPT;
+ }
}
// Non-matching domain or a resource directly loaded into a tab
@@ -37,6 +42,11 @@ const policy = {__proto__: null
return Ci.nsIContentPolicy.ACCEPT;
}
+ // Whitelist about:addons (Add-ons compatibility)
+ if (originUri.schemeIs ('about') && 'addons' === originUri.path) {
+ return Ci.nsIContentPolicy.ACCEPT;
+ }
+
return Ci.nsIContentPolicy.REJECT_REQUEST;
}
,shouldProcess (typeCode, uri, originUri, node, expectedMime, extra) {
@@ -54,9 +64,17 @@ const init = (... args) => {
const categoryManager = Cc['@mozilla.org/categorymanager;1']
.getService (Ci.nsICategoryManager);
- const resourceDomain = args.pop ();
- //console.log ('domain:', resourceDomain);
- resourceDomain && domains.add ('' + resourceDomain);
+ const {resourceDomain, blockChromeURIs} = args.pop ();
+ try {
+ if ('string' === typeof resourceDomain) throw void 0;
+ [... resourceDomain].forEach (domain => domains.add ('' + domain));
+ } catch (e) {
+ resourceDomain && domains.add ('' + resourceDomain);
+ }
+
+ if (blockChromeURIs) {
+ allowChromeURIs = false;
+ }
registrar.registerFactory (classId, description, contractId, policy);
categoryManager.addCategoryEntry (category, contractId, contractId, false, true);
diff --git a/src/resource-filter/init.js b/src/resource-filter/init.js
index a0f7cce..74ca34c 100644
--- a/src/resource-filter/init.js
+++ b/src/resource-filter/init.js
@@ -8,16 +8,18 @@
/**
Prevents content from loading resource:// URIs without breaking add-ons.
@param resourceDomain (optional) e.g. 'gre' for resource://gre/
+ @param blockChromeURIs (optional) set to block chrome:// resources
*/
-exports.addFilter = resourceDomain => {
+exports.addFilter = (resourceDomain, blockChromeURIs) => {
try {
const {processes, remoteRequire} = require ('sdk/remote/parent');
remoteRequire ('./content-policy', module);
-
+
// For every current and future process
- processes.forEvery (process => void process.port.emit ('init', resourceDomain));
+ processes.forEvery (process => void process.port.emit ('init'
+ , {resourceDomain, blockChromeURIs}));
} catch (e) {
// Not multiprocess
- require ('./content-policy').init (resourceDomain);
+ require ('./content-policy').init ({resourceDomain, blockChromeURIs});
}
};
diff --git a/tools/jpm.sh b/tools/jpm.sh
index dd09fcf..76b2f5e 160000
--- a/tools/jpm.sh
+++ b/tools/jpm.sh
@@ -1 +1 @@
-Subproject commit dd09fcfe3fb64f533d9f8b175a9cc3b2e446737d
+Subproject commit 76b2f5ef1ab529c12257102c8e09698176481d8a
diff --git a/version_info b/version_info
index b5eab61..3d1a3f1 100644
--- a/version_info
+++ b/version_info
@@ -22,7 +22,7 @@
addon_id="no-resource-uri-leak"
# Canonical version of the addon (may be converted into different formats on build)
-addon_version="0.1.0"
+addon_version="0.2.0"
# Alpha versions (may not be feature complete): x.y.z~a1, x.y.z~a2, ...
# Beta versions (feature-frozen): x.y.z~b1, x.y.z~b2, ...
@@ -48,3 +48,6 @@ addon_support_private_browsing=1
addon_fennec_version='>=38.0a1'
addon_thunderbird_version='>=38.0'
addon_seamonkey_version='>=2.38'
+
+# Experimental: not yet compatible
+#addon_palemoon_version='>=25.0'
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/no-resource-uri-leak.git
More information about the Pkg-mozext-commits
mailing list