Bug 1365319 - Always disallow plugins in messages. r=mkmelin
authorJorg K <jorgk@jorgk.com>
Tue, 16 May 2017 20:07:04 +0200
changeset 21556 5e8c500f55ff1f827bc4297304e577137a0ff2c1
parent 21555 a09ebe0269abee8765beb01e997ecfa6dff01372
child 21557 249bb3317336f0856202b29fd6eb0f28f1a62030
push id13129
push usermozilla@jorgk.com
push dateTue, 16 May 2017 20:59:18 +0000
treeherdercomm-central@b7c66885ee8b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmkmelin
bugs1365319
Bug 1365319 - Always disallow plugins in messages. r=mkmelin
mail/test/mozmill/content-policy/test-plugins-policy.js
mailnews/base/src/nsMsgContentPolicy.cpp
mailnews/base/src/nsMsgContentPolicy.h
mailnews/mailnews.js
--- a/mail/test/mozmill/content-policy/test-plugins-policy.js
+++ b/mail/test/mozmill/content-policy/test-plugins-policy.js
@@ -196,19 +196,8 @@ function test_checkContentTab() {
   if (!isPluginLoaded(mc.tabmail.getBrowserForSelectedTab().contentDocument))
     throw new Error("Plugin has been unexpectedly blocked in content tab");
 
   mc.tabmail.closeTab(newTab);
 
   if (mc.tabmail.tabContainer.childNodes.length != preCount)
     throw new Error("The content tab didn't close");
 }
-
-// Disabled as a bustage fix, see bug 1365319.
-function disabled_3paneWindowAllowed() {
-  Services.prefs.setBoolPref("mailnews.message_display.allow_plugins", true);
-
-  addMsgToFolderAndCheckContent(true);
-}
-
-function disabled_checkStandaloneMessageWindowAllowed() {
-  checkStandaloneMessageWindow(true);
-}
--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@@ -22,17 +22,16 @@
 #include "nsIDOMHTMLImageElement.h"
 #include "nsIFrameLoader.h"
 #include "nsIWebProgress.h"
 #include "nsMsgUtils.h"
 #include "nsThreadUtils.h"
 #include "mozilla/mailnews/MimeHeaderParser.h"
 
 static const char kBlockRemoteImages[] = "mailnews.message_display.disable_remote_image";
-static const char kAllowPlugins[] = "mailnews.message_display.allow_plugins";
 static const char kTrustedDomains[] =  "mail.trusteddomains";
 
 using namespace mozilla::mailnews;
 
 // Per message headder flags to keep track of whether the user is allowing remote
 // content for a particular message.
 // if you change or add more values to these constants, be sure to modify
 // the corresponding definitions in mailWindowOverlay.js
@@ -44,44 +43,40 @@ NS_IMPL_ISUPPORTS(nsMsgContentPolicy,
                   nsIContentPolicy,
                   nsIWebProgressListener,
                   nsIMsgContentPolicy,
                   nsIObserver,
                   nsISupportsWeakReference)
 
 nsMsgContentPolicy::nsMsgContentPolicy()
 {
-  mAllowPlugins = false;
   mBlockRemoteImages = true;
 }
 
 nsMsgContentPolicy::~nsMsgContentPolicy()
 {
   // hey, we are going away...clean up after ourself....unregister our observer
   nsresult rv;
   nsCOMPtr<nsIPrefBranch> prefInternal = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
   if (NS_SUCCEEDED(rv))
   {
     prefInternal->RemoveObserver(kBlockRemoteImages, this);
-    prefInternal->RemoveObserver(kAllowPlugins, this);
   }
 }
 
 nsresult nsMsgContentPolicy::Init()
 {
   nsresult rv;
 
   // register ourself as an observer on the mail preference to block remote images
   nsCOMPtr<nsIPrefBranch> prefInternal = do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   prefInternal->AddObserver(kBlockRemoteImages, this, true);
-  prefInternal->AddObserver(kAllowPlugins, this, true);
 
-  prefInternal->GetBoolPref(kAllowPlugins, &mAllowPlugins);
   prefInternal->GetCharPref(kTrustedDomains, getter_Copies(mTrustedMailDomains));
   prefInternal->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
 
   // Grab a handle on the PermissionManager service for managing allowed remote
   // content senders.
   mPermissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
@@ -758,17 +753,17 @@ nsresult nsMsgContentPolicy::SetDisableI
   }
 
   if (!isAllowedContent) {
     // Disable JavaScript on message URLs.
     rv = docShell->SetAllowJavascript(false);
     NS_ENSURE_SUCCESS(rv, rv);
     rv = docShell->SetAllowContentRetargetingOnChildren(false);
     NS_ENSURE_SUCCESS(rv, rv);
-    rv = docShell->SetAllowPlugins(mAllowPlugins);
+    rv = docShell->SetAllowPlugins(false);
     NS_ENSURE_SUCCESS(rv, rv);
   }
   else {
     // JavaScript and plugins are allowed on non-message URLs.
     rv = docShell->SetAllowJavascript(true);
     NS_ENSURE_SUCCESS(rv, rv);
     rv = docShell->SetAllowContentRetargetingOnChildren(true);
     NS_ENSURE_SUCCESS(rv, rv);
@@ -860,18 +855,16 @@ NS_IMETHODIMP nsMsgContentPolicy::Observ
 
     nsresult rv;
 
     nsCOMPtr<nsIPrefBranch> prefBranchInt = do_QueryInterface(aSubject, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (pref.Equals(kBlockRemoteImages))
       prefBranchInt->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
-    if (pref.Equals(kAllowPlugins))
-      prefBranchInt->GetBoolPref(kAllowPlugins, &mAllowPlugins);
   }
 
   return NS_OK;
 }
 
 /**
  * We implement the nsIWebProgressListener interface in order to enforce
  * settings at onLocationChange time.
@@ -926,17 +919,17 @@ nsMsgContentPolicy::OnLocationChange(nsI
   nsCOMPtr<nsIMsgMessageUrl> messageUrl = do_QueryInterface(aLocation, &rv);
 
   if (NS_SUCCEEDED(rv)) {
     // Disable javascript on message URLs.
     rv = docShell->SetAllowJavascript(false);
     NS_ASSERTION(NS_SUCCEEDED(rv),
                  "Failed to set javascript disabled on docShell");
     // Also disable plugins if the preference requires it.
-    rv = docShell->SetAllowPlugins(mAllowPlugins);
+    rv = docShell->SetAllowPlugins(false);
     NS_ASSERTION(NS_SUCCEEDED(rv),
                  "Failed to set plugins disabled on docShell");
   }
   else {
     // Disable javascript and plugins are allowed on non-message URLs.
     rv = docShell->SetAllowJavascript(true);
     NS_ASSERTION(NS_SUCCEEDED(rv),
                  "Failed to set javascript allowed on docShell");
--- a/mailnews/base/src/nsMsgContentPolicy.h
+++ b/mailnews/base/src/nsMsgContentPolicy.h
@@ -50,17 +50,16 @@ public:
   NS_DECL_NSIOBSERVER
   NS_DECL_NSIWEBPROGRESSLISTENER
   NS_DECL_NSIMSGCONTENTPOLICY
   
 protected:
   virtual ~nsMsgContentPolicy();
 
   bool     mBlockRemoteImages;
-  bool     mAllowPlugins;
   nsCString mTrustedMailDomains;
   nsCOMPtr<nsIPermissionManager> mPermissionManager;
 
   bool IsTrustedDomain(nsIURI * aContentLocation);
   bool IsSafeRequestingLocation(nsIURI *aRequestingLocation);
   bool IsExposedProtocol(nsIURI *aContentLocation);
   bool IsExposedChromeProtocol(nsIURI *aContentLocation);
   bool ShouldBlockUnexposedProtocol(nsIURI *aContentLocation);
--- a/mailnews/mailnews.js
+++ b/mailnews/mailnews.js
@@ -647,18 +647,16 @@ pref("mail.warn_on_send_accel_key", true
 pref("mail.enable_autocomplete", true);
 pref("mailnews.html_domains", "");
 pref("mailnews.plaintext_domains", "");
 pref("mailnews.global_html_domains.version", 1);
 
 /////////////////////////////////////////////////////////////////
 // Privacy Controls for Handling Remote Content
 /////////////////////////////////////////////////////////////////
-// Specific plugins pref just for message content. RSS is not covered by this.
-pref("mailnews.message_display.allow_plugins", false);
 pref("mailnews.message_display.disable_remote_image", true);
 
 /////////////////////////////////////////////////////////////////
 // Trusted Mail Domains
 //
 // Specific domains can be white listed to bypass various privacy controls in Thunderbird
 // such as blocking remote images, the phishing detector, etc. This is particularly
 // useful for business deployments where images or links reference servers inside a