Bug 1534343 - Document should check if its mCookieSettings exists before using it, r=Ehsan
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 21 Mar 2019 06:44:00 +0000
changeset 465369 184c209dca37de935373d28826a3ceed8e0bc77d
parent 465368 803ea92e7423cc609b736b2b596debd3565cab15
child 465370 b80098d0a5c4197287582b6db0bd71aaa6bbd05c
child 465401 5cac2c92926e91b70e3858343efb12075433a42b
push id81038
push useramarchesini@mozilla.com
push dateThu, 21 Mar 2019 07:20:53 +0000
treeherderautoland@184c209dca37 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersEhsan
bugs1534343
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1534343 - Document should check if its mCookieSettings exists before using it, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D23764
dom/base/Document.cpp
netwerk/cookie/test/mochitest/empty.html
netwerk/cookie/test/mochitest/mochitest.ini
netwerk/cookie/test/mochitest/test_xmlDocument.html
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -11825,17 +11825,17 @@ void Document::SetDocTreeHadPlayRevoked(
   }
 }
 
 DocumentAutoplayPolicy Document::AutoplayPolicy() const {
   return AutoplayPolicy::IsAllowedToPlay(*this);
 }
 
 void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
-  if (mCookieSettings->GetCookieBehavior() !=
+  if (CookieSettings()->GetCookieBehavior() !=
       nsICookieService::BEHAVIOR_REJECT_TRACKER) {
     return;
   }
 
   // This will probably change for project fission, but currently this document
   // and the opener are on the same process. In the future, we should make this
   // part async.
 
@@ -12347,17 +12347,17 @@ already_AddRefed<mozilla::dom::Promise> 
 
   // Step 2. If the document has a null origin, reject.
   if (NodePrincipal()->GetIsNullPrincipal()) {
     promise->MaybeRejectWithUndefined();
     return promise.forget();
   }
 
   // Only enforce third-party checks when there is a reason to enforce them.
-  if (mCookieSettings->GetCookieBehavior() !=
+  if (CookieSettings()->GetCookieBehavior() !=
       nsICookieService::BEHAVIOR_REJECT_TRACKER) {
     // Step 3. If the document's frame is the main frame, resolve.
     if (IsTopLevelContentDocument()) {
       promise->MaybeResolveWithUndefined();
       return promise.forget();
     }
 
     // Step 4. If the sub frame's origin is equal to the main frame's, resolve.
@@ -12400,17 +12400,17 @@ already_AddRefed<mozilla::dom::Promise> 
 
   if (nsContentUtils::IsInPrivateBrowsing(this)) {
     // If the document is in PB mode, it doesn't have access to its persistent
     // cookie jar, so reject the promise here.
     promise->MaybeRejectWithUndefined();
     return promise.forget();
   }
 
-  if (mCookieSettings->GetCookieBehavior() ==
+  if (CookieSettings()->GetCookieBehavior() ==
           nsICookieService::BEHAVIOR_REJECT_TRACKER &&
       inner) {
     // Only do something special for third-party tracking content.
     if (nsContentUtils::StorageDisabledByAntiTracking(this, nullptr)) {
       // Note: If this has returned true, the top-level document is guaranteed
       // to not be on the Content Blocking allow list.
       DebugOnly<bool> isOnAllowList = false;
       // If we have a parent document, it has to be non-private since we
new file mode 100644
--- /dev/null
+++ b/netwerk/cookie/test/mochitest/empty.html
@@ -0,0 +1,1 @@
+<h1>Nothing here</h1>
--- a/netwerk/cookie/test/mochitest/mochitest.ini
+++ b/netwerk/cookie/test/mochitest/mochitest.ini
@@ -7,8 +7,10 @@ support-files =
 [test_document_cookie.html]
 [test_fetch.html]
 [test_image.html]
 [test_script.html]
 [test_sharedWorker.html]
 [test_worker.html]
 [test_xhr.html]
 [test_metaTag.html]
+[test_xmlDocument.html]
+support-files = empty.html
new file mode 100644
--- /dev/null
+++ b/netwerk/cookie/test/mochitest/test_xmlDocument.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test for Document constructor</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<script type="application/javascript">
+
+let w;
+
+SpecialPowers.pushPrefEnv({set: [
+  ["dom.storage_access.enabled", true],
+  ["dom.storage_access.prompt.testing", true],
+  ["dom.storage_access.prompt.testing.allow", true],
+  ["dom.testing.sync-content-blocking-notifications", true],
+  ["network.cookie.cookieBehavior", 0],
+]}).then(_ => {
+  return new Promise(resolve => {
+    w = window.open("empty.html");
+    w.onload = resolve;
+  });
+}).then(_ => {
+  const doc = new w.Document();
+  return doc.requestStorageAccess().catch(__ => {});
+}).then(___ => {
+  w.close();
+  ok(true, "No crash!");
+  SimpleTest.finish();
+});
+
+SimpleTest.waitForExplicitFinish();
+
+</script>
+</body>
+</html>