Bug 1119302 - Implement nsIContentPolicy.shouldProcess for plugin subresource loads, r=bz
☠☠ backed out by 157873c02e6d ☠ ☠
authorBenjamin Smedberg <benjamin@smedbergs.us>
Thu, 08 Jan 2015 12:23:27 -0500
changeset 223118 0c40a9e043cea4f5c3bf9e2e51f1ce6531b32567
parent 223117 da03d6aff37d92878b0c19897fd759db92600f59
child 223119 7e2d8309a20a3935e3ee5fb2c9a6bf3a83735a87
push id10769
push usercbook@mozilla.com
push dateMon, 12 Jan 2015 14:15:52 +0000
treeherderfx-team@0e9765732906 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1119302
milestone37.0a1
Bug 1119302 - Implement nsIContentPolicy.shouldProcess for plugin subresource loads, r=bz
dom/plugins/base/nsPluginStreamListenerPeer.cpp
--- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp
+++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
@@ -1,22 +1,25 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsPluginStreamListenerPeer.h"
+#include "nsIContentPolicy.h"
+#include "nsContentPolicyUtils.h"
 #include "nsIDOMElement.h"
 #include "nsIStreamConverterService.h"
 #include "nsIHttpChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIFileChannel.h"
 #include "nsMimeTypes.h"
 #include "nsISupportsPrimitives.h"
 #include "nsNetCID.h"
+#include "nsPluginInstanceOwner.h"
 #include "nsPluginLogging.h"
 #include "nsIURI.h"
 #include "nsIURL.h"
 #include "nsPluginHost.h"
 #include "nsIByteRangeRequest.h"
 #include "nsIMultiPartChannel.h"
 #include "nsIInputStreamTee.h"
 #include "nsPrintfCString.h"
@@ -421,31 +424,64 @@ nsPluginStreamListenerPeer::SetupPluginC
 NS_IMETHODIMP
 nsPluginStreamListenerPeer::OnStartRequest(nsIRequest *request,
                                            nsISupports* aContext)
 {
   nsresult rv = NS_OK;
   PROFILER_LABEL("nsPluginStreamListenerPeer", "OnStartRequest",
     js::ProfileEntry::Category::OTHER);
 
+  nsCOMPtr<nsIChannel> channel = do_QueryInterface(request);
+  NS_ENSURE_TRUE(channel, NS_ERROR_FAILURE);
+
+  nsAutoCString contentType;
+  rv = channel->GetContentType(contentType);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // Check ShouldProcess with content policy
+  nsRefPtr<nsPluginInstanceOwner> owner;
+  if (mPluginInstance) {
+    owner = mPluginInstance->GetOwner();
+  }
+  nsCOMPtr<nsIDOMElement> element;
+  nsCOMPtr<nsIDocument> doc;
+  if (owner) {
+    owner->GetDOMElement(getter_AddRefs(element));
+    owner->GetDocument(getter_AddRefs(doc));
+  }
+  nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
+
+  int16_t shouldLoad = nsIContentPolicy::ACCEPT;
+  rv = NS_CheckContentProcessPolicy(nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
+                                    mURL,
+                                    principal,
+                                    element,
+                                    contentType,
+                                    nullptr,
+                                    &shouldLoad);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (NS_CP_REJECTED(shouldLoad)) {
+    return NS_ERROR_CONTENT_BLOCKED;
+  }
+
   if (mRequests.IndexOfObject(GetBaseRequest(request)) == -1) {
     NS_ASSERTION(mRequests.Count() == 0,
                  "Only our initial stream should be unknown!");
     TrackRequest(request);
   }
 
   if (mHaveFiredOnStartRequest) {
     return NS_OK;
   }
 
   mHaveFiredOnStartRequest = true;
 
-  nsCOMPtr<nsIChannel> channel = do_QueryInterface(request);
-  NS_ENSURE_TRUE(channel, NS_ERROR_FAILURE);
-
   // deal with 404 (Not Found) HTTP response,
   // just return, this causes the request to be ignored.
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
   if (httpChannel) {
     uint32_t responseCode = 0;
     rv = httpChannel->GetResponseStatus(&responseCode);
     if (NS_FAILED(rv)) {
       // NPP_Notify() will be called from OnStopRequest
@@ -504,35 +540,30 @@ nsPluginStreamListenerPeer::OnStartReque
       return NS_ERROR_FAILURE;
     }
     mLength = 0;
   }
   else {
     mLength = uint32_t(length);
   }
 
-  nsAutoCString aContentType; // XXX but we already got the type above!
-  rv = channel->GetContentType(aContentType);
-  if (NS_FAILED(rv))
-    return rv;
-
   nsCOMPtr<nsIURI> aURL;
   rv = channel->GetURI(getter_AddRefs(aURL));
   if (NS_FAILED(rv))
     return rv;
 
   aURL->GetSpec(mURLSpec);
 
-  if (!aContentType.IsEmpty())
-    mContentType = aContentType;
+  if (!contentType.IsEmpty())
+    mContentType = contentType;
 
 #ifdef PLUGIN_LOGGING
   PR_LOG(nsPluginLogging::gPluginLog, PLUGIN_LOG_NOISY,
          ("nsPluginStreamListenerPeer::OnStartRequest this=%p request=%p mime=%s, url=%s\n",
-          this, request, aContentType.get(), mURLSpec.get()));
+          this, request, contentType.get(), mURLSpec.get()));
 
   PR_LogFlush();
 #endif
 
   // Set up the stream listener...
   rv = SetUpStreamListener(request, aURL);
   if (NS_FAILED(rv)) {
     return rv;