Bug 1352513 - re-add the hidden window exception behind a pref, r=bholley
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Mon, 03 Apr 2017 11:47:22 +0100
changeset 351056 09ee763947c36dc437ce7974f7172329823a40c0
parent 351055 be3f73f200a95988121eadcc2c002e2f4cc5ba30
child 351057 d27164b00fffdc053dc0ef434c3f6807b29e555a
push id88794
push usercbook@mozilla.com
push dateTue, 04 Apr 2017 10:38:12 +0000
treeherdermozilla-inbound@1986a6f181d7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1352513
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1352513 - re-add the hidden window exception behind a pref, r=bholley MozReview-Commit-ID: 3q1CZ5QCuus
caps/nsScriptSecurityManager.cpp
modules/libpref/init/all.js
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -893,16 +893,33 @@ nsScriptSecurityManager::CheckLoadURIFla
                 bool accessAllowed = false;
                 reg->AllowContentToAccess(aTargetBaseURI, &accessAllowed);
                 if (accessAllowed) {
                     return NS_OK;
                 }
             }
         }
 
+        static bool sCanLoadChromeInContent = false;
+        static bool sCachedCanLoadChromeInContentPref = false;
+        if (!sCachedCanLoadChromeInContentPref) {
+            sCachedCanLoadChromeInContentPref = true;
+            mozilla::Preferences::AddBoolVarCache(&sCanLoadChromeInContent,
+                "security.allow_chrome_frames_inside_content");
+        }
+        if (sCanLoadChromeInContent) {
+            // Special-case the hidden window: it's allowed to load
+            // URI_IS_UI_RESOURCE no matter what.  Bug 1145470 tracks removing this.
+            nsAutoCString sourceSpec;
+            if (NS_SUCCEEDED(aSourceBaseURI->GetSpec(sourceSpec)) &&
+                sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
+                return NS_OK;
+            }
+        }
+
         if (reportErrors) {
             ReportError(nullptr, errorTag, aSourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // Check for target URI pointing to a file
     rv = NS_URIChainHasFlags(aTargetURI,
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2360,16 +2360,20 @@ pref("security.cert_pinning.enforcement_
 // This is to prevent accidental pinning from MITM devices and is used
 // for tests.
 pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 
 // If set to true, allow view-source URIs to be opened from URIs that share
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);
 
+// If set to true, in some limited circumstances it may be possible to load
+// privileged content in frames inside unprivileged content.
+pref("security.allow_chrome_frames_inside_content", false);
+
 // Services security settings
 pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");
 
 // Blocklist preferences
 pref("extensions.blocklist.enabled", true);
 // OneCRL freshness checking depends on this value, so if you change it,
 // please also update security.onecrl.maximum_staleness_in_seconds.
 pref("extensions.blocklist.interval", 86400);