Bug 1543694 - Prevent content from adding place flavors to a DataTransfer. r=NeilDeakin
authorMarco Bonardo <mbonardo@mozilla.com>
Thu, 11 Apr 2019 17:12:06 +0000
changeset 469231 b5f523e6d49841c25d7423870fa6e36e026e24a0
parent 469230 3e5250ccb4fec40a10080dce6a16a21bbe12be86
child 469232 010b72a5a21cf34c77ad23d4a3c3ed944622b54e
push id112776
push usershindli@mozilla.com
push dateFri, 12 Apr 2019 16:20:17 +0000
treeherdermozilla-inbound@b4501ced5619 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersNeilDeakin
bugs1543694
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1543694 - Prevent content from adding place flavors to a DataTransfer. r=NeilDeakin Differential Revision: https://phabricator.services.mozilla.com/D27121
dom/events/DataTransfer.cpp
dom/tests/mochitest/general/test_clipboard_disallowed.html
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -34,16 +34,17 @@
 #include "mozilla/dom/DataTransferItemList.h"
 #include "mozilla/dom/Directory.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/FileList.h"
 #include "mozilla/dom/BindingUtils.h"
 #include "mozilla/dom/OSFileSystem.h"
 #include "mozilla/dom/Promise.h"
 #include "nsNetUtil.h"
+#include "nsReadableUtils.h"
 
 #define MOZ_CALLS_ENABLED_PREF "dom.datatransfer.mozAtAPIs"
 
 namespace mozilla {
 namespace dom {
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(DataTransfer)
 
@@ -615,17 +616,28 @@ bool DataTransfer::PrincipalMaySetData(c
     }
 
     if (aType.EqualsASCII(kFileMime) || aType.EqualsASCII(kFilePromiseMime)) {
       NS_WARNING(
           "Disallowing adding x-moz-file or x-moz-file-promize types to "
           "DataTransfer");
       return false;
     }
+
+    // Disallow content from creating x-moz-place flavors, so that it cannot
+    // create fake Places smart queries exposing user data, but give a free
+    // pass to WebExtensions.
+    auto principal = BasePrincipal::Cast(aPrincipal);
+    if (!principal->AddonPolicy() &&
+        StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+      NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+      return false;
+    }
   }
+
   return true;
 }
 
 void DataTransfer::TypesListMayHaveChanged() {
   DataTransfer_Binding::ClearCachedTypesValue(this);
 }
 
 already_AddRefed<DataTransfer> DataTransfer::MozCloneForEvent(
--- a/dom/tests/mochitest/general/test_clipboard_disallowed.html
+++ b/dom/tests/mochitest/general/test_clipboard_disallowed.html
@@ -35,16 +35,31 @@ function checkAllowed(event)
     clipboardData.setData("application/x-moz-file-promise", "Test");
   } catch(ex) {
     exception = ex;
   }
   is(String(exception).indexOf("SecurityError"), 0, "Cannot set file promise");
 
   exception = null;
   try {
+    clipboardData.setData("text/x-moz-place", "Test");
+  } catch(ex) {
+    exception = ex;
+  }
+  is(String(exception).indexOf("SecurityError"), 0, "Cannot set place");
+  exception = null;
+  try {
+    clipboardData.setData("text/x-moz-place-container", "Test");
+  } catch(ex) {
+    exception = ex;
+  }
+  is(String(exception).indexOf("SecurityError"), 0, "Cannot set place container");
+
+  exception = null;
+  try {
     clipboardData.setData("application/something", "This is data");
   } catch(ex) {
     exception = ex;
   }
   is(exception, null, "Can set custom data to a string");
   SimpleTest.finish();
 }