Bug 1263496 - Part 1: fix for @mozilla.org/nullprincipal;1 r=bholley
authorYoshi Huang <allstars.chh@mozilla.com>
Thu, 21 Apr 2016 16:25:21 +0800
changeset 295136 0b08a5ce65aeaa4665fc00405274928ce7e046b8
parent 295135 3ee93ef1f7ed3852c517585e93b6680607533515
child 295137 6b8afcb75d337366a6dd6d163adee7cc8385e66c
push id30220
push usercbook@mozilla.com
push dateThu, 28 Apr 2016 14:31:09 +0000
treeherdermozilla-central@4292da9df16b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1263496
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1263496 - Part 1: fix for @mozilla.org/nullprincipal;1 r=bholley This fixed the locations listed by http://searchfox.org/mozilla-central/search?q=@mozilla.org/nullprincipal;1&redirect=true
browser/components/feeds/FeedWriter.js
browser/experiments/Experiments.jsm
devtools/client/inspector/rules/rules.js
gfx/thebes/gfxSVGGlyphs.cpp
toolkit/content/widgets/text.xml
--- a/browser/components/feeds/FeedWriter.js
+++ b/browser/components/feeds/FeedWriter.js
@@ -882,22 +882,26 @@ FeedWriter.prototype = {
 
   /**
    * Returns the original URI object of the feed and ensures that this
    * component is only ever invoked from the preview document.
    * @param aWindow
    *        The window of the document invoking the BrowserFeedWriter
    */
   _getOriginalURI(aWindow) {
-    let chan = aWindow.QueryInterface(Ci.nsIInterfaceRequestor).
-               getInterface(Ci.nsIWebNavigation).
-               QueryInterface(Ci.nsIDocShell).currentDocumentChannel;
+    let docShell = aWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                          .getInterface(Ci.nsIWebNavigation)
+                          .QueryInterface(Ci.nsIDocShell);
+    let chan = docShell.currentDocumentChannel;
 
-    let nullPrincipal = Cc["@mozilla.org/nullprincipal;1"].
-                        createInstance(Ci.nsIPrincipal);
+    // We probably need to call InheritFromDocShellToDoc for this, but right now
+    // we can't call it from JS.
+    let attrs = docShell.getOriginAttributes();
+    let ssm = Services.scriptSecurityManager;
+    let nullPrincipal = ssm.createNullPrincipal(attrs);
 
     let resolvedURI = Cc["@mozilla.org/network/io-service;1"].
                       getService(Ci.nsIIOService).
                       newChannel2("about:feeds",
                                   null,
                                   null,
                                   null, // aLoadingNode
                                   nullPrincipal,
@@ -1180,23 +1184,29 @@ FeedWriter.prototype = {
   function FW__setFaviconForWebReader(aReaderUrl, aMenuItem) {
     let readerURI = makeURI(aReaderUrl);
     if (!/^https?$/.test(readerURI.scheme)) {
       // Don't try to get a favicon for non http(s) URIs.
       return;
     }
     let faviconURI = makeURI(readerURI.prePath + "/favicon.ico");
     let self = this;
-    let usePrivateBrowsing = this._window.QueryInterface(Ci.nsIInterfaceRequestor)
-                                         .getInterface(Ci.nsIWebNavigation)
-                                         .QueryInterface(Ci.nsIDocShell)
-                                         .QueryInterface(Ci.nsILoadContext)
-                                         .usePrivateBrowsing;
-    let nullPrincipal = Cc["@mozilla.org/nullprincipal;1"]
-                          .createInstance(Ci.nsIPrincipal);
+
+    let docShell = this._window.QueryInterface(Ci.nsIInterfaceRequestor)
+                               .getInterface(Ci.nsIWebNavigation)
+                               .QueryInterface(Ci.nsIDocShell);
+    let usePrivateBrowsing = docShell.QueryInterface(Ci.nsILoadContext)
+                                     .usePrivateBrowsing;
+
+    // We probably need to call InheritFromDocShellToDoc for this, but right now
+    // we can't call it from JS.
+    let attrs = docShell.getOriginAttributes();
+    let ssm = Services.scriptSecurityManager;
+    let nullPrincipal = ssm.createNullPrincipal(attrs);
+
     this._faviconService.setAndFetchFaviconForPage(readerURI, faviconURI, false,
       usePrivateBrowsing ? this._faviconService.FAVICON_LOAD_PRIVATE
                          : this._faviconService.FAVICON_LOAD_NON_PRIVATE,
       function (aURI, aDataLen, aData, aMimeType) {
         if (aDataLen > 0) {
           let dataURL = "data:" + aMimeType + ";base64," +
                         btoa(String.fromCharCode.apply(null, aData));
           aMenuItem.setAttribute('image', dataURL);
--- a/browser/experiments/Experiments.jsm
+++ b/browser/experiments/Experiments.jsm
@@ -1715,23 +1715,24 @@ Experiments.ExperimentEntry.prototype = 
 
   /*
    * Run the jsfilter function from the manifest in a sandbox and return the
    * result (forced to boolean).
    */
   _runFilterFunction: Task.async(function* (jsfilter) {
     this._log.trace("runFilterFunction() - filter: " + jsfilter);
 
-    const nullprincipal = Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);
+    let ssm = Services.scriptSecurityManager;
+    const nullPrincipal = ssm.createNullPrincipal({});
     let options = {
       sandboxName: "telemetry experiments jsfilter sandbox",
       wantComponents: false,
     };
 
-    let sandbox = Cu.Sandbox(nullprincipal, options);
+    let sandbox = Cu.Sandbox(nullPrincipal, options);
     try {
       Cu.evalInSandbox(jsfilter, sandbox);
     } catch (e) {
       this._log.error("runFilterFunction() - failed to eval jsfilter: " + e.message);
       throw ["jsfilter-evalfailed"];
     }
 
     let currentEnvironment = yield TelemetryEnvironment.onInitialized();
--- a/devtools/client/inspector/rules/rules.js
+++ b/devtools/client/inspector/rules/rules.js
@@ -115,18 +115,22 @@ function createDummyDocument() {
     nodeName: "iframe",
     namespaceURI: "http://www.w3.org/1999/xhtml",
     allowJavascript: false,
     allowPlugins: false,
     allowAuth: false
   });
   let docShell = getDocShell(frame);
   let eventTarget = docShell.chromeEventHandler;
-  docShell.createAboutBlankContentViewer(Cc["@mozilla.org/nullprincipal;1"]
-                                         .createInstance(Ci.nsIPrincipal));
+  let ssm = Services.scriptSecurityManager;
+
+  // We probably need to call InheritFromDocShellToDoc to get the correct origin
+  // attributes, but right now we can't call it from JS.
+  let nullPrincipal = ssm.createNullPrincipal(docShell.getOriginAttributes());
+  docShell.createAboutBlankContentViewer(nullPrincipal);
   let window = docShell.contentViewer.DOMDocument.defaultView;
   window.location = "data:text/html,<html></html>";
   let deferred = promise.defer();
   eventTarget.addEventListener("DOMContentLoaded", function handler() {
     eventTarget.removeEventListener("DOMContentLoaded", handler, false);
     deferred.resolve(window.document);
     frame.remove();
   }, false);
--- a/gfx/thebes/gfxSVGGlyphs.cpp
+++ b/gfx/thebes/gfxSVGGlyphs.cpp
@@ -10,16 +10,17 @@
 #include "nsIDocument.h"
 #include "nsICategoryManager.h"
 #include "nsIDocumentLoaderFactory.h"
 #include "nsIContentViewer.h"
 #include "nsIStreamListener.h"
 #include "nsServiceManagerUtils.h"
 #include "nsIPresShell.h"
 #include "nsNetUtil.h"
+#include "nsNullPrincipal.h"
 #include "nsIInputStream.h"
 #include "nsStringStream.h"
 #include "nsStreamUtils.h"
 #include "nsIPrincipal.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/LoadInfo.h"
 #include "nsSVGUtils.h"
@@ -337,18 +338,17 @@ gfxSVGGlyphsDocument::ParseDocument(cons
     nsCOMPtr<nsIURI> uri;
     nsHostObjectProtocolHandler::GenerateURIString(NS_LITERAL_CSTRING(FONTTABLEURI_SCHEME),
                                                    nullptr,
                                                    mSVGGlyphsDocumentURI);
  
     rv = NS_NewURI(getter_AddRefs(uri), mSVGGlyphsDocumentURI);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    nsCOMPtr<nsIPrincipal> principal =
-      do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
+    nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::Create();
     NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
     nsCOMPtr<nsIDOMDocument> domDoc;
     rv = NS_NewDOMDocument(getter_AddRefs(domDoc),
                            EmptyString(),   // aNamespaceURI
                            EmptyString(),   // aQualifiedName
                            nullptr,          // aDoctype
                            uri, uri, principal,
--- a/toolkit/content/widgets/text.xml
+++ b/toolkit/content/widgets/text.xml
@@ -309,19 +309,17 @@
                                .getService(nsISSM);
 
             const ioService =
                      Components.classes["@mozilla.org/network/io-service;1"]
                                .getService(Components.interfaces.nsIIOService);
 
             uri = ioService.newURI(href, null, null);
 
-            var nullPrincipal =
-              Components.classes["@mozilla.org/nullprincipal;1"]
-                        .createInstance(Components.interfaces.nsIPrincipal);
+            var nullPrincipal = secMan.createNullPrincipal({});
             try {
               secMan.checkLoadURIWithPrincipal(nullPrincipal, uri,
                                                nsISSM.DISALLOW_INHERIT_PRINCIPAL)
             }
             catch (ex) {
               var msg = "Error: Cannot open a " + uri.scheme + ": link using \
                          the text-link binding.";
               Components.utils.reportError(msg);