Bug 913734 - Remove custom privilege setup for cut/copy/paste. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Fri, 13 Dec 2013 19:15:43 -0800
changeset 160492 26190b7a0b355ccb90e5acf3e85754b4c84873db
parent 160491 681ab70f67078d00a2efb4931d58dcbc45e0e276
child 160493 22929b380e8458c9bc2816eef1bbfbf14e84472e
push id25834
push userphilringnalda@gmail.com
push dateSun, 15 Dec 2013 02:20:53 +0000
treeherdermozilla-central@9fcc6330dc69 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs913734
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 913734 - Remove custom privilege setup for cut/copy/paste. r=mrbkap
content/html/document/src/nsHTMLDocument.cpp
content/html/document/src/nsHTMLDocument.h
editor/libeditor/html/tests/test_bug676401.html
modules/libpref/src/init/all.js
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@@ -3139,57 +3139,16 @@ ConvertToMidasInternalCommand(const nsAS
   nsAutoCString dummyCString;
   nsAutoString dummyString;
   bool dummyBool;
   return ConvertToMidasInternalCommandInner(inCommandID, dummyString,
                                             outCommandID, dummyCString,
                                             dummyBool, dummyBool, true);
 }
 
-jsid
-nsHTMLDocument::sCutCopyInternal_id = JSID_VOID;
-jsid
-nsHTMLDocument::sPasteInternal_id = JSID_VOID;
-
-/* Helper function to check security of clipboard commands. If aPaste is */
-/* true, we check paste, else we check cutcopy */
-nsresult
-nsHTMLDocument::DoClipboardSecurityCheck(bool aPaste)
-{
-  nsresult rv = NS_ERROR_FAILURE;
-
-  JSContext *cx = nsContentUtils::GetCurrentJSContext();
-  if (!cx) {
-    return NS_OK;
-  }
-
-  NS_NAMED_LITERAL_CSTRING(classNameStr, "Clipboard");
-
-  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
-
-  if (aPaste) {
-    if (nsHTMLDocument::sPasteInternal_id == JSID_VOID) {
-      nsHTMLDocument::sPasteInternal_id =
-        INTERNED_STRING_TO_JSID(cx, ::JS_InternString(cx, "paste"));
-    }
-    rv = secMan->CheckPropertyAccess(cx, nullptr, classNameStr.get(),
-                                     nsHTMLDocument::sPasteInternal_id,
-                                     nsIXPCSecurityManager::ACCESS_GET_PROPERTY);
-  } else {
-    if (nsHTMLDocument::sCutCopyInternal_id == JSID_VOID) {
-      nsHTMLDocument::sCutCopyInternal_id =
-        INTERNED_STRING_TO_JSID(cx, ::JS_InternString(cx, "cutcopy"));
-    }
-    rv = secMan->CheckPropertyAccess(cx, nullptr, classNameStr.get(),
-                                     nsHTMLDocument::sCutCopyInternal_id,
-                                     nsIXPCSecurityManager::ACCESS_GET_PROPERTY);
-  }
-  return rv;
-}
-
 /* TODO: don't let this call do anything if the page is not done loading */
 /* boolean execCommand(in DOMString commandID, in boolean doShowUI,
                                                in DOMString value); */
 NS_IMETHODIMP
 nsHTMLDocument::ExecCommand(const nsAString& commandID,
                             bool doShowUI,
                             const nsAString& value,
                             bool* _retval)
@@ -3227,24 +3186,21 @@ nsHTMLDocument::ExecCommand(const nsAStr
     return false;
   }
 
   if (commandID.LowerCaseEqualsLiteral("gethtml")) {
     rv.Throw(NS_ERROR_FAILURE);
     return false;
   }
 
-  if (commandID.LowerCaseEqualsLiteral("cut") ||
-      commandID.LowerCaseEqualsLiteral("copy")) {
-    rv = DoClipboardSecurityCheck(false);
-  } else if (commandID.LowerCaseEqualsLiteral("paste")) {
-    rv = DoClipboardSecurityCheck(true);
-  }
-
-  if (rv.Failed()) {
+  bool restricted = commandID.LowerCaseEqualsLiteral("cut") ||
+                    commandID.LowerCaseEqualsLiteral("copy")||
+                    commandID.LowerCaseEqualsLiteral("paste");
+  if (restricted && !nsContentUtils::IsCallerChrome()) {
+    rv = NS_ERROR_DOM_SECURITY_ERR;
     return false;
   }
 
   // get command manager and dispatch command to our window if it's acceptable
   nsCOMPtr<nsICommandManager> cmdMgr;
   GetMidasCommandManager(getter_AddRefs(cmdMgr));
   if (!cmdMgr) {
     rv.Throw(NS_ERROR_FAILURE);
--- a/content/html/document/src/nsHTMLDocument.h
+++ b/content/html/document/src/nsHTMLDocument.h
@@ -342,20 +342,16 @@ protected:
 
   nsresult TurnEditingOff();
   nsresult EditingStateChanged();
   void MaybeEditingStateChanged();
 
   uint32_t mContentEditableCount;
   EditingState mEditingState;
 
-  nsresult   DoClipboardSecurityCheck(bool aPaste);
-  static jsid        sCutCopyInternal_id;
-  static jsid        sPasteInternal_id;
-
   // When false, the .cookies property is completely disabled
   bool mDisableCookieAccess;
 
   /**
    * Temporary flag that is set in EndUpdate() to ignore
    * MaybeEditingStateChanged() script runners from a nested scope.
    */
   bool mPendingMaybeEditingStateChanged;
--- a/editor/libeditor/html/tests/test_bug676401.html
+++ b/editor/libeditor/html/tests/test_bug676401.html
@@ -83,30 +83,28 @@ function runTests() {
   for (i = 0; i < commands.length; i++)
     IsCommandEnabled(commands[i]);
 
   // Mozilla-specific stuff
   commands = ["enableInlineTableEditing", "enableObjectResizing", "insertBrOnReturn"];
   for (i = 0; i < commands.length; i++)
     IsCommandEnabled(commands[i]);
 
-  // cut/copy/paste -- SpecialPowers required
-  SpecialPowers.setCharPref("capability.policy.policynames",                      "allowclipboard");
-  SpecialPowers.setCharPref("capability.policy.allowclipboard.sites",             "http://mochi.test:8888");
-  SpecialPowers.setCharPref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess");
-  SpecialPowers.setCharPref("capability.policy.allowclipboard.Clipboard.paste",   "allAccess");
+  // These are privileged, and available only to chrome.
   commands = ["cut", "paste", "copy"];
   for (i = 0; i < commands.length; i++) {
     IsCommandEnabled(commands[i]);
-    document.execCommand(commands[i], false, false);
+    try {
+      document.execCommand(commands[i], false, false);
+      ok(false, "Thould have thrown: " + commands[i]);
+    } catch (e) {
+      ok(/insecure|denied/.test(e), "Threw correctly: " + commands[i] + " - " + e);
+    }
+    SpecialPowers.wrap(document).execCommand(commands[i], false, false);
   }
-  SpecialPowers.clearUserPref("capability.policy.policynames");
-  SpecialPowers.clearUserPref("capability.policy.allowclipboard.sites");
-  SpecialPowers.clearUserPref("capability.policy.allowclipboard.Clipboard.cutcopy");
-  SpecialPowers.clearUserPref("capability.policy.allowclipboard.Clipboard.paste");
 
   // delete/undo/redo -- we have to execute this commands because:
   //  * there's nothing to undo if we haven't modified the selection first
   //  * there's nothing to redo if we haven't undone something first
   commands = ["delete", "undo", "redo"];
   for (i = 0; i < commands.length; i++) {
     IsCommandEnabled(commands[i]);
     document.execCommand(commands[i], false, false);
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@@ -823,20 +823,16 @@ pref("capability.policy.mailnews.WebServ
 pref("capability.policy.mailnews.WebServiceProxyFactory.onError", "noAccess");
 
 // XMLExtras
 pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
 pref("capability.policy.default.XMLHttpRequest.getInterface", "noAccess");
 pref("capability.policy.default.XMLHttpRequest.open-uri", "allAccess");
 pref("capability.policy.default.DOMParser.parseFromStream", "noAccess");
 
-// Clipboard
-pref("capability.policy.default.Clipboard.cutcopy", "noAccess");
-pref("capability.policy.default.Clipboard.paste", "noAccess");
-
 // Scripts & Windows prefs
 pref("dom.disable_image_src_set",           false);
 pref("dom.disable_window_flip",             false);
 pref("dom.disable_window_move_resize",      false);
 pref("dom.disable_window_status_change",    false);
 
 pref("dom.disable_window_open_feature.titlebar",    false);
 pref("dom.disable_window_open_feature.close",       false);