Mercurial > mozilla-central / changeset / 3b3b8835cb2ec3575921be638dac64b6d03c377e
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1158131 - Add local resource whitelisting for string bundle channels. r=snorp
authorEugen Sawin <esawin@mozilla.com>
Thu, 30 Apr 2015 18:07:49 +0200
changeset 242254 3b3b8835cb2ec3575921be638dac64b6d03c377e
parent 242253 57fc3025cf9968a571cc16af9996acc9b468cabb
child 242255 ef4588e3937d36234a641ed42384238c784df23f
push id28686
push userryanvm@gmail.com
push dateMon, 04 May 2015 20:06:04 +0000
treeherdermozilla-central@102d0e9aa9e1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssnorp
bugs1158131
milestone40.0a1
first release with
nightly linux32
4c93d46ab92f / 40.0a1 / 20150505030206 / files
nightly linux64
4c93d46ab92f / 40.0a1 / 20150505030206 / files
nightly mac
4c93d46ab92f / 40.0a1 / 20150505030206 / files
nightly win32
4c93d46ab92f / 40.0a1 / 20150505030206 / files
nightly win64
4c93d46ab92f / 40.0a1 / 20150505030206 / files
last release without
nightly linux32
dc5f85980a82 / 40.0a1 / 20150504030210 / files
nightly linux64
dc5f85980a82 / 40.0a1 / 20150504030210 / files
nightly mac
dc5f85980a82 / 40.0a1 / 20150504030210 / files
nightly win32
dc5f85980a82 / 40.0a1 / 20150504030210 / files
nightly win64
dc5f85980a82 / 40.0a1 / 20150504030210 / files
Bug 1158131 - Add local resource whitelisting for string bundle channels. r=snorp --- intl/strres/nsStringBundle.cpp | 9 +++++++++ 1 file changed, 9 insertions(+)
intl/strres/nsStringBundle.cpp file | annotate | diff | comparison | revisions 
--- a/intl/strres/nsStringBundle.cpp
+++ b/intl/strres/nsStringBundle.cpp
@@ -64,16 +64,25 @@ nsStringBundle::LoadProperties()
 
   nsresult rv;
 
   // do it synchronously
   nsCOMPtr<nsIURI> uri;
   rv = NS_NewURI(getter_AddRefs(uri), mPropertiesURL);
   if (NS_FAILED(rv)) return rv;
 
+  // whitelist check for local schemes
+  nsCString scheme;
+  uri->GetScheme(scheme);
+  if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("jar") &&
+      !scheme.EqualsLiteral("resource") && !scheme.EqualsLiteral("file") &&
+      !scheme.EqualsLiteral("data")) {
+    return NS_ERROR_ABORT;
+  }
+
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel),
                      uri,
                      nsContentUtils::GetSystemPrincipal(),
                      nsILoadInfo::SEC_NORMAL,
                      nsIContentPolicy::TYPE_OTHER);
 
   if (NS_FAILED(rv)) return rv;
mozilla-central
Deployed from b583492a4153 at 2021-05-20T14:31:59Z.