Bug 1340710 - Part 3: Add an assertion to ensure that codebase principals are never constructed with URI schemes such as javascript:, about: and data:; r=bholley
authorEhsan Akhgari <ehsan@mozilla.com>
Thu, 23 Feb 2017 21:47:28 -0500
changeset 346286 405aa6574c00c2a99f77417a43b288ab34a00ea9
parent 346285 cb0ea9136535ad6d1455833ea63b8ac7d68d58b4
child 346287 334ee7b3b3021ee4481b4aaaae833122b7fb5ffb
push id31460
push usercbook@mozilla.com
push dateTue, 07 Mar 2017 14:14:00 +0000
treeherdermozilla-central@47e5c929a487 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1340710
milestone54.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1340710 - Part 3: Add an assertion to ensure that codebase principals are never constructed with URI schemes such as javascript:, about: and data:; r=bholley
caps/nsPrincipal.cpp
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -95,16 +95,29 @@ nsPrincipal::~nsPrincipal()
 nsresult
 nsPrincipal::Init(nsIURI *aCodebase, const OriginAttributes& aOriginAttributes)
 {
   NS_ENSURE_STATE(!mInitialized);
   NS_ENSURE_ARG(aCodebase);
 
   mInitialized = true;
 
+  // Assert that the URI we get here isn't any of the schemes that we know we
+  // should not get here.  These schemes always either inherit their principal
+  // or fall back to a null principal.  These are schemes which return
+  // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
+  // GetProtocolFlags function.
+  bool hasFlag;
+  Unused << hasFlag; // silence possible compiler warnings.
+  MOZ_DIAGNOSTIC_ASSERT(
+      NS_SUCCEEDED(NS_URIChainHasFlags(aCodebase,
+                                       nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
+                                       &hasFlag)) &&
+      !hasFlag);
+
   mCodebase = NS_TryToMakeImmutable(aCodebase);
   mCodebaseImmutable = URIIsImmutable(mCodebase);
   mOriginAttributes = aOriginAttributes;
 
   return NS_OK;
 }
 
 nsresult