Bug 167475 - iframes should load just URLs able to return data, r=smaug
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 12 Dec 2018 00:59:47 +0100
changeset 450198 a5ad58077bd87428465c52f55997d8254d61a162
parent 450197 2ee2f297c4106e017231ed67fba4034d766c942b
child 450199 3c2dc7c0e8c9ce1ddbcd8482f1bd484f5f6c7516
push id35191
push userccoroiu@mozilla.com
push dateWed, 12 Dec 2018 05:12:41 +0000
treeherdermozilla-central@e27e7c02c708 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs167475
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 167475 - iframes should load just URLs able to return data, r=smaug This is done in order to block external protocol URLs in iframes, which cannot be used to create documents, and they could exec external apps or show prompt dialogs.
docshell/base/nsDocShell.cpp
dom/base/UseCounters.conf
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9798,38 +9798,27 @@ nsresult nsDocShell::DoURILoad(
   nsresult rv;
   nsCOMPtr<nsIURILoader> uriLoader =
       do_GetService(NS_URI_LOADER_CONTRACTID, &rv);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   if (IsFrame()) {
+    MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IFRAME ||
+                   aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
+               "DoURILoad thinks this is a frame and InternalLoad does not");
+
+    // Only allow URLs able to return data in iframes.
     bool doesNotReturnData = false;
     NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
                         &doesNotReturnData);
-
     if (doesNotReturnData) {
-      // If this is an iframe, it must have a parent. Let's count the
-      // no-data-URL telemetry on the parent document, because probably this one
-      // is an about page.
-      nsCOMPtr<nsIDocShellTreeItem> parent;
-      GetSameTypeParent(getter_AddRefs(parent));
-      MOZ_ASSERT(parent);
-
-      nsIDocument* parentDocument = parent->GetDocument();
-      if (parentDocument) {
-        parentDocument->SetDocumentAndPageUseCounter(
-            eUseCounter_custom_no_data_URL);
-      }
-    }
-
-    MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IFRAME ||
-                   aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
-               "DoURILoad thinks this is a frame and InternalLoad does not");
+      return NS_ERROR_UNKNOWN_PROTOCOL;
+    }
 
     // Only allow view-source scheme in top-level docshells. view-source is
     // the only scheme to which this applies at the moment due to potential
     // timing attacks to read data from cross-origin iframes. If this widens
     // we should add a protocol flag for whether the scheme is allowed in
     // frames and use something like nsNetUtil::NS_URIChainHasFlags.
     nsCOMPtr<nsIURI> tempURI = aURI;
     nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(tempURI);
--- a/dom/base/UseCounters.conf
+++ b/dom/base/UseCounters.conf
@@ -55,19 +55,16 @@ method PushManager.subscribe
 method PushSubscription.unsubscribe
 
 // window.sidebar
 attribute Window.sidebar
 
 // External interface
 method External.AddSearchProvider
 
-// no-data URLs for iframes
-custom no_data_URL used in iframes
-
 // AppCache API
 method OfflineResourceList.swapCache
 method OfflineResourceList.update
 attribute OfflineResourceList.status
 attribute OfflineResourceList.onchecking
 attribute OfflineResourceList.onerror
 attribute OfflineResourceList.onnoupdate
 attribute OfflineResourceList.ondownloading