Bug 1378377 Part 1: Expose file:// URI whitelist check to chrome JS. r=bz
authorBob Owen <bobowencode@gmail.com>
Wed, 19 Jul 2017 09:37:25 +0100
changeset 369704 b4f4996c541ea5e260e4ca13617b201e90b08096
parent 369703 5ac596abee3dc2207aa4cbeb8d80a931d915726d
child 369705 137cb6b5df6772b2b34ba91b40ed8e58a1d7d74c
push id32202
push userkwierso@gmail.com
push dateThu, 20 Jul 2017 00:30:04 +0000
treeherdermozilla-central@eb1d92b2b6a4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1378377
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1378377 Part 1: Expose file:// URI whitelist check to chrome JS. r=bz This is required so that we can check the whitelist and run domains that are allowed to use file:// URIs in the file content process.
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -121,16 +121,23 @@ interface nsIScriptSecurityManager : nsI
      * hence will check whether fixed-up versions of the URI are allowed to
      * load as well); if any of the versions of this URI is not allowed, this
      * function will return error code NS_ERROR_DOM_BAD_URI.
      */
     void checkLoadURIStrWithPrincipal(in nsIPrincipal aPrincipal,
                                       in AUTF8String uri,
                                       in unsigned long flags);
 
+    /**
+     * Returns true if the URI is from a domain that is white-listed through
+     * prefs to be allowed to use file:// URIs.
+     * @param aUri the URI to be tested
+     */
+    bool inFileURIWhitelist(in nsIURI aUri);
+
     ///////////////// Principals ///////////////////////
 
     /**
      * Return the all-powerful system principal.
      */
     nsIPrincipal getSystemPrincipal();
 
     /**
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -936,20 +936,20 @@ nsScriptSecurityManager::CheckLoadURIFla
     // Check for target URI pointing to a file
     rv = NS_URIChainHasFlags(aTargetURI,
                              nsIProtocolHandler::URI_IS_LOCAL_FILE,
                              &hasFlags);
     NS_ENSURE_SUCCESS(rv, rv);
     if (hasFlags) {
         // Allow domains that were whitelisted in the prefs. In 99.9% of cases,
         // this array is empty.
-        for (nsIURI* uri : EnsureFileURIWhitelist()) {
-            if (EqualOrSubdomain(aSourceURI, uri)) {
-                return NS_OK;
-            }
+        bool isWhitelisted;
+        MOZ_ALWAYS_SUCCEEDS(InFileURIWhitelist(aSourceURI, &isWhitelisted));
+        if (isWhitelisted) {
+            return NS_OK;
         }
 
         // Allow chrome://
         bool isChrome = false;
         if (NS_SUCCEEDED(aSourceBaseURI->SchemeIs("chrome", &isChrome)) && isChrome) {
             return NS_OK;
         }
 
@@ -1091,16 +1091,33 @@ nsScriptSecurityManager::CheckLoadURIStr
             return rv;
         }
         NS_ENSURE_SUCCESS(rv, rv);
     }
 
     return rv;
 }
 
+NS_IMETHODIMP
+nsScriptSecurityManager::InFileURIWhitelist(nsIURI* aUri, bool* aResult)
+{
+    MOZ_ASSERT(aUri);
+    MOZ_ASSERT(aResult);
+
+    *aResult = false;
+    for (nsIURI* uri : EnsureFileURIWhitelist()) {
+        if (EqualOrSubdomain(aUri, uri)) {
+            *aResult = true;
+            return NS_OK;
+        }
+    }
+
+    return NS_OK;
+}
+
 ///////////////// Principals ///////////////////////
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
 {
     NS_ADDREF(*result = mSystemPrincipal);
 
     return NS_OK;