Bug 1106713 - fixing up CSP checks for imports. r=mrbkap
authorGabor Krizsanits <gkrizsanits@mozilla.com>
Thu, 11 Dec 2014 13:18:10 +0100
changeset 219281 f23213acaad0a9f7085534e2162ca868484e8287
parent 219280 5d3fe12c63ed0bff4e6f01801a45d9406d175150
child 219282 3cfdc98a41d601d88d66df9cbce0ea6ccfc6dc3e
push id27958
push userkwierso@gmail.com
push dateFri, 12 Dec 2014 01:30:39 +0000
treeherdermozilla-central@5288b15d22de [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs1106713
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1106713 - fixing up CSP checks for imports. r=mrbkap
dom/base/ImportManager.cpp
dom/base/nsScriptLoader.cpp
dom/html/test/imports/file_CSP_sandbox.html
dom/html/test/imports/file_CSP_sandbox_import.html
dom/html/test/imports/mochitest.ini
dom/html/test/imports/test_CSP_sandbox.html
--- a/dom/base/ImportManager.cpp
+++ b/dom/base/ImportManager.cpp
@@ -621,16 +621,19 @@ ImportLoader::OnStartRequest(nsIRequest*
                                   DocumentFlavorHTML);
   NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_ABORT_ERR);
 
   // The imported document must know which master document it belongs to.
   mDocument = do_QueryInterface(importDoc);
   nsCOMPtr<nsIDocument> master = mImportParent->MasterDocument();
   mDocument->SetMasterDocument(master);
 
+  // We want to inherit the sandbox flags from the master document.
+  mDocument->SetSandboxFlags(master->GetSandboxFlags());
+
   // We have to connect the blank document we created with the channel we opened,
   // and create its own LoadGroup for it.
   nsCOMPtr<nsIStreamListener> listener;
   nsCOMPtr<nsILoadGroup> loadGroup;
   channel->GetLoadGroup(getter_AddRefs(loadGroup));
   nsCOMPtr<nsILoadGroup> newLoadGroup = do_CreateInstance(NS_LOADGROUP_CONTRACTID);
   NS_ENSURE_TRUE(newLoadGroup, NS_ERROR_OUT_OF_MEMORY);
   newLoadGroup->SetLoadGroup(loadGroup);
--- a/dom/base/nsScriptLoader.cpp
+++ b/dom/base/nsScriptLoader.cpp
@@ -433,16 +433,18 @@ ParseTypeAttribute(const nsAString& aTyp
 
   return true;
 }
 
 static bool
 CSPAllowsInlineScript(nsIScriptElement *aElement, nsIDocument *aDocument)
 {
   nsCOMPtr<nsIContentSecurityPolicy> csp;
+  // Note: For imports NodePrincipal and the principal of the master are
+  // the same.
   nsresult rv = aDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
   NS_ENSURE_SUCCESS(rv, false);
 
   if (!csp) {
     // no CSP --> allow
     return true;
   }
 
new file mode 100644
--- /dev/null
+++ b/dom/html/test/imports/file_CSP_sandbox.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+  <link rel="import" href="file_CSP_sandbox_import.html" id="import"></link>
+</body>
+
new file mode 100644
--- /dev/null
+++ b/dom/html/test/imports/file_CSP_sandbox_import.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<head>
+</head>
+<body>
+<script>
+  var scriptExecuted = true;
+</script>
+</body>
+
--- a/dom/html/test/imports/mochitest.ini
+++ b/dom/html/test/imports/mochitest.ini
@@ -33,23 +33,25 @@ support-files =
   file_cycle_4_E.html
   file_encoding.html
   file_simple_import.html
   file_blocking_DOMContentLoaded_A.html
   file_blocking_DOMContentLoaded_B.html
   file_blocking_DOMContentLoaded_C.html
   file_blocking_DOMContentLoaded_D.html
   file_element_upgrade.html
-
+  file_CSP_sandbox.html
+  file_CSP_sandbox_import.html
 
 [test_cycle_1.html]
 skip-if = toolkit == 'gonk' # nested imports fail on b2g emulator
 [test_cycle_2.html]
 skip-if = toolkit == 'gonk' # nested imports fail on b2g emulator
 [test_cycle_3.html]
 skip-if = toolkit == 'gonk' # nested imports fail on b2g emulator
 [test_cycle_4.html]
 skip-if = toolkit == 'gonk' # nested imports fail on b2g emulator
 [test_blocking_DOMContentLoaded.html]
 skip-if = toolkit == 'gonk' # nested imports fail on b2g emulator
 [test_encoding.html]
 [test_defaultView.html]
 [test_element_upgrade.html]
+[test_CSP_sandbox.html]
new file mode 100644
--- /dev/null
+++ b/dom/html/test/imports/test_CSP_sandbox.html
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1106713
+-->
+<head>
+  <title>Test for Bug 1106713</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+</head>
+<body>
+  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1106713">Mozilla Bug 1106713</a>
+  <script type="text/javascript">
+    SimpleTest.waitForExplicitFinish();
+    function go() {
+      var ifr = document.getElementById('iframe1').contentWindow;
+      ok(!ifr.scriptExecuted, "script is not allowed to run");
+      SimpleTest.finish();
+    }
+
+  </script>
+  <iframe src='file_CSP_sandbox.html' sandbox="allow-same-origin" onload="go()" id="iframe1"></iframe>
+</body>
+</html>
+