Bug 1057518 - Ensure callingDoc and doc's principal are the same in XMLDocument::Load(). r=sicking
authorTanvi Vyas <tvyas@mozilla.com>
Fri, 29 Aug 2014 16:56:28 -0700
changeset 202546 fe0200fd2d3ac7a8d325af8969f8f52cb07bbae6
parent 202545 02d549361c6d81bd108867ad544f3e5f341187ab
child 202547 e156a5c3f783f2bc81ea91002c440b46750968bd
push id27402
push userryanvm@gmail.com
push dateSat, 30 Aug 2014 16:25:31 +0000
treeherdermozilla-central@983cf2175495 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1057518
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1057518 - Ensure callingDoc and doc's principal are the same in XMLDocument::Load(). r=sicking
dom/locales/en-US/chrome/dom/dom.properties
dom/xml/XMLDocument.cpp
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@@ -203,8 +203,9 @@ KeyNameLiveWarning=KeyboardEvent.key val
 KeyNameAppsWarning=KeyboardEvent.key value "Apps" is obsolete and will be removed. For more help https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.key
 # LOCALIZATION NOTE: Do not translate "KeyboardEvent.key", "FastFwd" and "MediaFastForward".
 KeyNameFastFwdWarning=KeyboardEvent.key value "FastFwd" is obsolete and will be renamed to "MediaFastForward". For more help https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.key
 # LOCALIZATION NOTE: Do not translate "KeyboardEvent.key", "Zoom" and "ZoomToggle".
 KeyNameZoomWarning=KeyboardEvent.key value "Zoom" is obsolete and will be renamed to "ZoomToggle". For more help https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.key
 # LOCALIZATION NOTE: Do not translate "KeyboardEvent.key" and "Dead".
 KeyNameDeadKeysWarning=KeyboardEvent.key values starting with "Dead" are obsolete and will be merged into just "Dead". For more help https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.key
 ImportXULIntoContentWarning=Importing XUL nodes into a content document is deprecated. This functionality may be removed soon.
+XMLDocumentLoadPrincipalMismatch=Use of document.load forbidden on Documents that come from other Windows. Only the Window in which a Document was created is allowed to call .load on that Document. Preferably, use XMLHttpRequest instead.
--- a/dom/xml/XMLDocument.cpp
+++ b/dom/xml/XMLDocument.cpp
@@ -298,16 +298,29 @@ XMLDocument::Load(const nsAString& aUrl,
   if (!scriptObject && hasHadScriptObject) {
     aRv.Throw(NS_ERROR_UNEXPECTED);
     return false;
   }
 
   WarnOnceAbout(nsIDocument::eUseOfDOM3LoadMethod);
 
   nsCOMPtr<nsIDocument> callingDoc = GetEntryDocument();
+  nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+
+  // The callingDoc's Principal and doc's Principal should be the same
+  if (callingDoc->NodePrincipal() != principal) {
+    nsContentUtils::ReportToConsole(nsIScriptError::errorFlag,
+                                    NS_LITERAL_CSTRING("DOM"),
+                                    callingDoc,
+                                    nsContentUtils::eDOM_PROPERTIES,
+                                    "XMLDocumentLoadPrincipalMismatch");
+    aRv.Throw(NS_ERROR_UNEXPECTED);
+    return false;
+  }
+
   nsIURI *baseURI = mDocumentURI;
   nsAutoCString charset;
 
   if (callingDoc) {
     baseURI = callingDoc->GetDocBaseURI();
     charset = callingDoc->GetDocumentCharacterSet();
   }
 
@@ -322,17 +335,16 @@ XMLDocument::Load(const nsAString& aUrl,
   // Check to see whether the current document is allowed to load this URI.
   // It's important to use the current document's principal for this check so
   // that we don't end up in a case where code with elevated privileges is
   // calling us and changing the principal of this document.
 
   // Enforce same-origin even for chrome loaders to avoid someone accidentally
   // using a document that content has a reference to and turn that into a
   // chrome document.
-  nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
   if (!nsContentUtils::IsSystemPrincipal(principal)) {
     rv = principal->CheckMayLoad(uri, false, false);
     if (NS_FAILED(rv)) {
       aRv.Throw(rv);
       return false;
     }
 
     int16_t shouldLoad = nsIContentPolicy::ACCEPT;