Bug 1222924 - stop allowing webpages to link to moz-icon: , r?bholley draft
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Wed, 22 Nov 2017 21:31:41 +0000
changeset 702169 89165863ef3fda819869803104b563553153a805
parent 702065 4affa6e0a8c622e4c4152872ffc14b73103830ac
child 741397 caeaa050bcde56d56041f369a6893e43a38978f1
push id90410
push userbmo:gijskruitbosch+bugs@gmail.com
push dateWed, 22 Nov 2017 21:32:20 +0000
reviewersbholley
bugs1222924
milestone59.0a1
Bug 1222924 - stop allowing webpages to link to moz-icon: , r?bholley MozReview-Commit-ID: FKEDboWIfFQ
caps/nsScriptSecurityManager.cpp
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -683,16 +683,25 @@ nsScriptSecurityManager::CheckLoadURIWit
     else if (sViewSourceReachableFromInner &&
              sourceScheme.EqualsIgnoreCase(targetScheme.get()) &&
              NS_SUCCEEDED(aTargetURI->SchemeIs("view-source", &targetIsViewSource)) &&
              targetIsViewSource)
     {
         // exception for foo: linking to view-source:foo for reftests...
         return NS_OK;
     }
+    else if (sourceScheme.EqualsIgnoreCase("file") &&
+             targetScheme.EqualsIgnoreCase("moz-icon"))
+    {
+        // exception for file: linking to moz-icon://.ext?size=...
+        // Note that because targetScheme is the base (innermost) URI scheme,
+        // this does NOT allow file -> moz-icon:file:///... links.
+        // This is intentional.
+        return NS_OK;
+    }
 
     // Check for webextension
     rv = NS_URIChainHasFlags(aTargetURI,
                              nsIProtocolHandler::URI_LOADABLE_BY_EXTENSIONS,
                              &hasFlags);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (hasFlags && BasePrincipal::Cast(aPrincipal)->AddonPolicy()) {
@@ -832,22 +841,16 @@ nsScriptSecurityManager::CheckLoadURIFla
     // Check for chrome target URI
     bool hasFlags = false;
     rv = NS_URIChainHasFlags(aTargetBaseURI,
                              nsIProtocolHandler::URI_IS_UI_RESOURCE,
                              &hasFlags);
     NS_ENSURE_SUCCESS(rv, rv);
     if (hasFlags) {
         if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
-            // For now, don't change behavior for moz-icon:// and just allow it.
-            if (!targetScheme.EqualsLiteral("chrome")
-                    && !targetScheme.EqualsLiteral("resource")) {
-                return NS_OK;
-            }
-
             // Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
             // target if ALLOW_CHROME is set.
             //
             // ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
             // loads (since docshell loads run the loaded content with its origin
             // principal). So we're effectively allowing resource://, chrome://,
             // and moz-icon:// source URIs to load resource://, chrome://, and
             // moz-icon:// files, so long as they're not loading it as a document.