Bug 1627649 - Unable to use WebSocket in Thunderbird. r=benc DONTBUILD
authorMagnus Melin <mkmelin+mozilla@iki.fi>
Thu, 14 May 2020 12:58:52 +0300
changeset 38251 b5cb669844cd935d3ed531893c40391b45948b3b
parent 38250 1950b809c9898a96340349a70d6f1ada4b6f8e76
child 38252 936dbd8706b8b49edb760edbe50199000de978f2
push id2607
push userclokep@gmail.com
push dateMon, 01 Jun 2020 20:50:20 +0000
treeherdercomm-beta@9d45cd34927b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbenc
bugs1627649
Bug 1627649 - Unable to use WebSocket in Thunderbird. r=benc DONTBUILD
mail/test/browser/content-policy/browser_generalContentPolicy.js
mailnews/base/src/nsMsgContentPolicy.cpp
--- a/mail/test/browser/content-policy/browser_generalContentPolicy.js
+++ b/mail/test/browser/content-policy/browser_generalContentPolicy.js
@@ -90,34 +90,37 @@ var url =
  * checkForAllowed: A function that is passed the element with id 'testelement'
  *                  to check for remote content being allowed/disallowed.
  *                  This function should return true if remote content was
  *                  allowed, false otherwise.
  */
 var TESTS = [
   {
     type: "Image",
+    description: "img served over http should be blocked",
     checkDenied: true,
     body: '<img id="testelement" src="' + url + 'pass.png"/>\n',
     webPage: "remoteimage.html",
     checkForAllowed: function img_checkAllowed(element) {
       return element.imageBlockingStatus == Ci.nsIContentPolicy.ACCEPT;
     },
   },
   {
     type: "Video",
+    description: "video served over http should be blocked",
     checkDenied: true,
     body: '<video id="testelement" src="' + url + 'video.ogv"/>\n',
     webPage: "remotevideo.html",
     checkForAllowed: function video_checkAllowed(element) {
       return element.networkState != element.NETWORK_NO_SOURCE;
     },
   },
   {
     type: "Image-Data",
+    description: "img from data url should be allowed",
     checkDenied: false,
     body:
       '<img id="testelement" src="data:image/png,%89PNG%0D%0A%1A%0A%00%00%00%0DIHDR%00%00%002%00%00%00%14%08%02%00%00%00%40%A8%F9%CD%00%00%02%A3IDATH%C7%ED%96%3D%2C%2CQ%14%C7%FF3K%22H4%3Ev%13%1F%DDR%10QP%09BT%22%0A%C2F%23HhD%B2%09%A5NB%88%C4%2B%25%0A%0At%14%14%04%85%CFD%82H%14%3E%12%8A-h%84B%7Cd%AD%FD%BDb%5E%26c%F7%3D%3B%5E%A5pr%8A%B9%E7%FE%EE%B9%FF%DCs%EE%CC%18%80%BE%9F%99%FA%96%F6%23%EB%3Fd%15%A9%C8%90%E1%F4d%25g%2B%BBNu%EBZ%8FYs%AB%5B%8F%3C%86%8C%90B%F1%19%8Fu%1CP%20W%B9%C9JNRR%8Er*U%19T0%AC%B0%7B%C6%B0Z%BEHE%17%BA%18%D7%B8%24DD%91%7B%DD%1F%E8%60G%3B%A6%CC-mU%AA%D2N%3A%A9%C9%A0%82%92%C646%A8A%A7%A6%3D%ED%D5%AA%D6%23O%9B%DA%FC%F2G%14%09)t%A0%83S%9D%3E%EA1%5D%E9.%19%01%40!%85%E2%CF%B3%D3%26%98%10j%A5%D5%19%2C%A7%DC%83G%A8%8C%B2%18%BE%91F%A1%0D6b%E2W%5C%BD%F1%E6%9EI%20%EB%81%07%A1%12J%EC%C8%25%97B%DDt%7B%F1%0A%9Ds%EE%E4%8B)%16z%E5%95%7F%9B%1B%26A%CB%A7*U%92%E9%B8%19%F3%9A%97%14P%A0E-%92%16%B4%E0%E4%F3%95%2FiF3%9F%E4t%C3%248%AD%13N%9CE%8C%12%F5%E3%CF%24%F3%8D%B7m%B6%85%FC%F8%A3Dm~%8B-%AB%BE%0D4%2C%B1%F4%CCs%7CN7%CCg%B2%DEyo%A6Yh%99e%2Br%C8%A1P%0F%3D%D6%AC%0F%9F%D0%11G%CEUk%AC%15P%20%24%94FZ%3B%ED%FB%EC%C7dN%C8%7C%90u%C6%99%E5\'%9C%2C%B0PM%B5P%1F%7D%F6y%04%09%0A%AD%B3n%0D%FB%E9%17%1Ad0f%D70%E1%25%96%02%04%D2I%B7%F6%EE%A2%2BL%D8%3D%F3A%96%ED%26%A6%0F_%13M%2B%AC%D8%9A%22D%7C%F8%AC%0AZ%91%5Dv%85%F2%C8%7B%E7%FD%AF%9D%FB%C4%D34%D3%D6%E5%18a%C4%3D%93%A0%B7%9C%B6%C9%A6S%BA%D3w%D8%F9d%E1%11GB%15T%B8g%BE%F0%F1%99%D3%9C!cO%7Bg%3A%B3%7DHC%F1%F71%C6JT%22%E9U%AF_%60%5C%9E%D6%0B%2F%19d%D4P%13%13%BF%E1%C6%C4%CC%22%CB%AA%EC%2F~%5Dq%15%C3%AC%B0b%BD%EA%AC%A1%1B%C6%AD%ACE%16%85%A6%98%8A%9F%AA%A7%5Eh%95U%3BO)%A5%BD%F4%0E3%3C%CAh\'%9D)%A4d%91u%CD%B5s%AF%CF%19%B7%B2ZhI%22%E9%8E%BB%F8%A9Yf%85%3A%E8%006%D8%18%60%A0%8A*%2F%5E%0F%1E%133%9F%FC%5EzC%84l%DE%0Dc%FC%FC%9D~%C1~%03%97%96%03%F2QP%E0%18%00%00%00%00IEND%AEB%60%82"/>\n',
     webPage: "remoteimagedata.html",
     checkForAllowed: function img_checkAllowed(element) {
       return element.imageBlockingStatus == Ci.nsIContentPolicy.ACCEPT;
     },
   },
@@ -522,16 +525,17 @@ function checkAllowForHostsWithPerms(tes
 
 add_task(function test_generalContentPolicy() {
   be_in_folder(folder);
 
   assert_nothing_selected();
 
   for (let i = 0; i < TESTS.length; ++i) {
     // Check for denied in mail
+    dump("Doing test: " + TESTS[i].description + " ...\n");
     addMsgToFolderAndCheckContent(folder, TESTS[i]);
 
     if (TESTS[i].checkDenied) {
       // Check denied in reply window
       checkComposeWindow(TESTS[i], true, false);
 
       // Check denied in forward window
       checkComposeWindow(TESTS[i], false, false);
--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@@ -289,17 +289,17 @@ nsMsgContentPolicy::ShouldLoad(nsIURI *a
 
   // If exposed protocol not covered by the test above or protocol that has been
   // specifically exposed by an add-on, or is a chrome url, then allow the load.
   if (IsExposedProtocol(aContentLocation)) {
     *aDecision = nsIContentPolicy::ACCEPT;
     return NS_OK;
   }
 
-  // never load unexposed protocols except for http, https and file.
+  // Never load unexposed protocols except for web protocols and file.
   // Protocols like ftp are always blocked.
   if (ShouldBlockUnexposedProtocol(aContentLocation)) return NS_OK;
 
   // Find out the URI that originally initiated the set of requests for this
   // context.
   nsCOMPtr<nsIURI> originatorLocation;
   if (!aRequestingContext && aRequestPrincipal) {
     // Can get the URI directly from the principal.
@@ -442,49 +442,63 @@ bool nsMsgContentPolicy::IsExposedProtoc
   if (contentScheme.LowerCaseEqualsLiteral("mailto") ||
       contentScheme.LowerCaseEqualsLiteral("addbook") ||
       contentScheme.LowerCaseEqualsLiteral("about"))
     return true;
 
   // check if customized exposed scheme
   if (mCustomExposedProtocols.Contains(contentScheme)) return true;
 
-  bool isData;
   bool isChrome;
-  bool isRes;
-  bool isMozExtension;
   rv = aContentLocation->SchemeIs("chrome", &isChrome);
   NS_ENSURE_SUCCESS(rv, false);
+
+  bool isRes;
   rv = aContentLocation->SchemeIs("resource", &isRes);
   NS_ENSURE_SUCCESS(rv, false);
+
+  bool isData;
   rv = aContentLocation->SchemeIs("data", &isData);
   NS_ENSURE_SUCCESS(rv, false);
+
+  bool isMozExtension;
   rv = aContentLocation->SchemeIs("moz-extension", &isMozExtension);
   NS_ENSURE_SUCCESS(rv, false);
 
   return isChrome || isRes || isData || isMozExtension;
 }
 
 /**
- * We block most unexposed protocols - apart from http(s) and file.
+ * We block most unexposed protocols that access remote data
+ * - apart from web protocols, and file.
  */
 bool nsMsgContentPolicy::ShouldBlockUnexposedProtocol(
     nsIURI *aContentLocation) {
+  // Error condition - we must return true so that we block.
   bool isHttp;
-  bool isHttps;
-  bool isFile;
-  // Error condition - we must return true so that we block.
   nsresult rv = aContentLocation->SchemeIs("http", &isHttp);
   NS_ENSURE_SUCCESS(rv, true);
+
+  bool isHttps;
   rv = aContentLocation->SchemeIs("https", &isHttps);
   NS_ENSURE_SUCCESS(rv, true);
+
+  bool isWs; // websocket
+  rv = aContentLocation->SchemeIs("ws", &isWs);
+  NS_ENSURE_SUCCESS(rv, true);
+
+  bool isWss; // secure websocket
+  rv = aContentLocation->SchemeIs("wss", &isWss);
+  NS_ENSURE_SUCCESS(rv, true);
+
+  bool isFile;
   rv = aContentLocation->SchemeIs("file", &isFile);
   NS_ENSURE_SUCCESS(rv, true);
 
-  return !isHttp && !isHttps && !isFile;
+  return !isHttp && !isHttps && !isWs && !isWss && !isFile;
 }
 
 /**
  * The default for this function will be to reject the content request.
  * When determining if to allow the request for a given msg hdr, the function
  * will go through the list of remote content blocking criteria:
  *
  * #1 Allow if there is a db header for a manual override.