--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@@ -142,32 +142,57 @@ nsMsgContentPolicy::ShouldLoad(uint32_t
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
+ nsAutoCString spec;
+ aContentLocation->GetSpec(spec);
+ printf("=== nsMsgContentPolicy::ShouldLoad: URI=|%s|\n", spec.get());
+ if (spec.Find("part=") != kNotFound) {
+ printf("=== nsMsgContentPolicy::ShouldLoad: this is a message part\n");
+ }
+ if (aRequestingLocation)
+ printf("=== aRequestingLocation = %s\n", aRequestingLocation->GetSpecOrDefault().get());
+
+ if (aRequestPrincipal) {
+ bool sp = nsContentUtils::IsSystemPrincipal(aRequestPrincipal);
+ bool cp = aRequestPrincipal->GetIsCodebasePrincipal();
+ bool np = aRequestPrincipal->GetIsNullPrincipal();
+ printf("=== nsMsgContentPolicy::ShouldLoad: Request Principal Sys/Code/Null Principal: %d/%d/%d\n",
+ sp?1:0, cp?1:0, np?1:0);
+ if (cp) {
+ nsCOMPtr<nsIURI> principalURI;
+ aRequestPrincipal->GetURI(getter_AddRefs(principalURI));
+ nsAutoCString principalURISpec;
+ principalURI->GetSpec(principalURISpec);
+ printf("=== nsMsgContentPolicy::ShouldLoad: CodebasePrincipal=|%s|\n", principalURISpec.get());
+ }
+ } else
+ printf("=== nsMsgContentPolicy::ShouldLoad: Request Principal is NULL\n");
+
nsresult rv = NS_OK;
// The default decision at the start of the function is to accept the load.
// Once we have checked the content type and the requesting location, then
// we switch it to reject.
//
// Be very careful about returning error codes - if this method returns an
// NS_ERROR_*, any decision made here will be ignored, and the document could
// be accepted when we don't want it to be.
//
// In most cases if an error occurs, its something we didn't expect so we
// should be rejecting the document anyway.
*aDecision = nsIContentPolicy::ACCEPT;
NS_ENSURE_ARG_POINTER(aContentLocation);
-#ifdef DEBUG_MsgContentPolicy
+#if 0
fprintf(stderr, "aContentType: %d\naContentLocation = %s\n",
aContentType,
aContentLocation->GetSpecOrDefault().get());
#endif
#ifndef MOZ_THUNDERBIRD
// Go find out if we are dealing with mailnews. Anything else
// isn't our concern and we accept content.
@@ -175,66 +200,67 @@ nsMsgContentPolicy::ShouldLoad(uint32_t
rv = GetRootDocShellForContext(aRequestingContext,
getter_AddRefs(rootDocShell));
NS_ENSURE_SUCCESS(rv, rv);
uint32_t appType;
rv = rootDocShell->GetAppType(&appType);
// We only want to deal with mailnews
if (NS_FAILED(rv) || appType != nsIDocShell::APP_TYPE_MAIL)
- return NS_OK;
+ { printf("=== returning (1) %d\n", (int) *aDecision); return NS_OK; }
#endif
switch(aContentType) {
// Plugins (nsIContentPolicy::TYPE_OBJECT) are blocked on document load.
case nsIContentPolicy::TYPE_DOCUMENT:
// At this point, we have no intention of supporting a different JS
// setting on a subdocument, so we don't worry about TYPE_SUBDOCUMENT here.
// If the timing were right, we'd enable JavaScript on the docshell
// for non mailnews URIs here. However, at this point, the
// old document may still be around, so we can't do any enabling just yet.
// Instead, we apply the policy in nsIWebProgressListener::OnLocationChange.
// For now, we explicitly disable JavaScript in order to be safe rather than
// sorry, because OnLocationChange isn't guaranteed to necessarily be called
// soon enough to disable it in time (though bz says it _should_ be called
// soon enough "in all sane cases").
+ printf("=== nsMsgContentPolicy::ShouldLoad calling SetDisableItemsOnMailNewsUrlDocshells\n");
rv = SetDisableItemsOnMailNewsUrlDocshells(aContentLocation,
aRequestingContext);
// if something went wrong during the tweaking, reject this content
if (NS_FAILED(rv)) {
NS_WARNING("Failed to set disable items on docShells");
*aDecision = nsIContentPolicy::REJECT_TYPE;
- return NS_OK;
+ printf("=== returning (2) %d\n", (int)*aDecision); return NS_OK;
}
break;
case nsIContentPolicy::TYPE_CSP_REPORT:
// We cannot block CSP reports.
*aDecision = nsIContentPolicy::ACCEPT;
- return NS_OK;
+ printf("=== returning (3A) %d\n", (int) *aDecision); return NS_OK;
break;
default:
break;
}
// NOTE: Not using NS_ENSURE_ARG_POINTER because this is a legitimate case
// that can happen. Also keep in mind that the default policy used for a
// failure code is ACCEPT.
if (!aRequestingLocation)
- return NS_ERROR_INVALID_POINTER;
+ { printf("=== returning no request location\n"); return NS_ERROR_INVALID_POINTER; }
#ifdef DEBUG_MsgContentPolicy
fprintf(stderr, "aRequestingLocation = %s\n", aRequestingLocation->GetSpecOrDefault().get());
#endif
// If the requesting location is safe, accept the content location request.
if (IsSafeRequestingLocation(aRequestingLocation))
- return rv;
+ { printf("=== returning on safe\n"); return rv; }
// Now default to reject so early returns via NS_ENSURE_SUCCESS
// cause content to be rejected.
*aDecision = nsIContentPolicy::REJECT_REQUEST;
// We want to establish the following:
// \--------\ requester | | |
// content \------------\ | | |
@@ -246,137 +272,141 @@ nsMsgContentPolicy::ShouldLoad(uint32_t
// news message | don't load (4)| load (5) | load (6)
// -------------------------+---------------+--------------+------------------
// http(s)/data, etc. | (default) | (default) | (default)
// -------------------------+---------------+--------------+------------------
nsCOMPtr<nsIMsgMessageUrl> contentURL(do_QueryInterface(aContentLocation));
if (contentURL) {
nsCOMPtr<nsINntpUrl> contentNntpURL(do_QueryInterface(aContentLocation));
if (!contentNntpURL) {
+ printf("=== content NOT news\n");
// Mail message (mailbox, imap or JsAccount) content requested, for example
// a message part, like an image:
// To load mail message content the requester must have the same
// "normalised" principal. This is basically a "same origin" test, it
// protects against cross-loading of mail message content from
// other mail or news messages.
nsCOMPtr<nsIMsgMessageUrl> requestURL(do_QueryInterface(aRequestingLocation));
// If the request URL is not also a message URL, then we don't accept.
if (requestURL) {
nsCString contentPrincipalSpec, requestPrincipalSpec;
nsresult rv1 = contentURL->GetPrincipalSpec(contentPrincipalSpec);
nsresult rv2 = requestURL->GetPrincipalSpec(requestPrincipalSpec);
+ printf("=== content principal spec: |%s|\n", contentPrincipalSpec.get());
+ printf("=== request principal spec: |%s|\n", requestPrincipalSpec.get());
if (NS_SUCCEEDED(rv1) && NS_SUCCEEDED(rv2) &&
contentPrincipalSpec.Equals(requestPrincipalSpec))
*aDecision = nsIContentPolicy::ACCEPT; // (1)
}
- return NS_OK; // (2) and (3)
+ printf("=== returning (3B) %d\n", (int) *aDecision); return NS_OK; // (2) and (3)
}
+ printf("=== content IS news\n");
// News message content requested. Don't accept request coming
// from a mail message since it would access the news server.
nsCOMPtr<nsIMsgMessageUrl> requestURL(do_QueryInterface(aRequestingLocation));
if (requestURL) {
nsCOMPtr<nsINntpUrl> requestNntpURL(do_QueryInterface(aRequestingLocation));
if (!requestNntpURL)
- return NS_OK; // (4)
+ { printf("=== returning (3C) %d\n", (int) *aDecision); return NS_OK; } // (4)
}
*aDecision = nsIContentPolicy::ACCEPT; // (5) and (6)
- return NS_OK;
+ printf("=== returning (3D) %d\n", (int) *aDecision); return NS_OK;
}
// If exposed protocol not covered by the test above or protocol that has been
// specifically exposed by an add-on, or is a chrome url, then allow the load.
if (IsExposedProtocol(aContentLocation))
{
*aDecision = nsIContentPolicy::ACCEPT;
- return NS_OK;
+ printf("=== returning (4) %d\n", (int) *aDecision); return NS_OK;
}
// never load unexposed protocols except for http, https and file.
// Protocols like ftp are always blocked.
if (ShouldBlockUnexposedProtocol(aContentLocation))
- return NS_OK;
+ { printf("=== returning (5) %d\n", (int)*aDecision); return NS_OK;}
// If we are allowing all remote content...
if (!mBlockRemoteImages)
{
*aDecision = nsIContentPolicy::ACCEPT;
- return NS_OK;
+ printf("=== returning (6) %d\n", (int) *aDecision); return NS_OK;
}
// Extract the windowtype to handle compose windows separately from mail
if (aRequestingContext)
{
nsCOMPtr<nsIMsgCompose> msgCompose =
GetMsgComposeForContext(aRequestingContext);
// Work out if we're in a compose window or not.
if (msgCompose)
{
ComposeShouldLoad(msgCompose, aRequestingContext, aContentLocation,
aDecision);
- return NS_OK;
+ printf("=== returning (7) %d\n", (int) *aDecision); return NS_OK;
}
}
// Find out the URI that originally initiated the set of requests for this
// context.
nsCOMPtr<nsIURI> originatorLocation;
if (!aRequestingContext && aRequestPrincipal)
{
// Can get the URI directly from the principal.
rv = aRequestPrincipal->GetURI(getter_AddRefs(originatorLocation));
}
else
{
rv = GetOriginatingURIForContext(aRequestingContext,
getter_AddRefs(originatorLocation));
if (NS_SUCCEEDED(rv) && !originatorLocation)
- return NS_OK;
+ { printf("=== returning (8) %d\n", (int) *aDecision); return NS_OK; }
}
NS_ENSURE_SUCCESS(rv, NS_OK);
#ifdef DEBUG_MsgContentPolicy
fprintf(stderr, "originatorLocation = %s\n", originatorLocation->GetSpecOrDefault().get());
#endif
// Allow content when using a remote page.
bool isHttp;
bool isHttps;
rv = originatorLocation->SchemeIs("http", &isHttp);
nsresult rv2 = originatorLocation->SchemeIs("https", &isHttps);
if (NS_SUCCEEDED(rv) && NS_SUCCEEDED(rv2) && (isHttp || isHttps))
{
- *aDecision = nsIContentPolicy::ACCEPT;
+ printf("=== returning (9) %d\n", (int)*aDecision); return NS_OK;
return NS_OK;
}
uint32_t permission;
mPermissionManager->TestPermission(aContentLocation, "image", &permission);
switch (permission) {
case nsIPermissionManager::UNKNOWN_ACTION:
{
// No exception was found for this location.
break;
}
case nsIPermissionManager::ALLOW_ACTION:
{
*aDecision = nsIContentPolicy::ACCEPT;
- return NS_OK;
+ printf("=== returning (10) %d\n", (int) *aDecision); return NS_OK;
}
case nsIPermissionManager::DENY_ACTION:
{
*aDecision = nsIContentPolicy::REJECT_REQUEST;
- return NS_OK;
+ printf("=== returning (11) %d\n", (int) *aDecision); return NS_OK;
}
}
// The default decision is still to reject.
ShouldAcceptContentForPotentialMsg(originatorLocation, aContentLocation,
aDecision);
- return NS_OK;
+ printf("=== returning (12) %d\n", (int) *aDecision); return NS_OK;
}
/**
* Determines if the requesting location is a safe one, i.e. its under the
* app/user's control - so file, about, chrome etc.
*/
bool
nsMsgContentPolicy::IsSafeRequestingLocation(nsIURI *aRequestingLocation)
@@ -717,33 +747,38 @@ already_AddRefed<nsIMsgCompose> nsMsgCon
composeService->GetMsgComposeForDocShell(docShell,
getter_AddRefs(msgCompose));
return msgCompose.forget();
}
nsresult nsMsgContentPolicy::SetDisableItemsOnMailNewsUrlDocshells(
nsIURI *aContentLocation, nsISupports *aRequestingContext)
{
+ nsAutoCString spec;
+ aContentLocation->GetSpec(spec);
+ printf("=== SetDisableItemsOnMailNewsUrlDocshells: URI=|%s|\n", spec.get());
// XXX if this class changes so that this method can be called from
// ShouldProcess, and if it's possible for this to be null when called from
// ShouldLoad, but not in the corresponding ShouldProcess call,
// we need to re-think the assumptions underlying this code.
// If there's no docshell to get to, there's nowhere for the JavaScript to
// run, so we're already safe and don't need to disable anything.
if (!aRequestingContext) {
+ printf("=== SetDisableItemsOnMailNewsUrlDocshells: bailing early (1)\n");
return NS_OK;
}
nsresult rv;
bool isAllowedContent = !ShouldBlockUnexposedProtocol(aContentLocation);
nsCOMPtr<nsIMsgMessageUrl> msgUrl = do_QueryInterface(aContentLocation, &rv);
if (NS_FAILED(rv) && !isAllowedContent) {
// If it's not a mailnews url or allowed content url (http[s]|file) then
// bail; otherwise set whether js and plugins are allowed.
+ printf("=== SetDisableItemsOnMailNewsUrlDocshells: bailing early (2)\n");
return NS_OK;
}
// since NS_CP_GetDocShellFromContext returns the containing docshell rather
// than the contained one we need, we can't use that here, so...
nsCOMPtr<nsIFrameLoaderOwner> flOwner = do_QueryInterface(aRequestingContext,
&rv);
NS_ENSURE_SUCCESS(rv, rv);