Bug 329869 - Dynamically loaded scripts don't degrade security state, r=kaie+honzab, a=benjamin
authorHonza Bambas <honzab.moz@firemni.cz>
Tue, 22 Sep 2009 21:42:20 +0200
changeset 31864 10595ea485721161e944bcbcc625ab4f1be36ada
parent 31863 3bc177bd871f6da74796d5996c187184a68e6be1
child 31865 fa380bc4f8923f653d34bc3fdbb87acf06647015
push id217
push userhonzab.moz@firemni.cz
push dateTue, 22 Sep 2009 19:43:40 +0000
reviewerskaie, benjamin
bugs329869
milestone1.9.2b1pre
Bug 329869 - Dynamically loaded scripts don't degrade security state, r=kaie+honzab, a=benjamin
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
security/manager/ssl/tests/mochitest/mixedcontent/Makefile.in
security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
@@ -1089,19 +1089,30 @@ nsSecureBrowserUIImpl::OnStateChange(nsI
   
         // before resetting our state, let's save information about
         // sub element loads, so we can restore it later
         prevContentSecurity->SetCountSubRequestsHighSecurity(saveSubHigh);
         prevContentSecurity->SetCountSubRequestsLowSecurity(saveSubLow);
         prevContentSecurity->SetCountSubRequestsBrokenSecurity(saveSubBroken);
         prevContentSecurity->SetCountSubRequestsNoSecurity(saveSubNo);
       }
-  
+
+      PRBool retrieveAssociatedState = PR_FALSE;
+
       if (securityInfo &&
-          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0)
+          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0) {
+        retrieveAssociatedState = PR_TRUE;
+      } else {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (wyciwygRequest) {
+          retrieveAssociatedState = PR_TRUE;
+        }
+      }
+
+      if (retrieveAssociatedState)
       {
         // When restoring from bfcache, we will not get events for the 
         // page's sub elements, so let's load the state of sub elements
         // from the cache.
     
         nsCOMPtr<nsIAssociatedContentSecurity> 
           newContentSecurity(do_QueryInterface(securityInfo));
     
--- a/security/manager/ssl/tests/mochitest/mixedcontent/Makefile.in
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/Makefile.in
@@ -61,16 +61,17 @@ include $(topsrcdir)/config/rules.mk
         iframesecredirect.sjs \
         iframeunsecredirect.sjs \
         imgsecredirect.sjs \
         imgunsecredirect.sjs \
         mixedContentTest.js \
         moonsurface.jpg \
         redirecttoemptyimage.sjs \
         somestyle.css \
+        test_bug329869.html \
         test_bug383369.html \
         test_bug455367.html \
         test_bug472986.html \
         test_cssBefore1.html \
         test_cssContent1.html \
         test_cssContent2.html \
         test_documentWrite1.html \
         test_documentWrite2.html \
@@ -92,15 +93,14 @@ include $(topsrcdir)/config/rules.mk
         test_unsecurePicture.html \
         test_unsecurePictureDup.html \
         test_unsecurePictureInIframe.html \
         test_unsecureRedirect.html \
         unsecureIframe.html \
         unsecurePictureDup.html \
         $(NULL)
 
-#        test_bug329869.html \  leaks, bug 452401
 #        test_dynUnsecureRedirect.html \ intermitently fails, quit often, bug 487402
 #        test_unsecureIframeMetaRedirect.html \ also intermittently fails, less often, bug 487632
 
 
 libs:: $(_TEST_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
--- a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -1,3 +1,3 @@
 document.write("This is insecure XSS script " + document.cookie);
-todoSecurityState("broken", "security broken after document write from unsecure script");
+isSecurityState("broken", "security broken after document write from unsecure script");
 finish();