Remove MailNews special casing from nsScriptSecurityManager (
bug 374577), r+sr=bzbarsky
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -570,30 +570,28 @@ private:
// JS strings we need to clean up on shutdown
static jsval sEnabledID;
inline void
ScriptSecurityPrefChanged();
static const char sJSEnabledPrefName[];
- static const char sJSMailEnabledPrefName[];
static const char sFileOriginPolicyPrefName[];
nsObjectHashtable* mOriginToPolicyMap;
DomainPolicy* mDefaultPolicy;
nsObjectHashtable* mCapabilities;
nsCOMPtr<nsIPrefBranch> mPrefBranch;
nsCOMPtr<nsISecurityPref> mSecurityPref;
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemCertificate;
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
PRPackedBool mIsJavaScriptEnabled;
- PRPackedBool mIsMailJavaScriptEnabled;
PRPackedBool mIsWritingPrefs;
PRPackedBool mPolicyPrefsChanged;
#ifdef XPC_IDISPATCH_SUPPORT
PRPackedBool mXPCDefaultGrantAll;
static const char sXPCDefaultGrantAllName[];
#endif
static PRBool sStrictFileOriginPolicy;
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -1747,36 +1747,17 @@ nsScriptSecurityManager::CanExecuteScrip
if (NS_SUCCEEDED(rv) &&
(flags & nsIAboutModule::ALLOW_SCRIPT)) {
*result = PR_TRUE;
return NS_OK;
}
}
}
- //-- See if JS is disabled globally (via prefs)
*result = mIsJavaScriptEnabled;
- if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled && globalObjTreeItem)
- {
- nsCOMPtr<nsIDocShellTreeItem> rootItem;
- globalObjTreeItem->GetRootTreeItem(getter_AddRefs(rootItem));
- docshell = do_QueryInterface(rootItem);
- if (docshell)
- {
- // Is this script running from mail?
- PRUint32 appType;
- rv = docshell->GetAppType(&appType);
- if (NS_FAILED(rv)) return rv;
- if (appType == nsIDocShell::APP_TYPE_MAIL)
- {
- *result = mIsMailJavaScriptEnabled;
- }
- }
- }
-
if (!*result)
return NS_OK; // Do not run scripts
//-- Check for a per-site policy
static const char jsPrefGroupName[] = "javascript";
ClassInfoData nameData(nsnull, jsPrefGroupName);
SecurityLevel secLevel;
@@ -3209,17 +3190,16 @@ nsScriptSecurityManager::Observe(nsISupp
/////////////////////////////////////////////
// Constructor, Destructor, Initialization //
/////////////////////////////////////////////
nsScriptSecurityManager::nsScriptSecurityManager(void)
: mOriginToPolicyMap(nsnull),
mDefaultPolicy(nsnull),
mCapabilities(nsnull),
mIsJavaScriptEnabled(PR_FALSE),
- mIsMailJavaScriptEnabled(PR_FALSE),
mIsWritingPrefs(PR_FALSE),
mPolicyPrefsChanged(PR_TRUE)
#ifdef XPC_IDISPATCH_SUPPORT
, mXPCDefaultGrantAll(PR_FALSE)
#endif
{
NS_ASSERTION(sizeof(long) == sizeof(void*), "long and void* have different lengths on this platform. This may cause a security failure.");
mPrincipals.Init(31);
@@ -3809,34 +3789,29 @@ nsScriptSecurityManager::InitPrincipals(
if (NS_SUCCEEDED(rv))
mPrincipals.Put(newPrincipal, newPrincipal);
}
return NS_OK;
}
const char nsScriptSecurityManager::sJSEnabledPrefName[] =
"javascript.enabled";
-const char nsScriptSecurityManager::sJSMailEnabledPrefName[] =
- "javascript.allow.mailnews";
const char nsScriptSecurityManager::sFileOriginPolicyPrefName[] =
"security.fileuri.strict_origin_policy";
#ifdef XPC_IDISPATCH_SUPPORT
const char nsScriptSecurityManager::sXPCDefaultGrantAllName[] =
"security.classID.allowByDefault";
#endif
inline void
nsScriptSecurityManager::ScriptSecurityPrefChanged()
{
// JavaScript defaults to enabled in failure cases.
mIsJavaScriptEnabled = PR_TRUE;
- // JavaScript in Mail defaults to disabled in failure cases.
- mIsMailJavaScriptEnabled = PR_FALSE;
-
sStrictFileOriginPolicy = PR_TRUE;
#ifdef XPC_IDISPATCH_SUPPORT
// Granting XPC Priveleges defaults to disabled in failure cases.
mXPCDefaultGrantAll = PR_FALSE;
#endif
nsresult rv;
@@ -3846,23 +3821,16 @@ nsScriptSecurityManager::ScriptSecurityP
return;
}
PRBool temp;
rv = mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, &temp);
if (NS_SUCCEEDED(rv))
mIsJavaScriptEnabled = temp;
- // JavaScript in mailnews is disabled until quickstubs and CAPS work
- // together or we find an alternative to CAPS: see bug 374577 or
- // bug 453928 or bug 453943.
- // rv = mSecurityPref->SecurityGetBoolPref(sJSMailEnabledPrefName, &temp);
- // if (NS_SUCCEEDED(rv))
- // mIsMailJavaScriptEnabled = temp;
-
rv = mSecurityPref->SecurityGetBoolPref(sFileOriginPolicyPrefName, &temp);
if (NS_SUCCEEDED(rv))
sStrictFileOriginPolicy = NS_SUCCEEDED(rv) && temp;
#ifdef XPC_IDISPATCH_SUPPORT
rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp);
if (NS_SUCCEEDED(rv))
mXPCDefaultGrantAll = temp;
@@ -3881,17 +3849,16 @@ nsScriptSecurityManager::InitPrefs()
NS_ENSURE_SUCCESS(rv, rv);
mSecurityPref = do_QueryInterface(mPrefBranch, &rv);
NS_ENSURE_SUCCESS(rv, rv);
// Set the initial value of the "javascript.enabled" prefs
ScriptSecurityPrefChanged();
// set observer callbacks in case the value of the prefs change
prefBranchInternal->AddObserver(sJSEnabledPrefName, this, PR_FALSE);
- prefBranchInternal->AddObserver(sJSMailEnabledPrefName, this, PR_FALSE);
prefBranchInternal->AddObserver(sFileOriginPolicyPrefName, this, PR_FALSE);
#ifdef XPC_IDISPATCH_SUPPORT
prefBranchInternal->AddObserver(sXPCDefaultGrantAllName, this, PR_FALSE);
#endif
PRUint32 prefCount;
char** prefNames;
// Set a callback for policy pref changes
--- a/content/base/public/nsContentPolicyUtils.h
+++ b/content/base/public/nsContentPolicyUtils.h
@@ -256,18 +256,30 @@ NS_CheckContentProcessPolicy(PRUint32
/**
* Helper function to get an nsIDocShell given a context.
* If the context is a document or window, the corresponding docshell will be
* returned.
* If the context is a non-document DOM node, the docshell of its ownerDocument
* will be returned.
*
* @param aContext the context to find a docshell for (can be null)
+ *
* @return a WEAK pointer to the docshell, or nsnull if it could
* not be obtained
+ *
+ * @note As of this writing, calls to nsIContentPolicy::Should{Load,Process}
+ * for TYPE_DOCUMENT and TYPE_SUBDOCUMENT pass in an aContext that either
+ * points to the frameElement of the window the load is happening in
+ * (in which case NS_CP_GetDocShellFromContext will return the parent of the
+ * docshell the load is happening in), or points to the window the load is
+ * happening in (in which case NS_CP_GetDocShellFromContext will return
+ * the docshell the load is happening in). It's up to callers to QI aContext
+ * and handle things accordingly if they want the docshell the load is
+ * happening in. These are somewhat odd semantics, and bug 466687 has been
+ * filed to consider improving them.
*/
inline nsIDocShell*
NS_CP_GetDocShellFromContext(nsISupports *aContext)
{
if (!aContext) {
return nsnull;
}
