Bug 1199729 - Part 2: Respect Protected mode in content documents, r=baku
authorMichael Layzell <michael@thelayzells.com>
Wed, 06 Sep 2017 11:25:01 -0400
changeset 429268 00970264c7eaaf869095080ec8c0e0fe0e610b63
parent 429267 65372115ac3b5dd3783c70d1a9a528add950fb72
child 429269 aa4ebd8f3dc71221cce47be241e243705d49d4d0
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1199729
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1199729 - Part 2: Respect Protected mode in content documents, r=baku
dom/events/DataTransferItem.cpp
dom/events/DataTransferItemList.cpp
--- a/dom/events/DataTransferItem.cpp
+++ b/dom/events/DataTransferItem.cpp
@@ -498,24 +498,30 @@ DataTransferItem::DataNoSecurityCheck()
   return data.forget();
 }
 
 already_AddRefed<nsIVariant>
 DataTransferItem::Data(nsIPrincipal* aPrincipal, ErrorResult& aRv)
 {
   MOZ_ASSERT(aPrincipal);
 
-  nsCOMPtr<nsIVariant> variant = DataNoSecurityCheck();
-
   // If the inbound principal is system, we can skip the below checks, as
   // they will trivially succeed.
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
-    return variant.forget();
+    return DataNoSecurityCheck();
   }
 
+  // We should not allow raw data to be accessed from a Protected DataTransfer.
+  // We don't prevent this access if the accessing document is Chrome.
+  if (mDataTransfer->IsProtected()) {
+    return nullptr;
+  }
+
+  nsCOMPtr<nsIVariant> variant = DataNoSecurityCheck();
+
   MOZ_ASSERT(!ChromeOnly(), "Non-chrome code shouldn't see a ChromeOnly DataTransferItem");
   if (ChromeOnly()) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return nullptr;
   }
 
   bool checkItemPrincipal = mDataTransfer->IsCrossDomainSubFrameDrop() ||
     (mDataTransfer->GetEventMessage() != eDrop &&
--- a/dom/events/DataTransferItemList.cpp
+++ b/dom/events/DataTransferItemList.cpp
@@ -557,16 +557,24 @@ DataTransferItemList::RegenerateFiles()
 }
 
 void
 DataTransferItemList::GenerateFiles(FileList* aFiles,
                                     nsIPrincipal* aFilesPrincipal)
 {
   MOZ_ASSERT(aFiles);
   MOZ_ASSERT(aFilesPrincipal);
+
+  // For non-system principals, the Files list should be empty if the
+  // DataTransfer is protected.
+  if (!nsContentUtils::IsSystemPrincipal(aFilesPrincipal) &&
+      mDataTransfer->IsProtected()) {
+    return;
+  }
+
   uint32_t count = Length();
   for (uint32_t i = 0; i < count; i++) {
     bool found;
     RefPtr<DataTransferItem> item = IndexedGetter(i, found);
     MOZ_ASSERT(found);
 
     if (item->Kind() == DataTransferItem::KIND_FILE) {
       IgnoredErrorResult rv;