Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug a=gchang
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 10 May 2017 18:40:57 +0200
changeset 393982 3ee9312263c7ffcc83949291181a12b0de0e56c7
parent 393981 7f5bd5c96e77bc373b9ff1b3a7b363b49490ff56
child 393983 1c5f3f6b6dc2e1eba5abbfae2c2d083618c6adb7
push id7321
push usercbook@mozilla.com
push dateThu, 18 May 2017 06:45:08 +0000
treeherdermozilla-beta@0884adb687d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, gchang
bugs1359204
milestone54.0
Bug 1359204 - Do not query nested URI within CheckChannel in ContentSecurityManager. r=smaug a=gchang
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -5,18 +5,16 @@
 #include "nsILoadInfo.h"
 #include "nsContentUtils.h"
 #include "nsCORSListenerProxy.h"
 #include "nsIStreamListener.h"
 #include "nsIDocument.h"
 #include "nsMixedContentBlocker.h"
 #include "nsCDefaultURIFixup.h"
 #include "nsIURIFixup.h"
-#include "nsINestedURI.h"
-
 #include "mozilla/dom/Element.h"
 
 NS_IMPL_ISUPPORTS(nsContentSecurityManager,
                   nsIContentSecurityManager,
                   nsIChannelEventSink)
 
 static nsresult
 ValidateSecurityFlags(nsILoadInfo* aLoadInfo)
@@ -552,22 +550,16 @@ nsContentSecurityManager::CheckChannel(n
   nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsContentPolicyType contentPolicyType =
     loadInfo->GetExternalContentPolicyType();
 
   if (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
       contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
-    // query the nested URI for security checks like in the case of view-source
-    nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(uri);
-    if (nestedURI) {
-      nestedURI->GetInnerURI(getter_AddRefs(uri));
-    }
-
     // TYPE_DOCUMENT and TYPE_SUBDOCUMENT loads might potentially
     // be wyciwyg:// channels. Let's fix up the URI so we can
     // perform proper security checks.
     nsCOMPtr<nsIURIFixup> urifixup(do_GetService(NS_URIFIXUP_CONTRACTID, &rv));
     if (NS_SUCCEEDED(rv) && urifixup) {
       nsCOMPtr<nsIURI> fixedURI;
       rv = urifixup->CreateExposableURI(uri, getter_AddRefs(fixedURI));
       if (NS_SUCCEEDED(rv)) {