| author | Mihai Alexandru Michis <malexandru@mozilla.com> |
| Fri, 02 Aug 2019 12:17:42 +0300 | |
| changeset 546398 | 418858fa823396ccc16c9cefb1b482228d7da747 |
| parent 546397 | e44c9fd81e5b0455f608127e09e98a51a5a49253 |
| child 546399 | 6d27ca6d890f0195e7b01271243416d07824b182 |
| push id | 11848 |
| push user | ffxbld-merge |
| push date | Mon, 26 Aug 2019 19:26:25 +0000 |
| treeherder | mozilla-beta@9b31bfdfac10 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 1558915 |
| milestone | 70.0a1 |
| backs out | e44c9fd81e5b0455f608127e09e98a51a5a49253 3da6e9e86be4a4a9eeaceec222398475b6679193 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/dom/canvas/CanvasUtils.cpp +++ b/dom/canvas/CanvasUtils.cpp @@ -71,17 +71,18 @@ bool IsImageExtractionAllowed(Document* } // Get the document URI and its spec. nsIURI* docURI = aDocument->GetDocumentURI(); nsCString docURISpec; docURI->GetSpec(docURISpec); // Allow local files to extract canvas data. - if (docURI->SchemeIs("file")) { + bool isFileURL; + if (NS_SUCCEEDED(docURI->SchemeIs("file", &isFileURL)) && isFileURL) { return true; } // Don't show canvas prompt for PDF.js JS::AutoFilename scriptFile; if (JS::DescribeScriptedCaller(aCx, &scriptFile) && scriptFile.get() && strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) { return true;
--- a/dom/file/uri/FontTableURIProtocolHandler.h +++ b/dom/file/uri/FontTableURIProtocolHandler.h @@ -29,15 +29,16 @@ class FontTableURIProtocolHandler final static nsresult GenerateURIString(nsACString& aUri); protected: virtual ~FontTableURIProtocolHandler(); }; inline bool IsFontTableURI(nsIURI* aUri) { - return aUri->SchemeIs(FONTTABLEURI_SCHEME); + bool isFont; + return NS_SUCCEEDED(aUri->SchemeIs(FONTTABLEURI_SCHEME, &isFont)) && isFont; } } // namespace dom } // namespace mozilla #endif /* FontTableURIProtocolHandler_h */
--- a/dom/geolocation/nsGeolocation.cpp +++ b/dom/geolocation/nsGeolocation.cpp @@ -831,20 +831,28 @@ nsresult Geolocation::Init(nsPIDOMWindow mPrincipal = doc->NodePrincipal(); nsCOMPtr<nsIURI> uri; nsresult rv = mPrincipal->GetURI(getter_AddRefs(uri)); NS_ENSURE_SUCCESS(rv, rv); if (uri) { + bool isHttp; + rv = uri->SchemeIs("http", &isHttp); + NS_ENSURE_SUCCESS(rv, rv); + + bool isHttps; + rv = uri->SchemeIs("https", &isHttps); + NS_ENSURE_SUCCESS(rv, rv); + // Store the protocol to send via telemetry later. - if (uri->SchemeIs("http")) { + if (isHttp) { mProtocolType = ProtocolType::HTTP; - } else if (uri->SchemeIs("https")) { + } else if (isHttps) { mProtocolType = ProtocolType::HTTPS; } } } // If no aContentDom was passed into us, we are being used // by chrome/c++ and have no mOwner, no mPrincipal, and no need // to prompt.
--- a/dom/html/HTMLFormElement.cpp +++ b/dom/html/HTMLFormElement.cpp @@ -646,18 +646,19 @@ nsresult HTMLFormElement::SubmitSubmissi // Note that any other URI types that are of equivalent type should also be // added here. // XXXbz this is a mess. The real issue here is that nsJSChannel sets the // LOAD_BACKGROUND flag, so doesn't notify us, compounded by the fact that // the JS executes before we forget the submission in OnStateChange on // STATE_STOP. As a result, we have to make sure that we simply pretend // we're not submitting when submitting to a JS URL. That's kinda bogus, but // there we are. - bool schemeIsJavaScript = actionURI->SchemeIs("javascript"); - if (schemeIsJavaScript) { + bool schemeIsJavaScript = false; + if (NS_SUCCEEDED(actionURI->SchemeIs("javascript", &schemeIsJavaScript)) && + schemeIsJavaScript) { mIsSubmitting = false; } // // Notify observers of submit // bool cancelSubmit = false; if (mNotifiedObservers) { @@ -752,17 +753,22 @@ nsresult HTMLFormElement::DoSecureToInse nsCOMPtr<nsIURI> principalURI; nsresult rv = principal->GetURI(getter_AddRefs(principalURI)); if (NS_FAILED(rv)) { return rv; } if (!principalURI) { principalURI = OwnerDoc()->GetDocumentURI(); } - bool formIsHTTPS = principalURI->SchemeIs("https"); + bool formIsHTTPS; + rv = principalURI->SchemeIs("https", &formIsHTTPS); + if (NS_FAILED(rv)) { + return rv; + } + if (!formIsHTTPS) { return NS_OK; } if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) { return NS_OK; } @@ -1497,17 +1503,19 @@ nsresult HTMLFormElement::GetActionURL(n nsContentUtils::GetSecurityManager(); rv = securityManager->CheckLoadURIWithPrincipal( NodePrincipal(), actionURL, nsIScriptSecurityManager::STANDARD); NS_ENSURE_SUCCESS(rv, rv); // Potentially the page uses the CSP directive 'upgrade-insecure-requests'. In // such a case we have to upgrade the action url from http:// to https://. // If the actionURL is not http, then there is nothing to do. - bool isHttpScheme = actionURL->SchemeIs("http"); + bool isHttpScheme = false; + rv = actionURL->SchemeIs("http", &isHttpScheme); + NS_ENSURE_SUCCESS(rv, rv); if (isHttpScheme && document->GetUpgradeInsecureRequests(false)) { // let's use the old specification before the upgrade for logging AutoTArray<nsString, 2> params; nsAutoCString spec; rv = actionURL->GetSpec(spec); NS_ENSURE_SUCCESS(rv, rv); CopyUTF8toUTF16(spec, *params.AppendElement());
--- a/dom/html/HTMLFormSubmission.cpp +++ b/dom/html/HTMLFormSubmission.cpp @@ -240,17 +240,19 @@ nsresult FSURLEncoded::GetEncodedSubmiss nsIInputStream** aPostDataStream, nsCOMPtr<nsIURI>& aOutURI) { nsresult rv = NS_OK; aOutURI = aURI; *aPostDataStream = nullptr; if (mMethod == NS_FORM_METHOD_POST) { - if (aURI->SchemeIs("mailto")) { + bool isMailto = false; + aURI->SchemeIs("mailto", &isMailto); + if (isMailto) { nsAutoCString path; rv = aURI->GetPathQueryRef(path); NS_ENSURE_SUCCESS(rv, rv); HandleMailtoSubject(path); // Append the body to and force-plain-text args to the mailto line nsAutoCString escapedBody; @@ -276,17 +278,20 @@ nsresult FSURLEncoded::GetEncodedSubmiss "application/x-www-form-urlencoded"); mimeStream->SetData(dataStream); mimeStream.forget(aPostDataStream); } } else { // Get the full query string - if (aURI->SchemeIs("javascript")) { + bool schemeIsJavaScript; + rv = aURI->SchemeIs("javascript", &schemeIsJavaScript); + NS_ENSURE_SUCCESS(rv, rv); + if (schemeIsJavaScript) { return NS_OK; } nsCOMPtr<nsIURL> url = do_QueryInterface(aURI); if (url) { rv = NS_MutateURI(aURI).SetQuery(mQueryString).Finalize(aOutURI); } else { nsAutoCString path; @@ -656,17 +661,19 @@ nsresult FSTextPlain::GetEncodedSubmissi nsresult rv = NS_OK; aOutURI = aURI; *aPostDataStream = nullptr; // XXX HACK We are using the standard URL mechanism to give the body to the // mailer instead of passing the post data stream to it, since that sounds // hard. - if (aURI->SchemeIs("mailto")) { + bool isMailto = false; + aURI->SchemeIs("mailto", &isMailto); + if (isMailto) { nsAutoCString path; rv = aURI->GetPathQueryRef(path); NS_ENSURE_SUCCESS(rv, rv); HandleMailtoSubject(path); // Append the body to and force-plain-text args to the mailto line nsAutoCString escapedBody;
--- a/dom/html/nsHTMLDNSPrefetch.cpp +++ b/dom/html/nsHTMLDNSPrefetch.cpp @@ -351,17 +351,18 @@ void nsHTMLDNSPrefetch::nsDeferrals::Sub hostName.Truncate(); bool isHttps = false; if (hrefURI) { hrefURI->GetAsciiHost(hostName); rv = NS_URIChainHasFlags(hrefURI, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE, &isLocalResource); - isHttps = hrefURI->SchemeIs("https"); + + hrefURI->SchemeIs("https", &isHttps); } if (!hostName.IsEmpty() && NS_SUCCEEDED(rv) && !isLocalResource && element) { if (IsNeckoChild()) { // during shutdown gNeckoChild might be null if (gNeckoChild) { gNeckoChild->SendHTMLDNSPrefetch(
--- a/dom/html/nsHTMLDocument.cpp +++ b/dom/html/nsHTMLDocument.cpp @@ -471,17 +471,18 @@ nsresult nsHTMLDocument::StartDocumentLo // TODO: Proper about:blank treatment is bug 543435 if (loadAsHtml5 && view) { // mDocumentURI hasn't been set, yet, so get the URI from the channel nsCOMPtr<nsIURI> uri; aChannel->GetOriginalURI(getter_AddRefs(uri)); // Adapted from nsDocShell: // GetSpec can be expensive for some URIs, so check the scheme first. - if (uri && uri->SchemeIs("about")) { + bool isAbout = false; + if (uri && NS_SUCCEEDED(uri->SchemeIs("about", &isAbout)) && isAbout) { if (uri->GetSpecOrDefault().EqualsLiteral("about:blank")) { loadAsHtml5 = false; } } } nsresult rv = Document::StartDocumentLoad(aCommand, aChannel, aLoadGroup, aContainer, aDocListener, aReset); @@ -810,17 +811,19 @@ bool nsHTMLDocument::WillIgnoreCharsetOv return true; } if (!mCharacterSet->IsAsciiCompatible() && mCharacterSet != ISO_2022_JP_ENCODING) { return true; } nsIURI* uri = GetOriginalURI(); if (uri) { - if (uri->SchemeIs("about")) { + bool schemeIs = false; + uri->SchemeIs("about", &schemeIs); + if (schemeIs) { return true; } bool isResource; nsresult rv = NS_URIChainHasFlags( uri, nsIProtocolHandler::URI_IS_UI_RESOURCE, &isResource); if (NS_FAILED(rv) || isResource) { return true; }
--- a/dom/indexedDB/IDBFactory.cpp +++ b/dom/indexedDB/IDBFactory.cpp @@ -325,17 +325,20 @@ nsresult IDBFactory::AllowedForWindowInt } // About URIs shouldn't be able to access IndexedDB unless they have the // nsIAboutModule::ENABLE_INDEXED_DB flag set on them. nsCOMPtr<nsIURI> uri; MOZ_ALWAYS_SUCCEEDS(principal->GetURI(getter_AddRefs(uri))); MOZ_ASSERT(uri); - if (uri->SchemeIs("about")) { + bool isAbout = false; + MOZ_ALWAYS_SUCCEEDS(uri->SchemeIs("about", &isAbout)); + + if (isAbout) { nsCOMPtr<nsIAboutModule> module; if (NS_SUCCEEDED(NS_GetAboutModule(uri, getter_AddRefs(module)))) { uint32_t flags; if (NS_SUCCEEDED(module->GetURIFlags(uri, &flags))) { if (!(flags & nsIAboutModule::ENABLE_INDEXED_DB)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } } else {
--- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -2855,18 +2855,20 @@ mozilla::ipc::IPCResult ContentParent::R MOZ_ASSERT(aTypes); DataTransfer::GetExternalClipboardFormats(aWhichClipboard, aPlainTextOnly, aTypes); return IPC_OK(); } mozilla::ipc::IPCResult ContentParent::RecvPlaySound(const URIParams& aURI) { nsCOMPtr<nsIURI> soundURI = DeserializeURI(aURI); + bool isChrome = false; // If the check here fails, it can only mean that this message was spoofed. - if (!soundURI || !soundURI->SchemeIs("chrome")) { + if (!soundURI || NS_FAILED(soundURI->SchemeIs("chrome", &isChrome)) || + !isChrome) { // PlaySound only accepts a valid chrome URI. return IPC_FAIL_NO_REASON(this); } nsCOMPtr<nsIURL> soundURL(do_QueryInterface(soundURI)); if (!soundURL) { return IPC_OK(); }
--- a/dom/media/MediaManager.cpp +++ b/dom/media/MediaManager.cpp @@ -2343,19 +2343,28 @@ RefPtr<MediaManager::StreamPromise> Medi return StreamPromise::CreateAndReject( MakeRefPtr<MediaMgrError>(MediaMgrError::Name::AbortError), __func__); } bool isChrome = (aCallerType == CallerType::System); bool privileged = isChrome || Preferences::GetBool("media.navigator.permission.disabled", false); bool isSecure = aWindow->IsSecureContext(); + // Note: isHTTPS is for legacy telemetry only! Use isSecure for security, as + // it handles things like https iframes in http pages correctly. + bool isHTTPS = false; bool isHandlingUserInput = EventStateManager::IsHandlingUserInput(); + docURI->SchemeIs("https", &isHTTPS); nsCString host; nsresult rv = docURI->GetHost(host); + // Test for some other schemes that ServiceWorker recognizes + bool isFile; + docURI->SchemeIs("file", &isFile); + bool isApp; + docURI->SchemeIs("app", &isApp); nsCOMPtr<nsIPrincipal> principal = nsGlobalWindowInner::Cast(aWindow)->GetPrincipal(); if (NS_WARN_IF(!principal)) { return StreamPromise::CreateAndReject( MakeRefPtr<MediaMgrError>(MediaMgrError::Name::SecurityError), __func__); }
--- a/dom/notification/Notification.cpp +++ b/dom/notification/Notification.cpp @@ -472,20 +472,26 @@ NS_IMETHODIMP NotificationPermissionRequest::Run() { if (nsContentUtils::IsSystemPrincipal(mPrincipal)) { mPermission = NotificationPermission::Granted; } else { // File are automatically granted permission. nsCOMPtr<nsIURI> uri; mPrincipal->GetURI(getter_AddRefs(uri)); - if (uri && uri->SchemeIs("file")) { - mPermission = NotificationPermission::Granted; - } else if (!StaticPrefs::dom_webnotifications_allowinsecure() && - !mWindow->IsSecureContext()) { + bool isFile = false; + if (uri) { + uri->SchemeIs("file", &isFile); + if (isFile) { + mPermission = NotificationPermission::Granted; + } + } + + if (!isFile && !StaticPrefs::dom_webnotifications_allowinsecure() && + !mWindow->IsSecureContext()) { mPermission = NotificationPermission::Denied; nsCOMPtr<Document> doc = mWindow->GetExtantDoc(); if (doc) { nsContentUtils::ReportToConsole( nsIScriptError::errorFlag, NS_LITERAL_CSTRING("DOM"), doc, nsContentUtils::eDOM_PROPERTIES, "NotificationsInsecureRequestIsForbidden"); } @@ -1612,18 +1618,22 @@ NotificationPermission Notification::Get MOZ_ASSERT(aPrincipal); if (nsContentUtils::IsSystemPrincipal(aPrincipal)) { return NotificationPermission::Granted; } else { // Allow files to show notifications by default. nsCOMPtr<nsIURI> uri; aPrincipal->GetURI(getter_AddRefs(uri)); - if (uri && uri->SchemeIs("file")) { - return NotificationPermission::Granted; + if (uri) { + bool isFile; + uri->SchemeIs("file", &isFile); + if (isFile) { + return NotificationPermission::Granted; + } } } // We also allow notifications is they are pref'ed on. if (Preferences::GetBool("notification.prompt.testing", false)) { if (Preferences::GetBool("notification.prompt.testing.allow", true)) { return NotificationPermission::Granted; } else {
--- a/dom/performance/PerformanceTiming.cpp +++ b/dom/performance/PerformanceTiming.cpp @@ -125,17 +125,20 @@ PerformanceTimingData::PerformanceTiming } else { nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { httpChannel->GetURI(getter_AddRefs(uri)); } } if (uri) { - mSecureConnection = uri->SchemeIs("https"); + nsresult rv = uri->SchemeIs("https", &mSecureConnection); + if (NS_FAILED(rv)) { + mSecureConnection = false; + } } if (aChannel) { aChannel->GetAsyncOpen(&mAsyncOpen); aChannel->GetAllRedirectsSameOrigin(&mAllRedirectsSameOrigin); aChannel->GetRedirectCount(&mRedirectCount); aChannel->GetRedirectStart(&mRedirectStart); aChannel->GetRedirectEnd(&mRedirectEnd);
--- a/dom/plugins/base/nsNPAPIPlugin.cpp +++ b/dom/plugins/base/nsNPAPIPlugin.cpp @@ -960,17 +960,19 @@ bool _evaluate(NPP npp, NPObject* npobj, // document URI is a chrome:// URI, pass that in as the URI of the // script, else pass in null for the filename as there's no way to // know where this document really came from. Passing in null here // also means that the script gets treated by XPConnect as if it // needs additional protection, which is what we want for unknown // chrome code anyways. uri = doc->GetDocumentURI(); - if (uri && uri->SchemeIs("chrome")) { + bool isChrome = false; + + if (uri && NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome) { uri->GetSpec(specStr); spec = specStr.get(); } else { spec = nullptr; } } NPN_PLUGIN_LOG(PLUGIN_LOG_NOISY,
--- a/dom/script/ScriptLoadRequest.cpp +++ b/dom/script/ScriptLoadRequest.cpp @@ -193,17 +193,22 @@ void ScriptLoadRequest::SetBytecode() { MOZ_ASSERT(IsUnknownDataType()); mDataType = DataType::eBytecode; } bool ScriptLoadRequest::ShouldAcceptBinASTEncoding() const { #ifdef JS_BUILD_BINAST // We accept the BinAST encoding if we're using a secure connection. - if (!mURI->SchemeIs("https")) { + bool isHTTPS = false; + nsresult rv = mURI->SchemeIs("https", &isHTTPS); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + Unused << rv; + + if (!isHTTPS) { return false; } if (StaticPrefs::dom_script_loader_binast_encoding_domain_restrict()) { if (!nsContentUtils::IsURIInPrefList( mURI, "dom.script_loader.binast_encoding.domain.restrict.list")) { return false; }
--- a/dom/script/ScriptLoader.cpp +++ b/dom/script/ScriptLoader.cpp @@ -353,17 +353,19 @@ bool ScriptLoader::IsAboutPageLoadingChr } // if the triggering uri is not of scheme about:, there is nothing to do nsCOMPtr<nsIURI> triggeringURI; nsresult rv = aRequest->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI)); NS_ENSURE_SUCCESS(rv, false); - if (!triggeringURI->SchemeIs("about")) { + bool isAbout = + (NS_SUCCEEDED(triggeringURI->SchemeIs("about", &isAbout)) && isAbout); + if (!isAbout) { return false; } // if the about: page is linkable from content, there is nothing to do nsCOMPtr<nsIAboutModule> aboutMod; rv = NS_GetAboutModule(triggeringURI, getter_AddRefs(aboutMod)); NS_ENSURE_SUCCESS(rv, false); @@ -371,17 +373,19 @@ bool ScriptLoader::IsAboutPageLoadingChr rv = aboutMod->GetURIFlags(triggeringURI, &aboutModuleFlags); NS_ENSURE_SUCCESS(rv, false); if (aboutModuleFlags & nsIAboutModule::MAKE_LINKABLE) { return false; } // if the uri to be loaded is not of scheme chrome:, there is nothing to do. - if (!aRequest->mURI->SchemeIs("chrome")) { + bool isChrome = + (NS_SUCCEEDED(aRequest->mURI->SchemeIs("chrome", &isChrome)) && isChrome); + if (!isChrome) { return false; } // seems like an about page wants to load a chrome URI. return true; } bool ScriptLoader::ModuleMapContainsURL(nsIURI* aURL) const { @@ -3520,18 +3524,32 @@ uint32_t ScriptLoader::NumberOfProcessor if (mNumberOfProcessors > 0) return mNumberOfProcessors; int32_t numProcs = PR_GetNumberOfProcessors(); if (numProcs > 0) mNumberOfProcessors = numProcs; return mNumberOfProcessors; } static bool IsInternalURIScheme(nsIURI* uri) { - return uri->SchemeIs("moz-extension") || uri->SchemeIs("resource") || - uri->SchemeIs("chrome"); + bool isWebExt; + if (NS_SUCCEEDED(uri->SchemeIs("moz-extension", &isWebExt)) && isWebExt) { + return true; + } + + bool isResource; + if (NS_SUCCEEDED(uri->SchemeIs("resource", &isResource)) && isResource) { + return true; + } + + bool isChrome; + if (NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome) { + return true; + } + + return false; } nsresult ScriptLoader::PrepareLoadedRequest(ScriptLoadRequest* aRequest, nsIIncrementalStreamLoader* aLoader, nsresult aStatus) { if (NS_FAILED(aStatus)) { return aStatus; }
--- a/dom/serviceworkers/ServiceWorkerUtils.cpp +++ b/dom/serviceworkers/ServiceWorkerUtils.cpp @@ -64,18 +64,20 @@ nsresult ServiceWorkerScopeAndScriptAreV nsIURI* aScopeURI, nsIURI* aScriptURI) { MOZ_DIAGNOSTIC_ASSERT(aScopeURI); MOZ_DIAGNOSTIC_ASSERT(aScriptURI); nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal(); NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR); - bool isHttp = aScriptURI->SchemeIs("http"); - bool isHttps = aScriptURI->SchemeIs("https"); + bool isHttp = false; + bool isHttps = false; + Unused << aScriptURI->SchemeIs("http", &isHttp); + Unused << aScriptURI->SchemeIs("https", &isHttps); NS_ENSURE_TRUE(isHttp || isHttps, NS_ERROR_DOM_SECURITY_ERR); nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI); NS_ENSURE_SUCCESS(rv, rv); rv = CheckForSlashEscapedCharsInPath(aScriptURI); NS_ENSURE_SUCCESS(rv, rv);
--- a/dom/storage/StorageUtils.cpp +++ b/dom/storage/StorageUtils.cpp @@ -27,17 +27,18 @@ nsresult GenerateOriginKey(nsIPrincipal* } nsAutoCString domainOrigin; rv = uri->GetAsciiHost(domainOrigin); NS_ENSURE_SUCCESS(rv, rv); if (domainOrigin.IsEmpty()) { // For the file:/// protocol use the exact directory as domain. - if (uri->SchemeIs("file")) { + bool isScheme = false; + if (NS_SUCCEEDED(uri->SchemeIs("file", &isScheme)) && isScheme) { nsCOMPtr<nsIURL> url = do_QueryInterface(uri, &rv); NS_ENSURE_SUCCESS(rv, rv); rv = url->GetDirectory(domainOrigin); NS_ENSURE_SUCCESS(rv, rv); } } // Append reversed domain
--- a/dom/url/URL.cpp +++ b/dom/url/URL.cpp @@ -110,17 +110,21 @@ bool URL::IsValidURL(const GlobalObject& return URLWorker::IsValidURL(aGlobal, aURL, aRv); } URLSearchParams* URL::SearchParams() { CreateSearchParamsIfNeeded(); return mSearchParams; } -bool IsChromeURI(nsIURI* aURI) { return aURI->SchemeIs("chrome"); } +bool IsChromeURI(nsIURI* aURI) { + bool isChrome = false; + if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome))) return isChrome; + return false; +} void URL::CreateSearchParamsIfNeeded() { if (!mSearchParams) { mSearchParams = new URLSearchParams(mParent, this); UpdateURLSearchParams(); } }
--- a/dom/webauthn/WebAuthnUtil.cpp +++ b/dom/webauthn/WebAuthnUtil.cpp @@ -27,17 +27,18 @@ bool EvaluateAppID(nsPIDOMWindowInner* a // Facet is the specification's way of referring to the web origin. nsAutoCString facetString = NS_ConvertUTF16toUTF8(aOrigin); nsCOMPtr<nsIURI> facetUri; if (NS_FAILED(NS_NewURI(getter_AddRefs(facetUri), facetString))) { return false; } // If the facetId (origin) is not HTTPS, reject - if (!facetUri->SchemeIs("https")) { + bool facetIsHttps = false; + if (NS_FAILED(facetUri->SchemeIs("https", &facetIsHttps)) || !facetIsHttps) { return false; } // If the appId is empty or null, overwrite it with the facetId and accept if (aAppId.IsEmpty() || aAppId.EqualsLiteral("null")) { aAppId.Assign(aOrigin); return true; } @@ -45,17 +46,18 @@ bool EvaluateAppID(nsPIDOMWindowInner* a // AppID is user-supplied. It's quite possible for this parse to fail. nsAutoCString appIdString = NS_ConvertUTF16toUTF8(aAppId); nsCOMPtr<nsIURI> appIdUri; if (NS_FAILED(NS_NewURI(getter_AddRefs(appIdUri), appIdString))) { return false; } // if the appId URL is not HTTPS, reject. - if (!appIdUri->SchemeIs("https")) { + bool appIdIsHttps = false; + if (NS_FAILED(appIdUri->SchemeIs("https", &appIdIsHttps)) || !appIdIsHttps) { return false; } nsAutoCString appIdHost; if (NS_FAILED(appIdUri->GetAsciiHost(appIdHost))) { return false; }
--- a/dom/websocket/WebSocket.cpp +++ b/dom/websocket/WebSocket.cpp @@ -1642,18 +1642,24 @@ nsresult WebSocketImpl::Init(JSContext* if (!mIsServerSide && !mSecure && !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS", false)) { nsCOMPtr<nsIURI> originURI; if (aLoadingPrincipal) { aLoadingPrincipal->GetURI(getter_AddRefs(originURI)); } - if (originURI && originURI->SchemeIs("https")) { - return NS_ERROR_DOM_SECURITY_ERR; + if (originURI) { + bool originIsHttps = false; + rv = originURI->SchemeIs("https", &originIsHttps); + NS_ENSURE_SUCCESS(rv, rv); + + if (originIsHttps) { + return NS_ERROR_DOM_SECURITY_ERR; + } } } // Assign the sub protocol list and scan it for illegal values for (uint32_t index = 0; index < aProtocolArray.Length(); ++index) { for (uint32_t i = 0; i < aProtocolArray[index].Length(); ++i) { if (aProtocolArray[index][i] < static_cast<char16_t>(0x0021) || aProtocolArray[index][i] > static_cast<char16_t>(0x007E)) {
--- a/dom/workers/ScriptLoader.cpp +++ b/dom/workers/ScriptLoader.cpp @@ -153,17 +153,20 @@ nsresult ChannelFromScriptURL( uint32_t secFlags = aIsMainScript ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS; bool inheritAttrs = nsContentUtils::ChannelShouldInheritPrincipal( principal, uri, true /* aInheritForAboutBlank */, false /* aForceInherit */); - bool isData = uri->SchemeIs("data"); + bool isData = false; + rv = uri->SchemeIs("data", &isData); + NS_ENSURE_SUCCESS(rv, rv); + bool isURIUniqueOrigin = net::nsIOService::IsDataURIUniqueOpaqueOrigin() && isData; if (inheritAttrs && !isURIUniqueOrigin) { secFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL; } if (aWorkerScriptType == DebuggerScript) { // A DebuggerScript needs to be a local resource like chrome: or resource:
--- a/dom/xbl/nsXBLContentSink.cpp +++ b/dom/xbl/nsXBLContentSink.cpp @@ -340,17 +340,22 @@ bool nsXBLContentSink::OnOpenContainer(c mState = eXBL_Error; return true; } mDocument->BindingManager()->PutXBLDocumentInfo(mDocInfo); nsIURI* uri = mDocument->GetDocumentURI(); - mIsChromeOrResource = uri->SchemeIs("chrome") || uri->SchemeIs("resource"); + bool isChrome = false; + bool isRes = false; + + uri->SchemeIs("chrome", &isChrome); + uri->SchemeIs("resource", &isRes); + mIsChromeOrResource = isChrome || isRes; mState = eXBL_InBindings; } else if (aTagName == nsGkAtoms::binding) { ENSURE_XBL_STATE(mState == eXBL_InBindings); mState = eXBL_InBinding; } else if (aTagName == nsGkAtoms::handlers) { ENSURE_XBL_STATE(mState == eXBL_InBinding && mBinding); mState = eXBL_InHandlers;
--- a/dom/xbl/nsXBLService.cpp +++ b/dom/xbl/nsXBLService.cpp @@ -336,17 +336,22 @@ void nsXBLService::Init() { // Constructors/Destructors nsXBLService::nsXBLService(void) {} nsXBLService::~nsXBLService(void) {} // static bool nsXBLService::IsChromeOrResourceURI(nsIURI* aURI) { - return aURI->SchemeIs("chrome") || aURI->SchemeIs("resource"); + bool isChrome = false; + bool isResource = false; + if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome)) && + NS_SUCCEEDED(aURI->SchemeIs("resource", &isResource))) + return (isChrome || isResource); + return false; } // Servo avoids wasting work styling subtrees of elements with XBL bindings by // default, so whenever we leave LoadBindings in a way that doesn't guarantee // that the subtree is styled we need to take care of doing it manually. static void EnsureSubtreeStyled(Element* aElement) { if (!aElement->HasServoData()) { return; @@ -418,17 +423,18 @@ static bool IsSystemOrChromeURLPrincipal if (nsContentUtils::IsSystemPrincipal(aPrincipal)) { return true; } nsCOMPtr<nsIURI> uri; aPrincipal->GetURI(getter_AddRefs(uri)); NS_ENSURE_TRUE(uri, false); - return uri->SchemeIs("chrome"); + bool isChrome = false; + return NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome; } // This function loads a particular XBL file and installs all of the bindings // onto the element. nsresult nsXBLService::LoadBindings(Element* aElement, nsIURI* aURL, nsIPrincipal* aOriginPrincipal, nsXBLBinding** aBinding) { MOZ_ASSERT(aOriginPrincipal, "Must have an origin principal"); @@ -672,17 +678,20 @@ static bool MayBindToContent(nsXBLProtot return true; } // One last special case: we need to watch out for in-document data: URI // bindings from remote-XUL-whitelisted domains (especially tests), because // they end up with a null principal (rather than inheriting the document's // principal), which causes them to fail the check above. if (nsContentUtils::AllowXULXBLForPrincipal(aBoundElement->NodePrincipal())) { - if (aURI->SchemeIs("data")) { + bool isDataURI = false; + nsresult rv = aURI->SchemeIs("data", &isDataURI); + NS_ENSURE_SUCCESS(rv, false); + if (isDataURI) { return true; } } // Disallow. return false; } @@ -899,19 +908,19 @@ nsresult nsXBLService::LoadBindingDocume } #endif if (!info) { // Finally, if all lines of defense fail, we go and fetch the binding // document. // Always load chrome synchronously - if (documentURI->SchemeIs("chrome")) { + bool chrome; + if (NS_SUCCEEDED(documentURI->SchemeIs("chrome", &chrome)) && chrome) aForceSyncLoad = true; - } nsCOMPtr<Document> document; rv = FetchBindingDocument(aBoundElement, aBoundDocument, documentURI, aBindingURI, aOriginPrincipal, aForceSyncLoad, getter_AddRefs(document)); NS_ENSURE_SUCCESS(rv, rv); if (document) {
--- a/dom/xhr/XMLHttpRequestMainThread.cpp +++ b/dom/xhr/XMLHttpRequestMainThread.cpp @@ -1082,18 +1082,19 @@ void XMLHttpRequestMainThread::GetAllRes aResponseHeaders.AppendLiteral(";charset="); aResponseHeaders.Append(value); } aResponseHeaders.AppendLiteral("\r\n"); } // Don't provide Content-Length for data URIs nsCOMPtr<nsIURI> uri; + bool isDataURI; if (NS_FAILED(mChannel->GetURI(getter_AddRefs(uri))) || - !uri->SchemeIs("data")) { + NS_FAILED(uri->SchemeIs("data", &isDataURI)) || !isDataURI) { int64_t length; if (NS_SUCCEEDED(mChannel->GetContentLength(&length))) { aResponseHeaders.AppendLiteral("Content-Length: "); aResponseHeaders.AppendInt(length); aResponseHeaders.AppendLiteral("\r\n"); } } }
--- a/dom/xml/XMLDocument.cpp +++ b/dom/xml/XMLDocument.cpp @@ -312,17 +312,18 @@ bool XMLDocument::Load(const nsAString& aRv.Throw(rv); return false; } if (nsContentUtils::IsSystemPrincipal(principal)) { // We're called from chrome, check to make sure the URI we're // about to load is also chrome. - if (!uri->SchemeIs("chrome")) { + bool isChrome = false; + if (NS_FAILED(uri->SchemeIs("chrome", &isChrome)) || !isChrome) { nsAutoString error; error.AssignLiteral( "Cross site loading using document.load is no " "longer supported. Use XMLHttpRequest instead."); nsCOMPtr<nsIScriptError> errorObject = do_CreateInstance(NS_SCRIPTERROR_CONTRACTID, &rv); if (NS_FAILED(rv)) { aRv.Throw(rv);
--- a/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp +++ b/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp @@ -244,17 +244,18 @@ txStylesheetSink::OnStartRequest(nsIRequ nsAutoCString contentType; channel->GetContentType(contentType); // Time to sniff! Note: this should go away once file channels do // sniffing themselves. nsCOMPtr<nsIURI> uri; channel->GetURI(getter_AddRefs(uri)); - if (uri->SchemeIs("file") && + bool sniff; + if (NS_SUCCEEDED(uri->SchemeIs("file", &sniff)) && sniff && contentType.EqualsLiteral(UNKNOWN_CONTENT_TYPE)) { nsresult rv; nsCOMPtr<nsIStreamConverterService> serv = do_GetService("@mozilla.org/streamConverters;1", &rv); if (NS_SUCCEEDED(rv)) { nsCOMPtr<nsIStreamListener> converter; rv = serv->AsyncConvertData(UNKNOWN_CONTENT_TYPE, "*/*", mListener, mParser, getter_AddRefs(converter));
--- a/dom/xul/nsXULElement.cpp +++ b/dom/xul/nsXULElement.cpp @@ -1896,19 +1896,22 @@ nsresult nsXULPrototypeScript::Serialize JSContext* cx = jsapi.cx(); JS::Rooted<JSScript*> script(cx, mScriptObject); MOZ_ASSERT(xpc::CompilationScope() == JS::CurrentGlobalOrNull(cx)); return nsContentUtils::XPConnect()->WriteScript(aStream, cx, script); } nsresult nsXULPrototypeScript::SerializeOutOfLine( nsIObjectOutputStream* aStream, nsXULPrototypeDocument* aProtoDoc) { - if (!mSrcURI->SchemeIs("chrome")) + nsresult rv = NS_ERROR_NOT_IMPLEMENTED; + + bool isChrome = false; + if (NS_FAILED(mSrcURI->SchemeIs("chrome", &isChrome)) || !isChrome) // Don't cache scripts that don't come from chrome uris. - return NS_ERROR_NOT_IMPLEMENTED; + return rv; nsXULPrototypeCache* cache = nsXULPrototypeCache::GetInstance(); if (!cache) return NS_ERROR_OUT_OF_MEMORY; NS_ASSERTION(cache->IsEnabled(), "writing to the cache file, but the XUL cache is off?"); bool exists; cache->HasData(mSrcURI, &exists); @@ -1916,17 +1919,17 @@ nsresult nsXULPrototypeScript::Serialize /* return will be NS_OK from GetAsciiSpec. * that makes no sense. * nor does returning NS_OK from HasMuxedDocument. * XXX return something meaningful. */ if (exists) return NS_OK; nsCOMPtr<nsIObjectOutputStream> oos; - nsresult rv = cache->GetOutputStream(mSrcURI, getter_AddRefs(oos)); + rv = cache->GetOutputStream(mSrcURI, getter_AddRefs(oos)); NS_ENSURE_SUCCESS(rv, rv); nsresult tmp = Serialize(oos, aProtoDoc, nullptr); if (NS_FAILED(tmp)) { rv = tmp; } tmp = cache->FinishOutputStream(mSrcURI); if (NS_FAILED(tmp)) { @@ -2006,19 +2009,23 @@ nsresult nsXULPrototypeScript::Deseriali // after any error, and that suffices to cause the script to // be reloaded (from the src= URI, if any) and recompiled. // We're better off slow-loading than bailing out due to a // error. if (NS_SUCCEEDED(rv)) rv = Deserialize(objectInput, aProtoDoc, nullptr, nullptr); if (NS_SUCCEEDED(rv)) { - if (useXULCache && mSrcURI && mSrcURI->SchemeIs("chrome")) { - JS::Rooted<JSScript*> script(RootingCx(), GetScriptObject()); - cache->PutScript(mSrcURI, script); + if (useXULCache && mSrcURI) { + bool isChrome = false; + mSrcURI->SchemeIs("chrome", &isChrome); + if (isChrome) { + JS::Rooted<JSScript*> script(RootingCx(), GetScriptObject()); + cache->PutScript(mSrcURI, script); + } } cache->FinishInputStream(mSrcURI); } else { // If mSrcURI is not in the cache, // rv will be NS_ERROR_NOT_AVAILABLE and we'll try to // update the cache file to hold a serialization of // this script, once it has finished loading. if (rv != NS_ERROR_NOT_AVAILABLE) cache->AbortCaching();
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp +++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp @@ -215,17 +215,20 @@ int32_t CookiesBehavior(nsILoadInfo* aLo // Bug 1537753. if (StaticPrefs::extensions_cookiesBehavior_overrideOnTopLevel() && BasePrincipal::Cast(aTopLevelPrincipal)->AddonPolicy()) { return nsICookieService::BEHAVIOR_ACCEPT; } // WebExtensions 3rd party URI always get BEHAVIOR_ACCEPT as cookieBehavior, // this is semantically equivalent to the principal having a AddonPolicy(). - if (a3rdPartyURI->SchemeIs("moz-extension")) { + bool is3rdPartyMozExt = false; + if (NS_SUCCEEDED( + a3rdPartyURI->SchemeIs("moz-extension", &is3rdPartyMozExt)) && + is3rdPartyMozExt) { return nsICookieService::BEHAVIOR_ACCEPT; } nsCOMPtr<nsICookieSettings> cookieSettings; nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings)); if (NS_WARN_IF(NS_FAILED(rv))) { return nsICookieService::BEHAVIOR_REJECT; }
--- a/toolkit/components/antitracking/StorageAccess.cpp +++ b/toolkit/components/antitracking/StorageAccess.cpp @@ -133,18 +133,22 @@ static StorageAccess InternalStorageAllo // This means that behavior for storage with internal about: URIs should not // be affected, which is desireable due to the lack of automated testing for // about: URIs with these preferences set, and the importance of the correct // functioning of these URIs even with custom preferences. nsCOMPtr<nsIURI> uri = aURI; if (!uri) { Unused << aPrincipal->GetURI(getter_AddRefs(uri)); } - if (uri && uri->SchemeIs("about")) { - return access; + if (uri) { + bool isAbout = false; + MOZ_ALWAYS_SUCCEEDS(uri->SchemeIs("about", &isAbout)); + if (isAbout) { + return access; + } } if (!StorageDisabledByAntiTracking(aWindow, aChannel, aPrincipal, aURI, aRejectedReason)) { return access; } // We want to have a partitioned storage only for trackers.
--- a/toolkit/components/places/nsNavBookmarks.cpp +++ b/toolkit/components/places/nsNavBookmarks.cpp @@ -1914,17 +1914,20 @@ nsNavBookmarks::OnPageChanged(nsIURI* aU NS_ENSURE_SUCCESS(rv, rv); changeData.property = NS_LITERAL_CSTRING("favicon"); changeData.isAnnotation = false; changeData.newValue = NS_ConvertUTF16toUTF8(aNewValue); changeData.bookmark.lastModified = 0; changeData.bookmark.type = TYPE_BOOKMARK; // Favicons may be set to either pure URIs or to folder URIs - if (aURI->SchemeIs("place")) { + bool isPlaceURI; + rv = aURI->SchemeIs("place", &isPlaceURI); + NS_ENSURE_SUCCESS(rv, rv); + if (isPlaceURI) { nsNavHistory* history = nsNavHistory::GetHistoryService(); NS_ENSURE_TRUE(history, NS_ERROR_OUT_OF_MEMORY); nsCOMPtr<nsINavHistoryQuery> query; nsCOMPtr<nsINavHistoryQueryOptions> options; rv = history->QueryStringToQuery(changeData.bookmark.url, getter_AddRefs(query), getter_AddRefs(options));
--- a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp +++ b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp @@ -173,17 +173,18 @@ nsresult nsUrlClassifierStreamUpdater::F rv = AddRequestBody(aRequestPayload); NS_ENSURE_SUCCESS(rv, rv); } // Set the appropriate content type for file/data URIs, for unit testing // purposes. // This is only used for testing and should be deleted. bool match; - if (aUpdateUrl->SchemeIs("file") || aUpdateUrl->SchemeIs("data")) { + if ((NS_SUCCEEDED(aUpdateUrl->SchemeIs("file", &match)) && match) || + (NS_SUCCEEDED(aUpdateUrl->SchemeIs("data", &match)) && match)) { mChannel->SetContentType( NS_LITERAL_CSTRING("application/vnd.google.safebrowsing-update")); } else { // We assume everything else is an HTTP request. // Disable keepalive. nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel, &rv); NS_ENSURE_SUCCESS(rv, rv);
--- a/toolkit/components/windowwatcher/nsWindowWatcher.cpp +++ b/toolkit/components/windowwatcher/nsWindowWatcher.cpp @@ -612,17 +612,17 @@ nsresult nsWindowWatcher::OpenWindowInte // We expect BrowserParent to have provided us the absolute URI of the window // we're to open, so there's no need to call URIfromURL (or more importantly, // to check for a chrome URI, which cannot be opened from a remote tab). if (aUrl) { rv = URIfromURL(aUrl, aParent, getter_AddRefs(uriToLoad)); if (NS_FAILED(rv)) { return rv; } - uriToLoadIsChrome = uriToLoad->SchemeIs("chrome"); + uriToLoad->SchemeIs("chrome", &uriToLoadIsChrome); } bool nameSpecified = false; if (aName) { CopyUTF8toUTF16(MakeStringSpan(aName), name); nameSpecified = true; } else { name.SetIsVoid(true);
--- a/toolkit/mozapps/extensions/AddonContentPolicy.cpp +++ b/toolkit/mozapps/extensions/AddonContentPolicy.cpp @@ -107,18 +107,20 @@ AddonContentPolicy::ShouldLoad(nsIURI* a if (!requestOrigin) { return NS_OK; } // Only apply this policy to requests from documents loaded from // moz-extension URLs, or to resources being loaded from moz-extension URLs. bool equals; - if (!(aContentLocation->SchemeIs("moz-extension") || - requestOrigin->SchemeIs("moz-extension"))) { + if (!((NS_SUCCEEDED(aContentLocation->SchemeIs("moz-extension", &equals)) && + equals) || + (NS_SUCCEEDED(requestOrigin->SchemeIs("moz-extension", &equals)) && + equals))) { return NS_OK; } if (contentType == nsIContentPolicy::TYPE_SCRIPT) { NS_ConvertUTF8toUTF16 typeString(aMimeTypeGuess); nsContentTypeParser mimeParser(typeString); // Reject attempts to load JavaScript scripts with a non-default version.
--- a/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp +++ b/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp @@ -50,17 +50,19 @@ static bool IsValidHost(const nsACString // Checks if the given uri is secure and matches one of the hosts allowed to // access the API. bool AddonManagerWebAPI::IsValidSite(nsIURI* uri) { if (!uri) { return false; } - if (!uri->SchemeIs("https")) { + bool isSecure; + nsresult rv = uri->SchemeIs("https", &isSecure); + if (NS_FAILED(rv) || !isSecure) { if (!(xpc::IsInAutomation() && Preferences::GetBool("extensions.webapi.testing.http", false))) { return false; } } nsAutoCString host; rv = uri->GetHost(host);
--- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp +++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp @@ -170,17 +170,20 @@ static nsresult GetProxyFromEnvironment( // Use our URI parser to crack the proxy URI nsCOMPtr<nsIURI> proxyURI; nsresult rv = NS_NewURI(getter_AddRefs(proxyURI), proxyVal); NS_ENSURE_SUCCESS(rv, rv); // Is there a way to specify "socks://" or something in these environment // variables? I can't find any documentation. - if (!proxyURI->SchemeIs("http")) return NS_ERROR_UNKNOWN_PROTOCOL; + bool isHTTP; + rv = proxyURI->SchemeIs("http", &isHTTP); + NS_ENSURE_SUCCESS(rv, rv); + if (!isHTTP) return NS_ERROR_UNKNOWN_PROTOCOL; nsAutoCString proxyHost; rv = proxyURI->GetHost(proxyHost); NS_ENSURE_SUCCESS(rv, rv); int32_t proxyPort; rv = proxyURI->GetPort(&proxyPort); NS_ENSURE_SUCCESS(rv, rv);
--- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -996,21 +996,26 @@ nsXULAppInfo::GetServerURL(nsIURL** aSer url = do_QueryInterface(uri); NS_ADDREF(*aServerURL = url); return NS_OK; } NS_IMETHODIMP nsXULAppInfo::SetServerURL(nsIURL* aServerURL) { - // Only allow https or http URLs - if (!aServerURL->SchemeIs("http") && !aServerURL->SchemeIs("https")) { - return NS_ERROR_INVALID_ARG; - } - + bool schemeOk; + // only allow https or http URLs + nsresult rv = aServerURL->SchemeIs("https", &schemeOk); + NS_ENSURE_SUCCESS(rv, rv); + if (!schemeOk) { + rv = aServerURL->SchemeIs("http", &schemeOk); + NS_ENSURE_SUCCESS(rv, rv); + + if (!schemeOk) return NS_ERROR_INVALID_ARG; + } nsAutoCString spec; rv = aServerURL->GetSpec(spec); NS_ENSURE_SUCCESS(rv, rv); return CrashReporter::SetServerURL(spec); } NS_IMETHODIMP