Bug 1150703, allow about: pages to be unlinkable even if "safe for content", r=mcmanus, IGNORE IDL, ba=sylvestre
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Fri, 03 Apr 2015 09:59:00 +0100
changeset 258495 5c9df6adebed
parent 258494 98703ce041e2
child 258496 a5203cabcc04
push id4680
push usergijskruitbosch@gmail.com
push date2015-04-16 11:16 +0000
treeherdermozilla-beta@5c9df6adebed [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus, IGNORE
bugs1150703
milestone38.0
Bug 1150703, allow about: pages to be unlinkable even if "safe for content", r=mcmanus, IGNORE IDL, ba=sylvestre
netwerk/protocol/about/nsAboutProtocolHandler.cpp
netwerk/protocol/about/nsIAboutModule.idl
--- a/netwerk/protocol/about/nsAboutProtocolHandler.cpp
+++ b/netwerk/protocol/about/nsAboutProtocolHandler.cpp
@@ -23,16 +23,24 @@ static NS_DEFINE_CID(kNestedAboutURICID,
 
 static bool IsSafeForUntrustedContent(nsIAboutModule *aModule, nsIURI *aURI) {
   uint32_t flags;
   nsresult rv = aModule->GetURIFlags(aURI, &flags);
   NS_ENSURE_SUCCESS(rv, false);
 
   return (flags & nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT) != 0;
 }
+
+static bool IsSafeToLinkForUntrustedContent(nsIAboutModule *aModule, nsIURI *aURI) {
+  uint32_t flags;
+  nsresult rv = aModule->GetURIFlags(aURI, &flags);
+  NS_ENSURE_SUCCESS(rv, false);
+
+  return (flags & nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT) && !(flags & nsIAboutModule::MAKE_UNLINKABLE);
+}
 ////////////////////////////////////////////////////////////////////////////////
 
 NS_IMPL_ISUPPORTS(nsAboutProtocolHandler, nsIProtocolHandler)
 
 ////////////////////////////////////////////////////////////////////////////////
 // nsIProtocolHandler methods:
 
 NS_IMETHODIMP
@@ -77,17 +85,17 @@ nsAboutProtocolHandler::NewURI(const nsA
     // Unfortunately, people create random about: URIs that don't correspond to
     // about: modules...  Since those URIs will never open a channel, might as
     // well consider them unsafe for better perf, and just in case.
     bool isSafe = false;
     
     nsCOMPtr<nsIAboutModule> aboutMod;
     rv = NS_GetAboutModule(url, getter_AddRefs(aboutMod));
     if (NS_SUCCEEDED(rv)) {
-        isSafe = IsSafeForUntrustedContent(aboutMod, url);
+        isSafe = IsSafeToLinkForUntrustedContent(aboutMod, url);
     }
 
     if (isSafe) {
         // We need to indicate that this baby is safe.  Use an inner URI that
         // no one but the security manager will see.  Make sure to preserve our
         // path, in case someone decides to hardcode checks for particular
         // about: URIs somewhere.
         nsAutoCString spec;
--- a/netwerk/protocol/about/nsIAboutModule.idl
+++ b/netwerk/protocol/about/nsIAboutModule.idl
@@ -20,20 +20,20 @@ interface nsIAboutModule : nsISupports
      * @param aLoadInfo the loadinfo of the new channel
      */
     nsIChannel newChannel(in nsIURI aURI,
                           in nsILoadInfo aLoadInfo);
 
     /**
      * A flag that indicates whether a URI is safe for untrusted
      * content.  If it is, web pages and so forth will be allowed to
-     * link to this about: URI, and the about: protocol handler will
-     * enforce that the principal of channels created for it be based
-     * on their originalURI or URI (depending on the channel flags),
-     * by setting their "owner" to null.
+     * link to this about: URI (unless MAKE_UNLINKABLE is also specified),
+     * and the about: protocol handler will enforce that the principal
+     * of channels created for it be based on their originalURI or URI
+     * (depending on the channel flags), by setting their "owner" to null.
      * Otherwise, only chrome will be able to link to it.
      */
     const unsigned long URI_SAFE_FOR_UNTRUSTED_CONTENT = (1 << 0);
 
     /**
      * A flag that indicates whether script should be enabled for the
      * given about: URI even if it's disabled in general.
      */
@@ -56,16 +56,22 @@ interface nsIAboutModule : nsISupports
     const unsigned long URI_CAN_LOAD_IN_CHILD = (1 << 4);
 
     /**
      * A flag that indicates that this URI must be loaded in a child process
      */
     const unsigned long URI_MUST_LOAD_IN_CHILD = (1 << 5);
 
     /**
+     * A flag that indicates that this URI should be unlinkable despite being
+     * safe for untrusted content.
+     */
+    const unsigned long MAKE_UNLINKABLE = (1 << 6);
+
+    /**
      * A method to get the flags that apply to a given about: URI.  The URI
      * passed in is guaranteed to be one of the URIs that this module
      * registered to deal with.
      */
     unsigned long getURIFlags(in nsIURI aURI);
 
     /**
      * Returns the Indexed DB origin's postfix used for the given about: URI.