Bug 1533424 - Don't allow InspectorUtils to mess up with our UA sheets. r=heycam
authorEmilio Cobos Álvarez <emilio@crisal.io>
Tue, 12 Mar 2019 15:17:54 +0000
changeset 524547 5b275de602ae9ecc7fb93dbaf0252747513a0b11
parent 524546 f78cbd4bc0307b5fd000195194022613f9d22fc1
child 524548 5c4d90e31d8c92a7df69e63d7f0624df52fed79f
push id2032
push userffxbld-merge
push dateMon, 13 May 2019 09:36:57 +0000
treeherdermozilla-release@455c1065dcbe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersheycam
bugs1533424
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533424 - Don't allow InspectorUtils to mess up with our UA sheets. r=heycam You can mess up stuff pretty badly if that happens, and we want to do this anyway for the shared UA sheet stuff, so... Differential Revision: https://phabricator.services.mozilla.com/D22554
dom/tests/mochitest/chrome/test_parsingMode.html
layout/style/StyleSheet.cpp
--- a/dom/tests/mochitest/chrome/test_parsingMode.html
+++ b/dom/tests/mochitest/chrome/test_parsingMode.html
@@ -37,17 +37,22 @@
         continue;
       } else {
         // Ignore sheets we don't care about.
         continue;
       }
 
       // Check that re-parsing preserves the mode.
       let mode = sheet.parsingMode;
-      InspectorUtils.parseStyleSheet(sheet, "body { color: chartreuse; }");
+      try {
+        InspectorUtils.parseStyleSheet(sheet, "body { color: chartreuse; }");
+        isnot(sheet.parsingMode, "agent", "Agent sheets cannot be reparsed");
+      } catch (ex) {
+        is(sheet.parsingMode, "agent", "Agent sheets cannot be reparsed");
+      }
       is(sheet.parsingMode, mode,
          "check that re-parsing preserved mode " + mode);
     }
 
     ok(results[sss.AGENT_SHEET] && results[sss.USER_SHEET] &&
       results[sss.AUTHOR_SHEET],
       "all sheets seen");
 
--- a/layout/style/StyleSheet.cpp
+++ b/layout/style/StyleSheet.cpp
@@ -962,16 +962,23 @@ void StyleSheet::FinishParse() {
   SetSourceURL(sourceURL);
 }
 
 nsresult StyleSheet::ReparseSheet(const nsAString& aInput) {
   if (!IsComplete()) {
     return NS_ERROR_DOM_INVALID_ACCESS_ERR;
   }
 
+  // Allowing to modify UA sheets is dangerous (in the sense that C++ code
+  // relies on rules in those sheets), plus they're probably going to be shared
+  // across processes in which case this is directly a no-go.
+  if (GetOrigin() == OriginFlags::UserAgent) {
+    return NS_ERROR_DOM_NO_MODIFICATION_ALLOWED_ERR;
+  }
+
   // Hold strong ref to the CSSLoader in case the document update
   // kills the document
   RefPtr<css::Loader> loader;
   if (Document* doc = GetAssociatedDocument()) {
     loader = doc->CSSLoader();
     NS_ASSERTION(loader, "Document with no CSS loader!");
   } else {
     loader = new css::Loader;