Bug 1496220 - 2. Default to null triggering principal for GeckoView.loadUri; r=esawin
☠☠ backed out by 0bd0dc3c8183 ☠ ☠
authorJim Chen <nchen@mozilla.com>
Fri, 05 Oct 2018 13:43:05 +0000
changeset 499060 daf7ced3bbccbbf3a17d2bdc3d65d97def353762
parent 499059 abf2e04e30e4bb0b9cb534926e4df492b9fecf0b
child 499061 70505741627fe29e79facb7fab0e3297320f0421
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersesawin
bugs1496220
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1496220 - 2. Default to null triggering principal for GeckoView.loadUri; r=esawin For improved security, default to a null triggering principal for GeckoView.loadUri calls, except when loading certain privileged schemes such as "resource" and "file". Differential Revision: https://phabricator.services.mozilla.com/D7785
mobile/android/geckoview/src/androidTest/assets/www/newSession.html
mobile/android/modules/geckoview/GeckoViewNavigation.jsm
--- a/mobile/android/geckoview/src/androidTest/assets/www/newSession.html
+++ b/mobile/android/geckoview/src/androidTest/assets/www/newSession.html
@@ -1,7 +1,7 @@
 <html>
     <head><title>Hello, world!</title></head>
     <body>
         <a id="targetBlankLink" target="_blank" href="newSession_child.html">target="_blank"</a>
-        <a id="noOpenerLink" target="_blank" rel="noopener" href="newSession_child.html">rel="noopener"</a>
+        <a id="noOpenerLink" target="_blank" rel="noopener" href="http://example.com">rel="noopener"</a>
     </body>
 </html>
--- a/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
@@ -68,19 +68,35 @@ class GeckoViewNavigation extends GeckoV
         if (flags & (1 << 2)) {
           navFlags |= Ci.nsIWebNavigation.LOAD_FLAGS_EXTERNAL;
         }
 
         if (flags & (1 << 3)) {
           navFlags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_POPUPS;
         }
 
-        this.browser.loadURI(uri, {
+        let parsedUri;
+        let triggeringPrincipal;
+        try {
+            parsedUri = Services.io.newURI(uri);
+            if (parsedUri.schemeIs("about") || parsedUri.schemeIs("data") ||
+                parsedUri.schemeIs("file") || parsedUri.schemeIs("resource")) {
+              // Only allow privileged loading for certain URIs.
+              triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
+            }
+        } catch (ignored) {
+        }
+        if (!triggeringPrincipal) {
+          triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal({});
+        }
+
+        this.browser.loadURI(parsedUri ? parsedUri.spec : uri, {
           flags: navFlags,
           referrerURI: referrer,
+          triggeringPrincipal,
         });
         break;
       case "GeckoView:Reload":
         this.browser.reload();
         break;
       case "GeckoView:Stop":
         this.browser.stop();
         break;