Bug 1496220 - 2. Default to null triggering principal for GeckoView.loadUri; r=esawin
☠☠ backed out by 47e77fc9d699 ☠ ☠
authorJim Chen <nchen@mozilla.com>
Wed, 17 Oct 2018 16:12:28 +0000
changeset 490092 670b75f8446faa1b7368442f142b685288cc7bb8
parent 490091 c4a8a6256d7f800bd2d592bc6467bcfef5cd9309
child 490093 7b5505d44965fd3b0719610c52a827c89a6081db
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersesawin
bugs1496220
milestone64.0a1
Bug 1496220 - 2. Default to null triggering principal for GeckoView.loadUri; r=esawin For improved security, default to a null triggering principal for GeckoView.loadUri calls, except when loading certain privileged schemes such as "resource" and "file". Differential Revision: https://phabricator.services.mozilla.com/D7785
mobile/android/geckoview/src/androidTest/assets/www/newSession.html
mobile/android/modules/geckoview/GeckoViewNavigation.jsm
--- a/mobile/android/geckoview/src/androidTest/assets/www/newSession.html
+++ b/mobile/android/geckoview/src/androidTest/assets/www/newSession.html
@@ -1,7 +1,7 @@
 <html>
     <head><title>Hello, world!</title></head>
     <body>
         <a id="targetBlankLink" target="_blank" href="newSession_child.html">target="_blank"</a>
-        <a id="noOpenerLink" target="_blank" rel="noopener" href="newSession_child.html">rel="noopener"</a>
+        <a id="noOpenerLink" target="_blank" rel="noopener" href="http://example.com">rel="noopener"</a>
     </body>
 </html>
--- a/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
@@ -68,19 +68,35 @@ class GeckoViewNavigation extends GeckoV
         if (flags & (1 << 2)) {
           navFlags |= Ci.nsIWebNavigation.LOAD_FLAGS_EXTERNAL;
         }
 
         if (flags & (1 << 3)) {
           navFlags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_POPUPS;
         }
 
-        this.browser.loadURI(uri, {
+        let parsedUri;
+        let triggeringPrincipal;
+        try {
+            parsedUri = Services.io.newURI(uri);
+            if (parsedUri.schemeIs("about") || parsedUri.schemeIs("data") ||
+                parsedUri.schemeIs("file") || parsedUri.schemeIs("resource")) {
+              // Only allow privileged loading for certain URIs.
+              triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
+            }
+        } catch (ignored) {
+        }
+        if (!triggeringPrincipal) {
+          triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal({});
+        }
+
+        this.browser.loadURI(parsedUri ? parsedUri.spec : uri, {
           flags: navFlags,
           referrerURI: referrer,
+          triggeringPrincipal,
         });
         break;
       case "GeckoView:Reload":
         this.browser.reload();
         break;
       case "GeckoView:Stop":
         this.browser.stop();
         break;