Bug 789224 - Remove signed script security checks. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Mon, 22 Oct 2012 08:29:55 +0200
changeset 111137 6980e4e0ceecf7c3633285d4bf1d4ec4e1602b6a
parent 111136 50d1235983d3ce037e86506054ff6cad202285a5
child 111138 42b11a0fe323d57de8b4282d4ce27a08496b9c8c
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersmrbkap
bugs789224
milestone19.0a1
Bug 789224 - Remove signed script security checks. r=mrbkap
content/base/src/nsScriptLoader.cpp
content/base/src/nsScriptLoader.h
content/xbl/src/nsXBLBinding.cpp
content/xul/document/src/nsXULDocument.cpp
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@@ -1177,20 +1177,16 @@ nsScriptLoader::PrepareLoadedRequest(nsS
         mPreloads.IndexOf(aRequest, 0, PreloadRequestComparator());
       NS_ASSERTION(i != mPreloads.NoIndex, "Incorrect preload bookkeeping");
       hintCharset = mPreloads[i].mCharset;
     }
     rv = ConvertToUTF16(channel, aString, aStringLen, hintCharset, mDocument,
                         aRequest->mScriptText);
 
     NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!ShouldExecuteScript(mDocument, channel)) {
-      return NS_ERROR_NOT_AVAILABLE;
-    }
   }
 
   // This assertion could fire errorously if we ran out of memory when
   // inserting the request in the array. However it's an unlikely case
   // so if you see this assertion it is likely something else that is
   // wrong, especially if you see it more than once.
   NS_ASSERTION(mDeferRequests.Contains(aRequest) ||
                mAsyncRequests.Contains(aRequest) ||
@@ -1201,46 +1197,16 @@ nsScriptLoader::PrepareLoadedRequest(nsS
                "aRequest should be pending!");
 
   // Mark this as loaded
   aRequest->mLoading = false;
 
   return NS_OK;
 }
 
-/* static */
-bool
-nsScriptLoader::ShouldExecuteScript(nsIDocument* aDocument,
-                                    nsIChannel* aChannel)
-{
-  if (!aChannel) {
-    return false;
-  }
-
-  bool hasCert;
-  nsIPrincipal* docPrincipal = aDocument->NodePrincipal();
-  docPrincipal->GetHasCertificate(&hasCert);
-  if (!hasCert) {
-    return true;
-  }
-
-  nsCOMPtr<nsIPrincipal> channelPrincipal;
-  nsresult rv = nsContentUtils::GetSecurityManager()->
-    GetChannelPrincipal(aChannel, getter_AddRefs(channelPrincipal));
-  NS_ENSURE_SUCCESS(rv, false);
-
-  NS_ASSERTION(channelPrincipal, "Gotta have a principal here!");
-
-  // If the channel principal isn't at least as powerful as the
-  // document principal, then we don't execute the script.
-  bool subsumes;
-  rv = channelPrincipal->Subsumes(docPrincipal, &subsumes);
-  return NS_SUCCEEDED(rv) && subsumes;
-}
-
 void
 nsScriptLoader::ParsingComplete(bool aTerminated)
 {
   if (mDeferEnabled) {
     // Have to check because we apparently get ParsingComplete
     // without BeginDeferringScripts in some cases
     mDocumentParsingDone = true;
   }
--- a/content/base/src/nsScriptLoader.h
+++ b/content/base/src/nsScriptLoader.h
@@ -157,23 +157,16 @@ public:
    * aDocument.
    */
   static nsresult ShouldLoadScript(nsIDocument* aDocument,
                                    nsISupports* aContext,
                                    nsIURI* aURI,
                                    const nsAString &aType);
 
   /**
-   * Check whether it's OK to execute a script loaded via aChannel in
-   * aDocument.
-   */
-  static bool ShouldExecuteScript(nsIDocument* aDocument,
-                                    nsIChannel* aChannel);
-
-  /**
    * Starts deferring deferred scripts and puts them in the mDeferredRequests
    * queue instead.
    */
   void BeginDeferringScripts()
   {
     mDeferEnabled = true;
     if (mDocument) {
       mDocument->BlockOnload();
--- a/content/xbl/src/nsXBLBinding.cpp
+++ b/content/xbl/src/nsXBLBinding.cpp
@@ -1514,31 +1514,17 @@ nsXBLBinding::AllowScripts()
   
   JSContext* cx = context->GetNativeContext();
 
   nsCOMPtr<nsIDocument> ourDocument =
     mPrototypeBinding->XBLDocumentInfo()->GetDocument();
   bool canExecute;
   nsresult rv =
     mgr->CanExecuteScripts(cx, ourDocument->NodePrincipal(), &canExecute);
-  if (NS_FAILED(rv) || !canExecute) {
-    return false;
-  }
-
-  // Now one last check: make sure that we're not allowing a privilege
-  // escalation here.
-  bool haveCert;
-  doc->NodePrincipal()->GetHasCertificate(&haveCert);
-  if (!haveCert) {
-    return true;
-  }
-
-  bool subsumes;
-  rv = ourDocument->NodePrincipal()->Subsumes(doc->NodePrincipal(), &subsumes);
-  return NS_SUCCEEDED(rv) && subsumes;
+  return NS_SUCCEEDED(rv) && canExecute;
 }
 
 void
 nsXBLBinding::RemoveInsertionParent(nsIContent* aParent)
 {
   if (mNextBinding) {
     mNextBinding->RemoveInsertionParent(aParent);
   }
--- a/content/xul/document/src/nsXULDocument.cpp
+++ b/content/xul/document/src/nsXULDocument.cpp
@@ -3458,19 +3458,17 @@ nsXULDocument::OnStreamComplete(nsIStrea
                                             EmptyString(), this, stringStr);
         if (NS_SUCCEEDED(rv)) {
             rv = scriptProto->Compile(stringStr.get(), stringStr.Length(),
                                       uri, 1, this, mCurrentPrototype);
         }
 
         aStatus = rv;
         if (NS_SUCCEEDED(rv)) {
-            if (nsScriptLoader::ShouldExecuteScript(this, channel)) {
-                rv = ExecuteScript(scriptProto);
-            }
+            rv = ExecuteScript(scriptProto);
 
             // If the XUL cache is enabled, save the script object there in
             // case different XUL documents source the same script.
             //
             // But don't save the script in the cache unless the master XUL
             // document URL is a chrome: URL.  It is valid for a URL such as
             // about:config to translate into a master document URL, whose
             // prototype document nodes -- including prototype scripts that
@@ -3539,18 +3537,17 @@ nsXULDocument::OnStreamComplete(nsIStrea
                      "waiting for wrong script to load?");
         doc->mCurrentScriptProto = nullptr;
 
         // Unlink doc from scriptProto's list before executing and resuming
         *docp = doc->mNextSrcLoadWaiter;
         doc->mNextSrcLoadWaiter = nullptr;
 
         // Execute only if we loaded and compiled successfully, then resume
-        if (NS_SUCCEEDED(aStatus) && scriptProto->mScriptObject.mObject &&
-            nsScriptLoader::ShouldExecuteScript(doc, channel)) {
+        if (NS_SUCCEEDED(aStatus) && scriptProto->mScriptObject.mObject) {
             doc->ExecuteScript(scriptProto);
         }
         doc->ResumeWalk();
         NS_RELEASE(doc);
     }
 
     return rv;
 }