|
14 | 14 | #include "nsIURL.h" |
15 | 15 | #include "nsIUnicharInputStream.h" |
16 | 16 | #include "nsISimpleUnicharStreamFactory.h" |
| 17 | +#include "nsIProtocolHandler.h" |
17 | 18 | #include "nsNetUtil.h" |
18 | | -#include "nsNullPrincipal.h" |
19 | 19 | #include "prprf.h" |
20 | 20 | #include "prmem.h" |
21 | 21 | #include "nsTextFormatter.h" |
|
28 | 28 | #include "nsError.h" |
29 | 29 | #include "nsXPCOMCIDInternal.h" |
30 | 30 | #include "nsUnicharInputStream.h" |
| 31 | +#include "nsContentUtils.h" |
31 | 32 |
|
32 | 33 | #include "mozilla/Logging.h" |
33 | 34 |
|
@@ -755,73 +756,59 @@ nsExpatDriver::OpenInputStreamFromExternalDTD(const char16_t* aFPIStr, |
755 | 756 | baseURI); |
756 | 757 | NS_ENSURE_SUCCESS(rv, rv); |
757 | 758 |
|
758 | | - // check if it is alright to load this uri |
759 | | - bool isChrome = false; |
760 | | - uri->SchemeIs("chrome", &isChrome); |
761 | | - if (!isChrome) { |
762 | | - // since the url is not a chrome url, check to see if we can map the DTD |
763 | | - // to a known local DTD, or if a DTD file of the same name exists in the |
764 | | - // special DTD directory |
| 759 | + // make sure the URI is allowed to be loaded in sync |
| 760 | + bool isUIResource = false; |
| 761 | + rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_IS_UI_RESOURCE, |
| 762 | + &isUIResource); |
| 763 | + NS_ENSURE_SUCCESS(rv, rv); |
| 764 | + |
| 765 | + nsCOMPtr<nsIURI> localURI; |
| 766 | + if (!isUIResource) { |
| 767 | + // Check to see if we can map the DTD to a known local DTD, or if a DTD |
| 768 | + // file of the same name exists in the special DTD directory |
765 | 769 | if (aFPIStr) { |
766 | 770 | // see if the Formal Public Identifier (FPI) maps to a catalog entry |
767 | 771 | mCatalogData = LookupCatalogData(aFPIStr); |
| 772 | + GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI)); |
768 | 773 | } |
769 | | - |
770 | | - nsCOMPtr<nsIURI> localURI; |
771 | | - GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI)); |
772 | 774 | if (!localURI) { |
773 | 775 | return NS_ERROR_NOT_IMPLEMENTED; |
774 | 776 | } |
775 | | - |
776 | | - localURI.swap(uri); |
777 | 777 | } |
778 | 778 |
|
779 | | - nsCOMPtr<nsIDocument> doc; |
780 | | - NS_ASSERTION(mSink == nsCOMPtr<nsIExpatSink>(do_QueryInterface(mOriginalSink)), |
781 | | - "In nsExpatDriver::OpenInputStreamFromExternalDTD: " |
782 | | - "mOriginalSink not the same object as mSink?"); |
783 | | - if (mOriginalSink) |
784 | | - doc = do_QueryInterface(mOriginalSink->GetTarget()); |
785 | | - int16_t shouldLoad = nsIContentPolicy::ACCEPT; |
786 | | - rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_DTD, |
787 | | - uri, |
788 | | - (doc ? doc->NodePrincipal() : nullptr), |
789 | | - doc, |
790 | | - EmptyCString(), //mime guess |
791 | | - nullptr, //extra |
792 | | - &shouldLoad); |
793 | | - if (NS_FAILED(rv)) return rv; |
794 | | - if (NS_CP_REJECTED(shouldLoad)) { |
795 | | - // Disallowed by content policy |
796 | | - return NS_ERROR_CONTENT_BLOCKED; |
797 | | - } |
798 | | - |
799 | | - nsAutoCString absURL; |
800 | | - uri->GetSpec(absURL); |
801 | | - |
802 | | - CopyUTF8toUTF16(absURL, aAbsURL); |
803 | | - |
804 | 779 | nsCOMPtr<nsIChannel> channel; |
805 | | - if (doc) { |
| 780 | + if (localURI) { |
| 781 | + localURI.swap(uri); |
806 | 782 | rv = NS_NewChannel(getter_AddRefs(channel), |
807 | 783 | uri, |
808 | | - doc, |
809 | | - nsILoadInfo::SEC_NORMAL, |
| 784 | + nsContentUtils::GetSystemPrincipal(), |
| 785 | + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, |
810 | 786 | nsIContentPolicy::TYPE_DTD); |
811 | 787 | } |
812 | 788 | else { |
813 | | - nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create(); |
814 | | - NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE); |
| 789 | + NS_ASSERTION(mSink == nsCOMPtr<nsIExpatSink>(do_QueryInterface(mOriginalSink)), |
| 790 | + "In nsExpatDriver::OpenInputStreamFromExternalDTD: " |
| 791 | + "mOriginalSink not the same object as mSink?"); |
| 792 | + nsCOMPtr<nsIDocument> doc; |
| 793 | + if (mOriginalSink) { |
| 794 | + doc = do_QueryInterface(mOriginalSink->GetTarget()); |
| 795 | + } |
| 796 | + NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE); |
815 | 797 | rv = NS_NewChannel(getter_AddRefs(channel), |
816 | 798 | uri, |
817 | | - nullPrincipal, |
818 | | - nsILoadInfo::SEC_NORMAL, |
| 799 | + doc, |
| 800 | + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS | |
| 801 | + nsILoadInfo::SEC_ALLOW_CHROME, |
819 | 802 | nsIContentPolicy::TYPE_DTD); |
820 | 803 | } |
821 | 804 | NS_ENSURE_SUCCESS(rv, rv); |
822 | 805 |
|
| 806 | + nsAutoCString absURL; |
| 807 | + uri->GetSpec(absURL); |
| 808 | + CopyUTF8toUTF16(absURL, aAbsURL); |
| 809 | + |
823 | 810 | channel->SetContentType(NS_LITERAL_CSTRING("application/xml")); |
824 | | - return channel->Open(aStream); |
| 811 | + return channel->Open2(aStream); |
825 | 812 | } |
826 | 813 |
|
827 | 814 | static nsresult |
|
0 commit comments