Skip to content
This repository was archived by the owner on Jul 9, 2025. It is now read-only.

Commit ab10273

Browse files
author
Christoph Kerschbaumer
committed
Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz)
1 parent 6ee46ae commit ab10273

3 files changed

Lines changed: 43 additions & 48 deletions

File tree

dom/security/nsContentSecurityManager.cpp

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,15 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
217217
break;
218218
}
219219

220-
case nsIContentPolicy::TYPE_DTD:
220+
case nsIContentPolicy::TYPE_DTD: {
221+
mimeTypeGuess = EmptyCString();
222+
requestingContext = aLoadInfo->LoadingNode();
223+
MOZ_ASSERT(!requestingContext ||
224+
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
225+
"type_dtd requires requestingContext of type Document");
226+
break;
227+
}
228+
221229
case nsIContentPolicy::TYPE_FONT: {
222230
MOZ_ASSERT(false, "contentPolicyType not supported yet");
223231
break;

netwerk/base/nsILoadInfo.idl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ interface nsILoadInfo : nsISupports
127127
const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<8);
128128

129129
/**
130-
* Allow chrome: to bypass security checks.
130+
* Allow access to chrome: packages that are content accessible.
131131
*/
132132
const unsigned long SEC_ALLOW_CHROME = (1<<9);
133133

parser/htmlparser/nsExpatDriver.cpp

Lines changed: 33 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@
1414
#include "nsIURL.h"
1515
#include "nsIUnicharInputStream.h"
1616
#include "nsISimpleUnicharStreamFactory.h"
17+
#include "nsIProtocolHandler.h"
1718
#include "nsNetUtil.h"
18-
#include "nsNullPrincipal.h"
1919
#include "prprf.h"
2020
#include "prmem.h"
2121
#include "nsTextFormatter.h"
@@ -28,6 +28,7 @@
2828
#include "nsError.h"
2929
#include "nsXPCOMCIDInternal.h"
3030
#include "nsUnicharInputStream.h"
31+
#include "nsContentUtils.h"
3132

3233
#include "mozilla/Logging.h"
3334

@@ -755,73 +756,59 @@ nsExpatDriver::OpenInputStreamFromExternalDTD(const char16_t* aFPIStr,
755756
baseURI);
756757
NS_ENSURE_SUCCESS(rv, rv);
757758

758-
// check if it is alright to load this uri
759-
bool isChrome = false;
760-
uri->SchemeIs("chrome", &isChrome);
761-
if (!isChrome) {
762-
// since the url is not a chrome url, check to see if we can map the DTD
763-
// to a known local DTD, or if a DTD file of the same name exists in the
764-
// special DTD directory
759+
// make sure the URI is allowed to be loaded in sync
760+
bool isUIResource = false;
761+
rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_IS_UI_RESOURCE,
762+
&isUIResource);
763+
NS_ENSURE_SUCCESS(rv, rv);
764+
765+
nsCOMPtr<nsIURI> localURI;
766+
if (!isUIResource) {
767+
// Check to see if we can map the DTD to a known local DTD, or if a DTD
768+
// file of the same name exists in the special DTD directory
765769
if (aFPIStr) {
766770
// see if the Formal Public Identifier (FPI) maps to a catalog entry
767771
mCatalogData = LookupCatalogData(aFPIStr);
772+
GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI));
768773
}
769-
770-
nsCOMPtr<nsIURI> localURI;
771-
GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI));
772774
if (!localURI) {
773775
return NS_ERROR_NOT_IMPLEMENTED;
774776
}
775-
776-
localURI.swap(uri);
777777
}
778778

779-
nsCOMPtr<nsIDocument> doc;
780-
NS_ASSERTION(mSink == nsCOMPtr<nsIExpatSink>(do_QueryInterface(mOriginalSink)),
781-
"In nsExpatDriver::OpenInputStreamFromExternalDTD: "
782-
"mOriginalSink not the same object as mSink?");
783-
if (mOriginalSink)
784-
doc = do_QueryInterface(mOriginalSink->GetTarget());
785-
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
786-
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_DTD,
787-
uri,
788-
(doc ? doc->NodePrincipal() : nullptr),
789-
doc,
790-
EmptyCString(), //mime guess
791-
nullptr, //extra
792-
&shouldLoad);
793-
if (NS_FAILED(rv)) return rv;
794-
if (NS_CP_REJECTED(shouldLoad)) {
795-
// Disallowed by content policy
796-
return NS_ERROR_CONTENT_BLOCKED;
797-
}
798-
799-
nsAutoCString absURL;
800-
uri->GetSpec(absURL);
801-
802-
CopyUTF8toUTF16(absURL, aAbsURL);
803-
804779
nsCOMPtr<nsIChannel> channel;
805-
if (doc) {
780+
if (localURI) {
781+
localURI.swap(uri);
806782
rv = NS_NewChannel(getter_AddRefs(channel),
807783
uri,
808-
doc,
809-
nsILoadInfo::SEC_NORMAL,
784+
nsContentUtils::GetSystemPrincipal(),
785+
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
810786
nsIContentPolicy::TYPE_DTD);
811787
}
812788
else {
813-
nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
814-
NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);
789+
NS_ASSERTION(mSink == nsCOMPtr<nsIExpatSink>(do_QueryInterface(mOriginalSink)),
790+
"In nsExpatDriver::OpenInputStreamFromExternalDTD: "
791+
"mOriginalSink not the same object as mSink?");
792+
nsCOMPtr<nsIDocument> doc;
793+
if (mOriginalSink) {
794+
doc = do_QueryInterface(mOriginalSink->GetTarget());
795+
}
796+
NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
815797
rv = NS_NewChannel(getter_AddRefs(channel),
816798
uri,
817-
nullPrincipal,
818-
nsILoadInfo::SEC_NORMAL,
799+
doc,
800+
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
801+
nsILoadInfo::SEC_ALLOW_CHROME,
819802
nsIContentPolicy::TYPE_DTD);
820803
}
821804
NS_ENSURE_SUCCESS(rv, rv);
822805

806+
nsAutoCString absURL;
807+
uri->GetSpec(absURL);
808+
CopyUTF8toUTF16(absURL, aAbsURL);
809+
823810
channel->SetContentType(NS_LITERAL_CSTRING("application/xml"));
824-
return channel->Open(aStream);
811+
return channel->Open2(aStream);
825812
}
826813

827814
static nsresult

0 commit comments

Comments
 (0)