diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-09 08:53:46 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-09 08:53:46 +0100 |
| commit | 8cecf8d5208f3945b35f879bba3015bb1a11bec6 (patch) | |
| tree | 0926f5c21f9d10cf929e4c35e7d7e8e8c084dbf5 /dom/base | |
| parent | 8cd777888a40e987ad536ab68421068f5c06d83b (diff) | |
| parent | 92104eb6828ba026550e1f4a3c6890c5b8254d36 (diff) | |
| download | UXP-8cecf8d5208f3945b35f879bba3015bb1a11bec6.tar UXP-8cecf8d5208f3945b35f879bba3015bb1a11bec6.tar.gz UXP-8cecf8d5208f3945b35f879bba3015bb1a11bec6.tar.lz UXP-8cecf8d5208f3945b35f879bba3015bb1a11bec6.tar.xz UXP-8cecf8d5208f3945b35f879bba3015bb1a11bec6.zip | |
Merge branch 'ported-upstream'
Diffstat (limited to 'dom/base')
| -rw-r--r-- | dom/base/nsContentSink.cpp | 5 | ||||
| -rw-r--r-- | dom/base/nsIDocument.h | 28 | ||||
| -rw-r--r-- | dom/base/nsTreeSanitizer.cpp | 2 |
3 files changed, 35 insertions, 0 deletions
diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp index 3d6f069d2..85b3d07bf 100644 --- a/dom/base/nsContentSink.cpp +++ b/dom/base/nsContentSink.cpp @@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue, mDocument->SetHeaderData(aHeader, aValue); if (aHeader == nsGkAtoms::setcookie) { + // Don't allow setting cookies in cookie-averse documents. + if (mDocument->IsCookieAverse()) { + return NS_OK; + } + // Note: Necko already handles cookies set via the channel. We can't just // call SetCookie on the channel because we want to do some security checks // here. diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index 5b10c9914..8f35e9ba5 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -1923,6 +1923,34 @@ public: return mMarkedCCGeneration; } + /** + * Returns whether this document is cookie-averse. See + * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object + */ + bool IsCookieAverse() const + { + // If we are a document that "has no browsing context." + if (!GetInnerWindow()) { + return true; + } + + // If we are a document "whose URL's scheme is not a network scheme." + // NB: Explicitly allow file: URIs to store cookies. + nsCOMPtr<nsIURI> codebaseURI; + NodePrincipal()->GetURI(getter_AddRefs(codebaseURI)); + + if (!codebaseURI) { + return true; + } + + nsAutoCString scheme; + codebaseURI->GetScheme(scheme); + return !scheme.EqualsLiteral("http") && + !scheme.EqualsLiteral("https") && + !scheme.EqualsLiteral("ftp") && + !scheme.EqualsLiteral("file"); + } + bool IsLoadedAsData() { return mLoadedAsData; diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp index dc53ea5fa..323c851c1 100644 --- a/dom/base/nsTreeSanitizer.cpp +++ b/dom/base/nsTreeSanitizer.cpp @@ -169,6 +169,7 @@ nsIAtom** const kAttributesHTML[] = { &nsGkAtoms::contextmenu, &nsGkAtoms::controls, &nsGkAtoms::coords, + &nsGkAtoms::crossorigin, &nsGkAtoms::datetime, &nsGkAtoms::dir, &nsGkAtoms::disabled, @@ -185,6 +186,7 @@ nsIAtom** const kAttributesHTML[] = { &nsGkAtoms::hreflang, &nsGkAtoms::icon, &nsGkAtoms::id, + &nsGkAtoms::integrity, &nsGkAtoms::ismap, &nsGkAtoms::itemid, &nsGkAtoms::itemprop, |