diff options
-rw-r--r-- | modules/libjar/nsJARChannel.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index ee60602da..2f721fa3f 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -995,6 +995,25 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx) mRequest = req; nsresult rv = mListener->OnStartRequest(this, mListenerContext); mRequest = nullptr; + NS_ENSURE_SUCCESS(rv, rv); + + // Restrict loadable content types. + nsAutoCString contentType; + GetContentType(contentType); + auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType(); + if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) && + contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT && + contentPolicyType != nsIContentPolicy::TYPE_FETCH) { + return NS_ERROR_CORRUPTED_CONTENT; + } + if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET && + !contentType.EqualsLiteral(TEXT_CSS)) { + return NS_ERROR_CORRUPTED_CONTENT; + } + if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT && + !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) { + return NS_ERROR_CORRUPTED_CONTENT; + } return rv; } |