diff options
Diffstat (limited to 'dom/jsurl')
-rw-r--r-- | dom/jsurl/nsJSProtocolHandler.cpp | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp index 90171db10..cdb63f890 100644 --- a/dom/jsurl/nsJSProtocolHandler.cpp +++ b/dom/jsurl/nsJSProtocolHandler.cpp @@ -36,6 +36,7 @@ #include "nsIContentViewer.h" #include "nsIXPConnect.h" #include "nsContentUtils.h" +#include "nsNullPrincipal.h" #include "nsJSUtils.h" #include "nsThreadUtils.h" #include "nsIScriptChannel.h" @@ -335,7 +336,7 @@ public: NS_FORWARD_SAFE_NSIPROPERTYBAG(mPropertyBag) NS_FORWARD_SAFE_NSIPROPERTYBAG2(mPropertyBag) - nsresult Init(nsIURI *aURI, nsILoadInfo* aLoadInfo); + nsresult Init(nsIURI *aURI); // Actually evaluate the script. void EvaluateScript(); @@ -353,16 +354,17 @@ protected: nsCOMPtr<nsIChannel> mStreamChannel; nsCOMPtr<nsIPropertyBag2> mPropertyBag; nsCOMPtr<nsIStreamListener> mListener; // Our final listener + nsCOMPtr<nsISupports> mContext; // The context passed to AsyncOpen nsCOMPtr<nsPIDOMWindowInner> mOriginalInnerWindow; // The inner window our load // started against. - // If we blocked onload on a document in AsyncOpen2, this is the document we + // If we blocked onload on a document in AsyncOpen, this is the document we // did it on. nsCOMPtr<nsIDocument> mDocumentOnloadBlockedOn; nsresult mStatus; // Our status nsLoadFlags mLoadFlags; - nsLoadFlags mActualLoadFlags; // See AsyncOpen2 + nsLoadFlags mActualLoadFlags; // See AsyncOpen RefPtr<nsJSThunk> mIOThunk; PopupControlState mPopupState; @@ -402,7 +404,7 @@ nsresult nsJSChannel::StopAll() return rv; } -nsresult nsJSChannel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) +nsresult nsJSChannel::Init(nsIURI *aURI) { RefPtr<nsJSURI> jsURI; nsresult rv = aURI->QueryInterface(kJSURICID, @@ -416,13 +418,21 @@ nsresult nsJSChannel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) // Remember, until AsyncOpen is called, the script will not be evaluated // and the underlying Input Stream will not be created... nsCOMPtr<nsIChannel> channel; - rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), - aURI, - mIOThunk, - NS_LITERAL_CSTRING("text/html"), - EmptyCString(), - aLoadInfo); - NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create(); + + // If the resultant script evaluation actually does return a value, we + // treat it as html. + // The following channel is never openend, so it does not matter what + // securityFlags we pass; let's follow the principle of least privilege. + rv = NS_NewInputStreamChannel(getter_AddRefs(channel), + aURI, + mIOThunk, + nullPrincipal, + nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED, + nsIContentPolicy::TYPE_OTHER, + NS_LITERAL_CSTRING("text/html")); + if (NS_FAILED(rv)) return rv; rv = mIOThunk->Init(aURI); if (NS_SUCCEEDED(rv)) { @@ -553,7 +563,6 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) "security flags in loadInfo but asyncOpen2() not called"); } #endif - MOZ_RELEASE_ASSERT(!aContext, "please call AsyncOpen2()"); NS_ENSURE_ARG(aListener); @@ -575,6 +584,7 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) } mListener = aListener; + mContext = aContext; mIsActive = true; @@ -645,7 +655,7 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) return mStatus; } - // We're returning success from asyncOpen2(), but we didn't open a + // We're returning success from asyncOpen(), but we didn't open a // stream channel. We'll have to notify ourselves, but make sure to do // it asynchronously. method = &nsJSChannel::NotifyListener; @@ -762,7 +772,7 @@ nsJSChannel::EvaluateScript() return; } - mStatus = mStreamChannel->AsyncOpen2(this); + mStatus = mStreamChannel->AsyncOpen(this, mContext); if (NS_SUCCEEDED(mStatus)) { // mStreamChannel will call OnStartRequest and OnStopRequest on // us, so we'll be sure to call them on our listener. @@ -790,8 +800,8 @@ nsJSChannel::EvaluateScript() void nsJSChannel::NotifyListener() { - mListener->OnStartRequest(this, nullptr); - mListener->OnStopRequest(this, nullptr, mStatus); + mListener->OnStartRequest(this, mContext); + mListener->OnStopRequest(this, mContext, mStatus); CleanupStrongRefs(); } @@ -800,6 +810,7 @@ void nsJSChannel::CleanupStrongRefs() { mListener = nullptr; + mContext = nullptr; mOriginalInnerWindow = nullptr; if (mDocumentOnloadBlockedOn) { mDocumentOnloadBlockedOn->UnblockOnload(false); @@ -1229,7 +1240,11 @@ nsJSProtocolHandler::NewChannel2(nsIURI* uri, return NS_ERROR_OUT_OF_MEMORY; } - rv = channel->Init(uri, aLoadInfo); + rv = channel->Init(uri); + NS_ENSURE_SUCCESS(rv, rv); + + // set the loadInfo on the new channel + rv = channel->SetLoadInfo(aLoadInfo); NS_ENSURE_SUCCESS(rv, rv); if (NS_SUCCEEDED(rv)) { |