From d9aff90f06254a0b724a0ea9c21db39f74ff8fc6 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sun, 14 Jul 2019 22:41:01 +0200 Subject: Add preference to allow the loading of FTP subresources for corner cases --- netwerk/base/nsIOService.cpp | 9 +++++++++ netwerk/base/nsIOService.h | 4 ++++ 2 files changed, 13 insertions(+) (limited to 'netwerk/base') diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index e0dc7d8e8..bd9a4a96f 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -166,6 +166,7 @@ uint32_t nsIOService::gDefaultSegmentSize = 4096; uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sBlockToplevelDataUriNavigations = false; +bool nsIOService::sBlockFTPSubresources = false; //////////////////////////////////////////////////////////////////////////////// @@ -243,6 +244,8 @@ nsIOService::Init() Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, "security.data_uri.block_toplevel_data_uri_navigations", false); + Preferences::AddBoolVarCache(&sBlockFTPSubresources, + "security.block_ftp_subresources", true); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations() return sBlockToplevelDataUriNavigations; } +/*static*/ bool +nsIOService::BlockFTPSubresources() +{ + return sBlockFTPSubresources; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 19eed743a..f3a26f5d2 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -94,6 +94,8 @@ public: static bool BlockToplevelDataUriNavigations(); + static bool BlockFTPSubresources(); + // Used to trigger a recheck of the captive portal status nsresult RecheckCaptivePortal(); private: @@ -175,6 +177,8 @@ private: static bool sBlockToplevelDataUriNavigations; + static bool sBlockFTPSubresources; + // Time a network tearing down started. mozilla::Atomic mNetTearingDownStarted; public: -- cgit v1.2.3 From 33b6f178d16f94df7de98d1316f563f14a2bedd5 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 20 Jul 2019 14:56:26 +0200 Subject: Treat all file: URIs as having a unique origin. This prevents cross-file access from files loaded into the browser from the local file system, further restricting the origin policy of file: URIs. Added a pref to control this behavior for local file access if required for certain applications, since this change might break using the browser to run applications on the local file system that require access to local files. --- netwerk/base/nsNetUtil.cpp | 56 ++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 24 deletions(-) (limited to 'netwerk/base') diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp index 653a9003e..2974e26b0 100644 --- a/netwerk/base/nsNetUtil.cpp +++ b/netwerk/base/nsNetUtil.cpp @@ -10,6 +10,7 @@ #include "mozilla/LoadContext.h" #include "mozilla/LoadInfo.h" #include "mozilla/BasePrincipal.h" +#include "mozilla/Preferences.h" #include "mozilla/Telemetry.h" #include "nsNetUtil.h" #include "nsNetUtilInlines.h" @@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI, return false; } - // - // If the file to be loaded is in a subdirectory of the source - // (or same-dir if source is not a directory) then it will - // inherit its source principal and be scriptable by that source. - // - bool sourceIsDir; - bool allowed = false; - nsresult rv = sourceFile->IsDirectory(&sourceIsDir); - if (NS_SUCCEEDED(rv) && sourceIsDir) { - rv = sourceFile->Contains(targetFile, &allowed); - } else { - nsCOMPtr sourceParent; - rv = sourceFile->GetParent(getter_AddRefs(sourceParent)); - if (NS_SUCCEEDED(rv) && sourceParent) { - rv = sourceParent->Equals(targetFile, &allowed); - if (NS_FAILED(rv) || !allowed) { - rv = sourceParent->Contains(targetFile, &allowed); - } else { - MOZ_ASSERT(aAllowDirectoryTarget, - "sourceFile->Parent == targetFile, but targetFile " - "should've been disallowed if it is a directory"); + bool uniqueOrigin = true; + uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin"); + + // If treating all files as unique origins, we can skip this because + // it should always be refused. + if (!uniqueOrigin) { + // + // If the file to be loaded is in a subdirectory of the source + // (or same-dir if source is not a directory) then it will + // inherit its source principal and be scriptable by that source. + // + bool sourceIsDir; + bool allowed = false; + nsresult rv = sourceFile->IsDirectory(&sourceIsDir); + if (NS_SUCCEEDED(rv) && sourceIsDir) { + rv = sourceFile->Contains(targetFile, &allowed); + } else { + nsCOMPtr sourceParent; + rv = sourceFile->GetParent(getter_AddRefs(sourceParent)); + if (NS_SUCCEEDED(rv) && sourceParent) { + rv = sourceParent->Equals(targetFile, &allowed); + if (NS_FAILED(rv) || !allowed) { + rv = sourceParent->Contains(targetFile, &allowed); + } else { + MOZ_ASSERT(aAllowDirectoryTarget, + "sourceFile->Parent == targetFile, but targetFile " + "should've been disallowed if it is a directory"); + } } } - } - if (NS_SUCCEEDED(rv) && allowed) { - return true; + if (NS_SUCCEEDED(rv) && allowed) { + return true; + } } return false; -- cgit v1.2.3 From f046b91738bb5518d195dbce5aa0df55ff997c3a Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 20 Jul 2019 17:36:06 +0200 Subject: Do not allow the ^ character to appear in the hostname. --- netwerk/base/nsStandardURL.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'netwerk/base') diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index dff4ecbc0..7317240c2 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -575,7 +575,7 @@ nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length) } const char *end = host + length; - if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"")) { + if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"^")) { // We still allow % because it is in the ID of addons. // Any percent encoded ASCII characters that are not allowed in the // hostname are not percent decoded, and will be parsed just fine. -- cgit v1.2.3 From b5cbb4d2f8d43469d1eb80cfcff5eae4dee706e2 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 10 Aug 2019 12:25:57 +0200 Subject: Issue #1134: Reinstate postDataString for about:home searches. --- netwerk/base/nsIBrowserSearchService.idl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'netwerk/base') diff --git a/netwerk/base/nsIBrowserSearchService.idl b/netwerk/base/nsIBrowserSearchService.idl index 045973e0c..4ca052e91 100644 --- a/netwerk/base/nsIBrowserSearchService.idl +++ b/netwerk/base/nsIBrowserSearchService.idl @@ -7,7 +7,7 @@ interface nsIURI; interface nsIInputStream; -[scriptable, uuid(5799251f-5b55-4df7-a9e7-0c27812c469a)] +[scriptable, uuid(72599f7a-3712-4b93-90e9-86127006cd68)] interface nsISearchSubmission : nsISupports { /** @@ -20,6 +20,12 @@ interface nsISearchSubmission : nsISupports * The URI to submit a search to. */ readonly attribute nsIURI uri; + + /** + * The POST data associated with a search submission as an + * application/x-www-form-urlencoded string. May be null. + */ + readonly attribute AString postDataString; }; [scriptable, uuid(620bd920-0491-48c8-99a8-d6047e64802d)] -- cgit v1.2.3