diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-07-28 10:06:53 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-07-28 10:06:53 +0200 |
commit | 8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4 (patch) | |
tree | 2d73b22d99a4f2ba684c3f2fed3b089ab77a6bd3 | |
parent | 09eda489bc52ff2c292a66e0fcddf63195c0eda6 (diff) | |
download | UXP-8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4.tar UXP-8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4.tar.gz UXP-8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4.tar.lz UXP-8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4.tar.xz UXP-8d42d5cad798b94e2ef9cfc3bfc6f997889f21f4.zip |
[PALEMOON] [frontend vs backend] Implemented "originPrincipal" and "triggeringPrincipal"
Issue #679
Follow up #311
-rw-r--r-- | application/palemoon/base/content/browser.js | 22 | ||||
-rw-r--r-- | application/palemoon/base/content/nsContextMenu.js | 14 | ||||
-rw-r--r-- | application/palemoon/base/content/tabbrowser.xml | 26 | ||||
-rw-r--r-- | application/palemoon/base/content/utilityOverlay.js | 49 |
4 files changed, 102 insertions, 9 deletions
diff --git a/application/palemoon/base/content/browser.js b/application/palemoon/base/content/browser.js index 386bd418b..7421fc5c3 100644 --- a/application/palemoon/base/content/browser.js +++ b/application/palemoon/base/content/browser.js @@ -1051,6 +1051,8 @@ var gBrowserInit = { // [3]: postData (nsIInputStream) // [4]: allowThirdPartyFixup (bool) // [5]: referrerPolicy (int) + // [6]: originPrincipal (nsIPrincipal) + // [7]: triggeringPrincipal (nsIPrincipal) else if (window.arguments.length >= 3) { let referrerURI = window.arguments[2]; if (typeof(referrerURI) == "string") { @@ -1063,7 +1065,10 @@ var gBrowserInit = { let referrerPolicy = (window.arguments[5] != undefined ? window.arguments[5] : Ci.nsIHttpChannel.REFERRER_POLICY_DEFAULT); loadURI(uriToLoad, referrerURI, window.arguments[3] || null, - window.arguments[4] || false, referrerPolicy); + window.arguments[4] || false, referrerPolicy, + // pass the origin principal (if any) and force its use to create + // an initial about:blank viewer if present: + window.arguments[6], !!window.arguments[6], window.arguments[7]); window.focus(); } // Note: loadOneOrMoreURIs *must not* be called if window.arguments.length >= 3. @@ -1952,7 +1957,9 @@ function BrowserTryToCloseWindow() window.close(); // WindowIsClosing does all the necessary checks } -function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy) { +function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy, + originPrincipal, forceAboutBlankViewerInCurrent, + triggeringPrincipal) { if (postData === undefined) postData = null; @@ -1968,6 +1975,9 @@ function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy) referrerURI: referrer, referrerPolicy: referrerPolicy, postData: postData, + originPrincipal: originPrincipal, + triggeringPrincipal: triggeringPrincipal, + forceAboutBlankViewerInCurrent: forceAboutBlankViewerInCurrent, }); } catch (e) {} } @@ -4395,9 +4405,11 @@ nsBrowserAccess.prototype = { } let referrer = aOpener ? makeURI(aOpener.location.href) : null; + let triggeringPrincipal = null; let referrerPolicy = Ci.nsIHttpChannel.REFERRER_POLICY_DEFAULT; if (aOpener && aOpener.document) { referrerPolicy = aOpener.document.referrerPolicy; + triggeringPrincipal = aOpener.document.nodePrincipal; } switch (aWhere) { @@ -4437,6 +4449,7 @@ nsBrowserAccess.prototype = { let referrer = aOpener ? makeURI(aOpener.location.href) : null; let tab = win.gBrowser.loadOneTab(aURI ? aURI.spec : "about:blank", { + triggeringPrincipal: triggeringPrincipal, referrerURI: referrer, referrerPolicy: referrerPolicy, fromExternal: isExternal, @@ -4459,6 +4472,7 @@ nsBrowserAccess.prototype = { Ci.nsIWebNavigation.LOAD_FLAGS_NONE; gBrowser.loadURIWithFlags(aURI.spec, { flags: loadflags, + triggeringPrincipal: triggeringPrincipal, referrerURI: referrer, referrerPolicy: referrerPolicy, }); @@ -5192,7 +5206,9 @@ function handleLinkClick(event, href, linkNode) { urlSecurityCheck(href, doc.nodePrincipal); openLinkIn(href, where, { referrerURI: doc.documentURIObject, charset: doc.characterSet, - referrerPolicy: doc.referrerPolicy }); + referrerPolicy: doc.referrerPolicy, + originPrincipal: doc.nodePrincipal, + triggeringPrincipal: doc.nodePrincipal }); event.preventDefault(); return true; } diff --git a/application/palemoon/base/content/nsContextMenu.js b/application/palemoon/base/content/nsContextMenu.js index 738868ccb..19b2fac77 100644 --- a/application/palemoon/base/content/nsContextMenu.js +++ b/application/palemoon/base/content/nsContextMenu.js @@ -754,7 +754,9 @@ nsContextMenu.prototype = { openLinkIn(this.linkURL, "window", { charset: doc.characterSet, referrerURI: doc.documentURIObject, - referrerPolicy: doc.referrerPolicy }); + referrerPolicy: doc.referrerPolicy, + originPrincipal: doc.nodePrincipal, + triggeringPrincipal: doc.nodePrincipal }); }, // Open linked-to URL in a new private window. @@ -765,6 +767,8 @@ nsContextMenu.prototype = { { charset: doc.characterSet, referrerURI: doc.documentURIObject, referrerPolicy: doc.referrerPolicy, + originPrincipal: doc.nodePrincipal, + triggeringPrincipal: doc.nodePrincipal, private: true }); }, @@ -775,7 +779,9 @@ nsContextMenu.prototype = { openLinkIn(this.linkURL, "tab", { charset: doc.characterSet, referrerURI: doc.documentURIObject, - referrerPolicy: doc.referrerPolicy }); + referrerPolicy: doc.referrerPolicy, + originPrincipal: doc.nodePrincipal, + triggeringPrincipal: doc.nodePrincipal }); }, // open URL in current tab @@ -784,7 +790,9 @@ nsContextMenu.prototype = { urlSecurityCheck(this.linkURL, doc.nodePrincipal); openLinkIn(this.linkURL, "current", { charset: doc.characterSet, - referrerURI: doc.documentURIObject }); + referrerURI: doc.documentURIObject, + originPrincipal: doc.nodePrincipal, + triggeringPrincipal: doc.nodePrincipal }); }, // Open frame in a new tab. diff --git a/application/palemoon/base/content/tabbrowser.xml b/application/palemoon/base/content/tabbrowser.xml index ea68d00ad..d5735149e 100644 --- a/application/palemoon/base/content/tabbrowser.xml +++ b/application/palemoon/base/content/tabbrowser.xml @@ -1313,13 +1313,16 @@ <parameter name="aAllowThirdPartyFixup"/> <body> <![CDATA[ + var aTriggeringPrincipal; var aReferrerPolicy; var aFromExternal; var aRelatedToCurrent; + var aOriginPrincipal; if (arguments.length == 2 && typeof arguments[1] == "object" && !(arguments[1] instanceof Ci.nsIURI)) { let params = arguments[1]; + aTriggeringPrincipal = params.triggeringPrincipal; aReferrerURI = params.referrerURI; aReferrerPolicy = params.referrerPolicy; aCharset = params.charset; @@ -1328,12 +1331,14 @@ aAllowThirdPartyFixup = params.allowThirdPartyFixup; aFromExternal = params.fromExternal; aRelatedToCurrent = params.relatedToCurrent; + aOriginPrincipal = params.originPrincipal; } var bgLoad = (aLoadInBackground != null) ? aLoadInBackground : Services.prefs.getBoolPref("browser.tabs.loadInBackground"); var owner = bgLoad ? null : this.selectedTab; var tab = this.addTab(aURI, { + triggeringPrincipal: aTriggeringPrincipal, referrerURI: aReferrerURI, referrerPolicy: aReferrerPolicy, charset: aCharset, @@ -1341,6 +1346,7 @@ ownerTab: owner, allowThirdPartyFixup: aAllowThirdPartyFixup, fromExternal: aFromExternal, + originPrincipal: aOriginPrincipal, relatedToCurrent: aRelatedToCurrent}); if (!bgLoad) this.selectedTab = tab; @@ -1461,14 +1467,17 @@ <body> <![CDATA[ const NS_XUL = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"; + var aTriggeringPrincipal; var aReferrerPolicy; var aFromExternal; var aRelatedToCurrent; var aSkipAnimation; + var aOriginPrincipal; if (arguments.length == 2 && typeof arguments[1] == "object" && !(arguments[1] instanceof Ci.nsIURI)) { let params = arguments[1]; + aTriggeringPrincipal = params.triggeringPrincipal; aReferrerURI = params.referrerURI; aReferrerPolicy = params.referrerPolicy; aCharset = params.charset; @@ -1478,6 +1487,7 @@ aFromExternal = params.fromExternal; aRelatedToCurrent = params.relatedToCurrent; aSkipAnimation = params.skipAnimation; + aOriginPrincipal = params.originPrincipal; } // if we're adding tabs, we're past interrupt mode, ditch the owner @@ -1486,6 +1496,11 @@ var t = document.createElementNS(NS_XUL, "tab"); + let aURIObject = null; + try { + aURIObject = Services.io.newURI(aURI || "about:blank"); + } catch (ex) { /* we'll try to fix up this URL later */ } + var uriIsAboutBlank = !aURI || aURI == "about:blank"; if (!aURI || isBlankPageURL(aURI)) @@ -1625,6 +1640,16 @@ evt.initEvent("TabOpen", true, false); t.dispatchEvent(evt); + if (aOriginPrincipal && aURI) { + let {URI_INHERITS_SECURITY_CONTEXT} = Ci.nsIProtocolHandler; + // Unless we know for sure we're not inheriting principals, + // force the about:blank viewer to have the right principal: + if (!aURIObject || + (Services.io.getProtocolFlags(aURIObject.scheme) & URI_INHERITS_SECURITY_CONTEXT)) { + b.createAboutBlankContentViewer(aOriginPrincipal); + } + } + // If we didn't swap docShells with a preloaded browser // then let's just continue loading the page normally. if (!docShellsSwapped && !uriIsAboutBlank) { @@ -1643,6 +1668,7 @@ try { b.loadURIWithFlags(aURI, { flags: flags, + triggeringPrincipal: aTriggeringPrincipal, referrerURI: aReferrerURI, referrerPolicy: aReferrerPolicy, charset: aCharset, diff --git a/application/palemoon/base/content/utilityOverlay.js b/application/palemoon/base/content/utilityOverlay.js index 0b97c9ce1..2c1a95f83 100644 --- a/application/palemoon/base/content/utilityOverlay.js +++ b/application/palemoon/base/content/utilityOverlay.js @@ -230,6 +230,10 @@ function openLinkIn(url, where, params) { var aDisallowInheritPrincipal = params.disallowInheritPrincipal; var aInitiatingDoc = params.initiatingDoc; var aIsPrivate = params.private; + var aPrincipal = params.originPrincipal; + var aTriggeringPrincipal = params.triggeringPrincipal; + var aForceAboutBlankViewerInCurrent = + params.forceAboutBlankViewerInCurrent; var sendReferrerURI = true; if (where == "save") { @@ -254,6 +258,23 @@ function openLinkIn(url, where, params) { // Note that if |w| is null we might have no current browser (we'll open a new window). var aCurrentBrowser = params.currentBrowser || (w && w.gBrowser.selectedBrowser); + // Teach the principal about the right OA to use, e.g. in case when + // opening a link in a new private window. + // Please note we do not have to do that for SystemPrincipals and we + // can not do it for NullPrincipals since NullPrincipals are only + // identical if they actually are the same object (See Bug: 1346759) + function useOAForPrincipal(principal) { + if (principal && principal.isCodebasePrincipal) { + let attrs = { + privateBrowsingId: aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)), + }; + return Services.scriptSecurityManager.createCodebasePrincipal(principal.URI, attrs); + } + return principal; + } + aPrincipal = useOAForPrincipal(aPrincipal); + aTriggeringPrincipal = useOAForPrincipal(aTriggeringPrincipal); + if (!w || where == "window") { // This propagates to window.arguments. // Strip referrer data when opening a new private window, to prevent @@ -297,6 +318,8 @@ function openLinkIn(url, where, params) { sa.AppendElement(aPostData); sa.AppendElement(allowThirdPartyFixupSupports); sa.AppendElement(referrerPolicySupports); + sa.AppendElement(aPrincipal); + sa.AppendElement(aTriggeringPrincipal); let features = "chrome,dialog=no,all"; if (aIsPrivate) { @@ -314,10 +337,17 @@ function openLinkIn(url, where, params) { getBoolPref("browser.tabs.loadInBackground"); } + let uriObj; + if (where == "current") { + try { + uriObj = Services.io.newURI(url, null, null); + } catch (e) {} + } + if (where == "current" && w.gBrowser.selectedTab.pinned) { try { - let uriObj = Services.io.newURI(url, null, null); - if (!uriObj.schemeIs("javascript") && + // nsIURI.host can throw for non-nsStandardURL nsIURIs. + if (!uriObj || !uriObj.schemeIs("javascript") && w.gBrowser.currentURI.host != uriObj.host) { where = "tab"; loadInBackground = false; @@ -345,11 +375,22 @@ function openLinkIn(url, where, params) { if (aForceAllowDataURI) { flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FORCE_ALLOW_DATA_URI; } + let {URI_INHERITS_SECURITY_CONTEXT} = Ci.nsIProtocolHandler; + if (aForceAboutBlankViewerInCurrent && + (!uriObj || + (Services.io.getProtocolFlags(uriObj.scheme) & URI_INHERITS_SECURITY_CONTEXT))) { + // Unless we know for sure we're not inheriting principals, + // force the about:blank viewer to have the right principal: + w.gBrowser.selectedBrowser.createAboutBlankContentViewer(aPrincipal); + } + w.gBrowser.loadURIWithFlags(url, { flags: flags, + triggeringPrincipal: aTriggeringPrincipal, referrerURI: aReferrerURI, referrerPolicy: aReferrerPolicy, postData: aPostData, + originPrincipal: aPrincipal, }); browserUsedForLoad = aCurrentBrowser; break; @@ -365,7 +406,9 @@ function openLinkIn(url, where, params) { postData: aPostData, inBackground: loadInBackground, allowThirdPartyFixup: aAllowThirdPartyFixup, - relatedToCurrent: aRelatedToCurrent}); + relatedToCurrent: aRelatedToCurrent, + originPrincipal: aPrincipal, + triggeringPrincipal: aTriggeringPrincipal }); browserUsedForLoad = tabUsedForLoad.linkedBrowser; break; } |