diff options
Diffstat (limited to 'dom')
-rw-r--r-- | dom/base/nsContentSink.cpp | 5 | ||||
-rw-r--r-- | dom/base/nsIDocument.h | 28 | ||||
-rw-r--r-- | dom/base/nsTreeSanitizer.cpp | 2 | ||||
-rw-r--r-- | dom/html/nsHTMLDocument.cpp | 10 | ||||
-rw-r--r-- | dom/media/systemservices/MediaParent.cpp | 34 | ||||
-rw-r--r-- | dom/security/nsMixedContentBlocker.cpp | 7 |
6 files changed, 73 insertions, 13 deletions
diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp index 3d6f069d2..85b3d07bf 100644 --- a/dom/base/nsContentSink.cpp +++ b/dom/base/nsContentSink.cpp @@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue, mDocument->SetHeaderData(aHeader, aValue); if (aHeader == nsGkAtoms::setcookie) { + // Don't allow setting cookies in cookie-averse documents. + if (mDocument->IsCookieAverse()) { + return NS_OK; + } + // Note: Necko already handles cookies set via the channel. We can't just // call SetCookie on the channel because we want to do some security checks // here. diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index 5b10c9914..8f35e9ba5 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -1923,6 +1923,34 @@ public: return mMarkedCCGeneration; } + /** + * Returns whether this document is cookie-averse. See + * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object + */ + bool IsCookieAverse() const + { + // If we are a document that "has no browsing context." + if (!GetInnerWindow()) { + return true; + } + + // If we are a document "whose URL's scheme is not a network scheme." + // NB: Explicitly allow file: URIs to store cookies. + nsCOMPtr<nsIURI> codebaseURI; + NodePrincipal()->GetURI(getter_AddRefs(codebaseURI)); + + if (!codebaseURI) { + return true; + } + + nsAutoCString scheme; + codebaseURI->GetScheme(scheme); + return !scheme.EqualsLiteral("http") && + !scheme.EqualsLiteral("https") && + !scheme.EqualsLiteral("ftp") && + !scheme.EqualsLiteral("file"); + } + bool IsLoadedAsData() { return mLoadedAsData; diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp index dc53ea5fa..323c851c1 100644 --- a/dom/base/nsTreeSanitizer.cpp +++ b/dom/base/nsTreeSanitizer.cpp @@ -169,6 +169,7 @@ nsIAtom** const kAttributesHTML[] = { &nsGkAtoms::contextmenu, &nsGkAtoms::controls, &nsGkAtoms::coords, + &nsGkAtoms::crossorigin, &nsGkAtoms::datetime, &nsGkAtoms::dir, &nsGkAtoms::disabled, @@ -185,6 +186,7 @@ nsIAtom** const kAttributesHTML[] = { &nsGkAtoms::hreflang, &nsGkAtoms::icon, &nsGkAtoms::id, + &nsGkAtoms::integrity, &nsGkAtoms::ismap, &nsGkAtoms::itemid, &nsGkAtoms::itemprop, diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp index 5e6302941..7d66aab04 100644 --- a/dom/html/nsHTMLDocument.cpp +++ b/dom/html/nsHTMLDocument.cpp @@ -1255,6 +1255,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv) rv.Throw(NS_ERROR_DOM_SECURITY_ERR); return; } + + // If the document is a cookie-averse document, return an empty string. + if (IsCookieAverse()) { + return; + } // not having a cookie service isn't an error nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID); @@ -1310,6 +1315,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv) return; } + // If the document is a cookie-averse document, do nothing. + if (IsCookieAverse()) { + return; + } + // not having a cookie service isn't an error nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID); if (service && mDocumentURI) { diff --git a/dom/media/systemservices/MediaParent.cpp b/dom/media/systemservices/MediaParent.cpp index 109a44a28..89a495f6a 100644 --- a/dom/media/systemservices/MediaParent.cpp +++ b/dom/media/systemservices/MediaParent.cpp @@ -37,6 +37,7 @@ mozilla::LazyLogModule gMediaParentLog("MediaParent"); namespace mozilla { namespace media { +StaticMutex sOriginKeyStoreMutex; static OriginKeyStore* sOriginKeyStore = nullptr; class OriginKeyStore : public nsISupports @@ -332,6 +333,7 @@ class OriginKeyStore : public nsISupports private: virtual ~OriginKeyStore() { + StaticMutexAutoLock lock(sOriginKeyStoreMutex); sOriginKeyStore = nullptr; LOG((__FUNCTION__)); } @@ -340,6 +342,7 @@ public: static OriginKeyStore* Get() { MOZ_ASSERT(NS_IsMainThread()); + StaticMutexAutoLock lock(sOriginKeyStoreMutex); if (!sOriginKeyStore) { sOriginKeyStore = new OriginKeyStore(); } @@ -384,8 +387,8 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId, return false; } - // Then over to stream-transport thread to do the actual file io. - // Stash a pledge to hold the answer and get an id for this request. + // Then over to stream-transport thread (a thread pool) to do the actual + // file io. Stash a pledge to hold the answer and get an id for this request. RefPtr<Pledge<nsCString>> p = new Pledge<nsCString>(); uint32_t id = mOutstandingPledges.Append(*p); @@ -397,12 +400,17 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId, rv = sts->Dispatch(NewRunnableFrom([this, that, id, profileDir, aOrigin, aPrivateBrowsing, aPersist]() -> nsresult { MOZ_ASSERT(!NS_IsMainThread()); - mOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); + StaticMutexAutoLock lock(sOriginKeyStoreMutex); + if (!sOriginKeyStore) { + return NS_ERROR_FAILURE; + } + sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); + nsCString result; if (aPrivateBrowsing) { - mOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result); + sOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result); } else { - mOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist); + sOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist); } // Pass result back to main thread. @@ -450,19 +458,21 @@ Parent<Super>::RecvSanitizeOriginKeys(const uint64_t& aSinceWhen, if (NS_WARN_IF(NS_FAILED(rv))) { return false; } - // Over to stream-transport thread to do the file io. + // Over to stream-transport thread (a thread pool) to do the file io. nsCOMPtr<nsIEventTarget> sts = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID); MOZ_ASSERT(sts); - RefPtr<OriginKeyStore> store(mOriginKeyStore); - - rv = sts->Dispatch(NewRunnableFrom([profileDir, store, aSinceWhen, + rv = sts->Dispatch(NewRunnableFrom([profileDir, aSinceWhen, aOnlyPrivateBrowsing]() -> nsresult { MOZ_ASSERT(!NS_IsMainThread()); - store->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); + StaticMutexAutoLock lock(sOriginKeyStoreMutex); + if (!sOriginKeyStore) { + return NS_ERROR_FAILURE; + } + sOriginKeyStore->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); if (!aOnlyPrivateBrowsing) { - store->mOriginKeys.SetProfileDir(profileDir); - store->mOriginKeys.Clear(aSinceWhen); + sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); + sOriginKeyStore->mOriginKeys.Clear(aSinceWhen); } return NS_OK; }), NS_DISPATCH_NORMAL); diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index a9aca5333..4e80dce3f 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -337,7 +337,11 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, nullptr, // aExtra requestingPrincipal, &decision); - NS_ENSURE_SUCCESS(rv, rv); + if (NS_FAILED(rv)) { + autoCallback.DontCallback(); + aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); + return NS_BINDING_FAILED; + } if (nsMixedContentBlocker::sSendHSTSPriming) { // The LoadInfo passed in is for the original channel, HSTS priming needs to @@ -358,6 +362,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, // If the channel is about to load mixed content, abort the channel if (!NS_CP_ACCEPTED(decision)) { autoCallback.DontCallback(); + aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); return NS_BINDING_FAILED; } |