summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
Diffstat (limited to 'dom')
-rw-r--r--dom/base/nsContentSink.cpp5
-rw-r--r--dom/base/nsIDocument.h28
-rw-r--r--dom/base/nsTreeSanitizer.cpp2
-rw-r--r--dom/html/nsHTMLDocument.cpp10
-rw-r--r--dom/media/systemservices/MediaParent.cpp34
-rw-r--r--dom/security/nsMixedContentBlocker.cpp7
6 files changed, 73 insertions, 13 deletions
diff --git a/dom/base/nsContentSink.cpp b/dom/base/nsContentSink.cpp
index 3d6f069d2..85b3d07bf 100644
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -305,6 +305,11 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
mDocument->SetHeaderData(aHeader, aValue);
if (aHeader == nsGkAtoms::setcookie) {
+ // Don't allow setting cookies in cookie-averse documents.
+ if (mDocument->IsCookieAverse()) {
+ return NS_OK;
+ }
+
// Note: Necko already handles cookies set via the channel. We can't just
// call SetCookie on the channel because we want to do some security checks
// here.
diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h
index 5b10c9914..8f35e9ba5 100644
--- a/dom/base/nsIDocument.h
+++ b/dom/base/nsIDocument.h
@@ -1923,6 +1923,34 @@ public:
return mMarkedCCGeneration;
}
+ /**
+ * Returns whether this document is cookie-averse. See
+ * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object
+ */
+ bool IsCookieAverse() const
+ {
+ // If we are a document that "has no browsing context."
+ if (!GetInnerWindow()) {
+ return true;
+ }
+
+ // If we are a document "whose URL's scheme is not a network scheme."
+ // NB: Explicitly allow file: URIs to store cookies.
+ nsCOMPtr<nsIURI> codebaseURI;
+ NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
+
+ if (!codebaseURI) {
+ return true;
+ }
+
+ nsAutoCString scheme;
+ codebaseURI->GetScheme(scheme);
+ return !scheme.EqualsLiteral("http") &&
+ !scheme.EqualsLiteral("https") &&
+ !scheme.EqualsLiteral("ftp") &&
+ !scheme.EqualsLiteral("file");
+ }
+
bool IsLoadedAsData()
{
return mLoadedAsData;
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp
index dc53ea5fa..323c851c1 100644
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -169,6 +169,7 @@ nsIAtom** const kAttributesHTML[] = {
&nsGkAtoms::contextmenu,
&nsGkAtoms::controls,
&nsGkAtoms::coords,
+ &nsGkAtoms::crossorigin,
&nsGkAtoms::datetime,
&nsGkAtoms::dir,
&nsGkAtoms::disabled,
@@ -185,6 +186,7 @@ nsIAtom** const kAttributesHTML[] = {
&nsGkAtoms::hreflang,
&nsGkAtoms::icon,
&nsGkAtoms::id,
+ &nsGkAtoms::integrity,
&nsGkAtoms::ismap,
&nsGkAtoms::itemid,
&nsGkAtoms::itemprop,
diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp
index 5e6302941..7d66aab04 100644
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@@ -1255,6 +1255,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv)
rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
+
+ // If the document is a cookie-averse document, return an empty string.
+ if (IsCookieAverse()) {
+ return;
+ }
// not having a cookie service isn't an error
nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID);
@@ -1310,6 +1315,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv)
return;
}
+ // If the document is a cookie-averse document, do nothing.
+ if (IsCookieAverse()) {
+ return;
+ }
+
// not having a cookie service isn't an error
nsCOMPtr<nsICookieService> service = do_GetService(NS_COOKIESERVICE_CONTRACTID);
if (service && mDocumentURI) {
diff --git a/dom/media/systemservices/MediaParent.cpp b/dom/media/systemservices/MediaParent.cpp
index 109a44a28..89a495f6a 100644
--- a/dom/media/systemservices/MediaParent.cpp
+++ b/dom/media/systemservices/MediaParent.cpp
@@ -37,6 +37,7 @@ mozilla::LazyLogModule gMediaParentLog("MediaParent");
namespace mozilla {
namespace media {
+StaticMutex sOriginKeyStoreMutex;
static OriginKeyStore* sOriginKeyStore = nullptr;
class OriginKeyStore : public nsISupports
@@ -332,6 +333,7 @@ class OriginKeyStore : public nsISupports
private:
virtual ~OriginKeyStore()
{
+ StaticMutexAutoLock lock(sOriginKeyStoreMutex);
sOriginKeyStore = nullptr;
LOG((__FUNCTION__));
}
@@ -340,6 +342,7 @@ public:
static OriginKeyStore* Get()
{
MOZ_ASSERT(NS_IsMainThread());
+ StaticMutexAutoLock lock(sOriginKeyStoreMutex);
if (!sOriginKeyStore) {
sOriginKeyStore = new OriginKeyStore();
}
@@ -384,8 +387,8 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId,
return false;
}
- // Then over to stream-transport thread to do the actual file io.
- // Stash a pledge to hold the answer and get an id for this request.
+ // Then over to stream-transport thread (a thread pool) to do the actual
+ // file io. Stash a pledge to hold the answer and get an id for this request.
RefPtr<Pledge<nsCString>> p = new Pledge<nsCString>();
uint32_t id = mOutstandingPledges.Append(*p);
@@ -397,12 +400,17 @@ Parent<Super>::RecvGetOriginKey(const uint32_t& aRequestId,
rv = sts->Dispatch(NewRunnableFrom([this, that, id, profileDir, aOrigin,
aPrivateBrowsing, aPersist]() -> nsresult {
MOZ_ASSERT(!NS_IsMainThread());
- mOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+ StaticMutexAutoLock lock(sOriginKeyStoreMutex);
+ if (!sOriginKeyStore) {
+ return NS_ERROR_FAILURE;
+ }
+ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+
nsCString result;
if (aPrivateBrowsing) {
- mOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result);
+ sOriginKeyStore->mPrivateBrowsingOriginKeys.GetOriginKey(aOrigin, result);
} else {
- mOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist);
+ sOriginKeyStore->mOriginKeys.GetOriginKey(aOrigin, result, aPersist);
}
// Pass result back to main thread.
@@ -450,19 +458,21 @@ Parent<Super>::RecvSanitizeOriginKeys(const uint64_t& aSinceWhen,
if (NS_WARN_IF(NS_FAILED(rv))) {
return false;
}
- // Over to stream-transport thread to do the file io.
+ // Over to stream-transport thread (a thread pool) to do the file io.
nsCOMPtr<nsIEventTarget> sts = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
MOZ_ASSERT(sts);
- RefPtr<OriginKeyStore> store(mOriginKeyStore);
-
- rv = sts->Dispatch(NewRunnableFrom([profileDir, store, aSinceWhen,
+ rv = sts->Dispatch(NewRunnableFrom([profileDir, aSinceWhen,
aOnlyPrivateBrowsing]() -> nsresult {
MOZ_ASSERT(!NS_IsMainThread());
- store->mPrivateBrowsingOriginKeys.Clear(aSinceWhen);
+ StaticMutexAutoLock lock(sOriginKeyStoreMutex);
+ if (!sOriginKeyStore) {
+ return NS_ERROR_FAILURE;
+ }
+ sOriginKeyStore->mPrivateBrowsingOriginKeys.Clear(aSinceWhen);
if (!aOnlyPrivateBrowsing) {
- store->mOriginKeys.SetProfileDir(profileDir);
- store->mOriginKeys.Clear(aSinceWhen);
+ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir);
+ sOriginKeyStore->mOriginKeys.Clear(aSinceWhen);
}
return NS_OK;
}), NS_DISPATCH_NORMAL);
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index a9aca5333..4e80dce3f 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -337,7 +337,11 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
nullptr, // aExtra
requestingPrincipal,
&decision);
- NS_ENSURE_SUCCESS(rv, rv);
+ if (NS_FAILED(rv)) {
+ autoCallback.DontCallback();
+ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+ return NS_BINDING_FAILED;
+ }
if (nsMixedContentBlocker::sSendHSTSPriming) {
// The LoadInfo passed in is for the original channel, HSTS priming needs to
@@ -358,6 +362,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
// If the channel is about to load mixed content, abort the channel
if (!NS_CP_ACCEPTED(decision)) {
autoCallback.DontCallback();
+ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
return NS_BINDING_FAILED;
}