summaryrefslogtreecommitdiffstats
path: root/modules/libjar/nsJARChannel.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/libjar/nsJARChannel.cpp')
-rw-r--r--modules/libjar/nsJARChannel.cpp19
1 files changed, 19 insertions, 0 deletions
diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp
index ee60602da..2f721fa3f 100644
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -995,6 +995,25 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx)
mRequest = req;
nsresult rv = mListener->OnStartRequest(this, mListenerContext);
mRequest = nullptr;
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Restrict loadable content types.
+ nsAutoCString contentType;
+ GetContentType(contentType);
+ auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType();
+ if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) &&
+ contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT &&
+ contentPolicyType != nsIContentPolicy::TYPE_FETCH) {
+ return NS_ERROR_CORRUPTED_CONTENT;
+ }
+ if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET &&
+ !contentType.EqualsLiteral(TEXT_CSS)) {
+ return NS_ERROR_CORRUPTED_CONTENT;
+ }
+ if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT &&
+ !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) {
+ return NS_ERROR_CORRUPTED_CONTENT;
+ }
return rv;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 04:57:07 +0000