From 1ffa0ae29460b79f1eda5ffc12511b02e475f25d Mon Sep 17 00:00:00 2001 From: "norris%netscape.com" Date: Wed, 1 Dec 1999 22:23:22 +0000 Subject: [PATCH] Fix 20257 unable to edit existing images in editor due to JS error 19933 JavaScript "window.location" core dumps in CAPS Back out previous changes for enforcing security on listeners and go with a simple restriction of access to the method for adding listeners. r=mstoltz git-svn-id: svn://10.0.0.236/trunk@54940 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/caps/idl/nsIScriptSecurityManager.idl | 9 +-- mozilla/caps/src/nsScriptSecurityManager.cpp | 70 ++++++------------- mozilla/content/base/src/nsDocument.cpp | 10 +-- .../events/public/nsIEventListenerManager.h | 12 ---- .../events/src/nsEventListenerManager.cpp | 24 ------- .../events/src/nsEventListenerManager.h | 3 - mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp | 12 ++-- mozilla/layout/base/src/nsDocument.cpp | 10 +-- .../events/public/nsIEventListenerManager.h | 12 ---- .../events/src/nsEventListenerManager.cpp | 24 ------- .../events/src/nsEventListenerManager.h | 3 - mozilla/modules/libpref/src/init/all.js | 2 + 12 files changed, 34 insertions(+), 157 deletions(-) diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index 49b6f159076..148e95d54dc 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -58,10 +58,11 @@ interface nsIScriptSecurityManager : nsISupports */ void CheckLoadURI(in nsIURI from, in nsIURI uri); - void CheckCanListenTo(in nsIPrincipal principal); - - boolean HasSubjectPrincipal(); - + /** + * Return the principal of the innermost frame of the currently + * executing script. Will return null if there is no script + * currently executing. + */ nsIPrincipal GetSubjectPrincipal(); nsIPrincipal GetSystemPrincipal(); diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 79d6a24a096..2eb24e6f024 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -390,8 +390,12 @@ nsScriptSecurityManager::CheckLoadURIFromScript(nsIScriptContext *aContext, return NS_ERROR_FAILURE; } + // Native code can load all URIs. + if (!principal) + return NS_OK; + // The system principal can load all URIs. - PRBool equals; + PRBool equals = PR_FALSE; if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals))) return NS_ERROR_FAILURE; if (equals) @@ -477,50 +481,15 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, return NS_ERROR_DOM_BAD_URI; } -NS_IMETHODIMP -nsScriptSecurityManager::CheckCanListenTo(nsIPrincipal *principal) -{ - nsCOMPtr subject; - nsresult rv; - PRBool hasSubject; - if (NS_FAILED(rv = HasSubjectPrincipal(&hasSubject))) - return rv; - if (!hasSubject) - return NS_OK; // No script code, so native code has access. - if (NS_FAILED(rv = GetSubjectPrincipal(getter_AddRefs(subject)))) - return rv; - nsCOMPtr codebase = do_QueryInterface(subject); - PRBool equals; - if (codebase && NS_SUCCEEDED(codebase->SameOrigin(principal, &equals))) { - if (equals) - return NS_OK; // Listener and Listened-to have same origin - } - - PRBool enabled; - if (NS_SUCCEEDED(IsCapabilityEnabled("UniversalBrowserRead", &enabled))) { - if (enabled) - return NS_OK; // Capability allows access - } - - // Report error - JSContext *cx = GetCurrentContext(); - JS_ReportError(cx, "Access denied to listen to events across origins"); - return NS_ERROR_DOM_PROP_ACCESS_DENIED; -} - -NS_IMETHODIMP -nsScriptSecurityManager::HasSubjectPrincipal(PRBool *result) -{ - *result = GetCurrentContext() != nsnull; - return NS_OK; -} NS_IMETHODIMP nsScriptSecurityManager::GetSubjectPrincipal(nsIPrincipal **result) { JSContext *cx = GetCurrentContext(); - if (!cx) - return NS_ERROR_FAILURE; + if (!cx) { + *result = nsnull; + return NS_OK; + } return GetSubjectPrincipal(cx, result); } @@ -889,13 +858,7 @@ nsScriptSecurityManager::GetSubjectPrincipal(JSContext *cx, nsIPrincipal **result) { JSStackFrame *fp; - if (NS_FAILED(GetPrincipalAndFrame(cx, result, &fp))) - return NS_ERROR_FAILURE; - if (*result) - return NS_OK; - // Couldn't find principals: no mobile code on stack. - // Use system principal. - return GetSystemPrincipal(result); + return GetPrincipalAndFrame(cx, result, &fp); } @@ -946,6 +909,15 @@ nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject)))) return NS_ERROR_FAILURE; + // If native code or system principal, allow access + PRBool equals; + if (!subject || + (NS_SUCCEEDED(subject->Equals(mSystemPrincipal, &equals)) && equals)) + { + *aResult = PR_TRUE; + return NS_OK; + } + nsCOMPtr object; if (NS_FAILED(GetObjectPrincipal(aCx, aObj, getter_AddRefs(object)))) return NS_ERROR_FAILURE; @@ -1951,8 +1923,8 @@ nsScriptSecurityManager::GetPrefName(JSContext *cx, nsDOMProp domProp, if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal)))) { return NS_ERROR_FAILURE; } - PRBool equals; - if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals))) + PRBool equals = PR_TRUE; + if (principal && NS_FAILED(principal->Equals(mSystemPrincipal, &equals))) return NS_ERROR_FAILURE; if (equals) { s += defaultStr; diff --git a/mozilla/content/base/src/nsDocument.cpp b/mozilla/content/base/src/nsDocument.cpp index b711969d582..fd6e19ea001 100644 --- a/mozilla/content/base/src/nsDocument.cpp +++ b/mozilla/content/base/src/nsDocument.cpp @@ -2381,15 +2381,7 @@ nsresult nsDocument::GetListenerManager(nsIEventListenerManager **aInstancePtrRe nsresult nsDocument::GetNewListenerManager(nsIEventListenerManager **aInstancePtrResult) { - nsresult rv = NS_NewEventListenerManager(aInstancePtrResult); - if (NS_FAILED(rv)) - return rv; - nsIPrincipal *principal = GetDocumentPrincipal(); - if (principal) { - (*aInstancePtrResult)->SetPrincipal(principal); - NS_RELEASE(principal); - } - return NS_OK; + return NS_NewEventListenerManager(aInstancePtrResult); } nsresult nsDocument::HandleDOMEvent(nsIPresContext* aPresContext, diff --git a/mozilla/content/events/public/nsIEventListenerManager.h b/mozilla/content/events/public/nsIEventListenerManager.h index ad866d37409..b40f2cb03bc 100644 --- a/mozilla/content/events/public/nsIEventListenerManager.h +++ b/mozilla/content/events/public/nsIEventListenerManager.h @@ -134,18 +134,6 @@ public: */ virtual nsresult RemoveAllListeners(PRBool aScriptOnly) = 0; - /** - * Sets the principal of the entity being listened to. - * - * Used for security checks that ensure that events can't propagate past - * trust boundaries. - */ - virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal) = 0; - - /** - * Gets the principal of the entity being listened to. - */ - virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal) = 0; }; extern NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult); diff --git a/mozilla/content/events/src/nsEventListenerManager.cpp b/mozilla/content/events/src/nsEventListenerManager.cpp index 5c32e040634..c96aa2f2608 100644 --- a/mozilla/content/events/src/nsEventListenerManager.cpp +++ b/mozilla/content/events/src/nsEventListenerManager.cpp @@ -51,7 +51,6 @@ #include "nsIContent.h" #include "nsCOMPtr.h" #include "nsIServiceManager.h" -#include "nsIScriptSecurityManager.h" static NS_DEFINE_IID(kIEventListenerManagerIID, NS_IEVENTLISTENERMANAGER_IID); static NS_DEFINE_IID(kIDOMEventListenerIID, NS_IDOMEVENTLISTENER_IID); @@ -237,15 +236,6 @@ nsresult nsEventListenerManager::AddEventListener(nsIDOMEventListener *aListener NS_IF_RELEASE(sel); if (!found) { - // Check to see if we can add a new listener. - nsresult rv; - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, - NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - rv = securityManager->CheckCanListenTo(mPrincipal); - if (NS_FAILED(rv)) - return rv; ls = PR_NEW(nsListenerStruct); if (ls) { ls->mListener = aListener; @@ -1427,20 +1417,6 @@ nsresult nsEventListenerManager::RemoveAllListeners(PRBool aScriptOnly) return NS_OK; } -nsresult nsEventListenerManager::GetPrincipal(nsIPrincipal **aListenedToPrincipal) -{ - *aListenedToPrincipal = mPrincipal; - if (*aListenedToPrincipal) - NS_ADDREF(*aListenedToPrincipal); - return NS_OK; -} - -nsresult nsEventListenerManager::SetPrincipal(nsIPrincipal *aListenedToPrincipal) -{ - mPrincipal = aListenedToPrincipal; - return NS_OK; -} - NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult) { nsIEventListenerManager* l = new nsEventListenerManager(); diff --git a/mozilla/content/events/src/nsEventListenerManager.h b/mozilla/content/events/src/nsEventListenerManager.h index fc89e832fa2..c47d9307fe1 100644 --- a/mozilla/content/events/src/nsEventListenerManager.h +++ b/mozilla/content/events/src/nsEventListenerManager.h @@ -99,9 +99,6 @@ public: virtual nsresult RemoveAllListeners(PRBool aScriptOnly); - virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal); - virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal); - static nsresult GetIdentifiersForType(nsIAtom* aType, nsIID& aIID, PRInt32* aSubType); protected: diff --git a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp index b6c96e94ccc..8a095f01d2b 100644 --- a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp +++ b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp @@ -223,15 +223,11 @@ nsJSProtocolHandler::NewChannel(const char* verb, if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - PRBool hasPrincipal; - if (NS_FAILED(securityManager->HasSubjectPrincipal(&hasPrincipal))) - return NS_ERROR_FAILURE; nsCOMPtr principal; - if (hasPrincipal) { - // script is currently executing; get principal from that script - if (NS_FAILED(securityManager->GetSubjectPrincipal(getter_AddRefs(principal)))) - return NS_ERROR_FAILURE; - } else { + // script is currently executing; get principal from that script + if (NS_FAILED(securityManager->GetSubjectPrincipal(getter_AddRefs(principal)))) + return NS_ERROR_FAILURE; + if (!principal) { // No scripts currently executing; get principal from referrer of link nsCOMPtr webShell; webShell = do_QueryInterface(owner); diff --git a/mozilla/layout/base/src/nsDocument.cpp b/mozilla/layout/base/src/nsDocument.cpp index b711969d582..fd6e19ea001 100644 --- a/mozilla/layout/base/src/nsDocument.cpp +++ b/mozilla/layout/base/src/nsDocument.cpp @@ -2381,15 +2381,7 @@ nsresult nsDocument::GetListenerManager(nsIEventListenerManager **aInstancePtrRe nsresult nsDocument::GetNewListenerManager(nsIEventListenerManager **aInstancePtrResult) { - nsresult rv = NS_NewEventListenerManager(aInstancePtrResult); - if (NS_FAILED(rv)) - return rv; - nsIPrincipal *principal = GetDocumentPrincipal(); - if (principal) { - (*aInstancePtrResult)->SetPrincipal(principal); - NS_RELEASE(principal); - } - return NS_OK; + return NS_NewEventListenerManager(aInstancePtrResult); } nsresult nsDocument::HandleDOMEvent(nsIPresContext* aPresContext, diff --git a/mozilla/layout/events/public/nsIEventListenerManager.h b/mozilla/layout/events/public/nsIEventListenerManager.h index ad866d37409..b40f2cb03bc 100644 --- a/mozilla/layout/events/public/nsIEventListenerManager.h +++ b/mozilla/layout/events/public/nsIEventListenerManager.h @@ -134,18 +134,6 @@ public: */ virtual nsresult RemoveAllListeners(PRBool aScriptOnly) = 0; - /** - * Sets the principal of the entity being listened to. - * - * Used for security checks that ensure that events can't propagate past - * trust boundaries. - */ - virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal) = 0; - - /** - * Gets the principal of the entity being listened to. - */ - virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal) = 0; }; extern NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult); diff --git a/mozilla/layout/events/src/nsEventListenerManager.cpp b/mozilla/layout/events/src/nsEventListenerManager.cpp index 5c32e040634..c96aa2f2608 100644 --- a/mozilla/layout/events/src/nsEventListenerManager.cpp +++ b/mozilla/layout/events/src/nsEventListenerManager.cpp @@ -51,7 +51,6 @@ #include "nsIContent.h" #include "nsCOMPtr.h" #include "nsIServiceManager.h" -#include "nsIScriptSecurityManager.h" static NS_DEFINE_IID(kIEventListenerManagerIID, NS_IEVENTLISTENERMANAGER_IID); static NS_DEFINE_IID(kIDOMEventListenerIID, NS_IDOMEVENTLISTENER_IID); @@ -237,15 +236,6 @@ nsresult nsEventListenerManager::AddEventListener(nsIDOMEventListener *aListener NS_IF_RELEASE(sel); if (!found) { - // Check to see if we can add a new listener. - nsresult rv; - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, - NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - rv = securityManager->CheckCanListenTo(mPrincipal); - if (NS_FAILED(rv)) - return rv; ls = PR_NEW(nsListenerStruct); if (ls) { ls->mListener = aListener; @@ -1427,20 +1417,6 @@ nsresult nsEventListenerManager::RemoveAllListeners(PRBool aScriptOnly) return NS_OK; } -nsresult nsEventListenerManager::GetPrincipal(nsIPrincipal **aListenedToPrincipal) -{ - *aListenedToPrincipal = mPrincipal; - if (*aListenedToPrincipal) - NS_ADDREF(*aListenedToPrincipal); - return NS_OK; -} - -nsresult nsEventListenerManager::SetPrincipal(nsIPrincipal *aListenedToPrincipal) -{ - mPrincipal = aListenedToPrincipal; - return NS_OK; -} - NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult) { nsIEventListenerManager* l = new nsEventListenerManager(); diff --git a/mozilla/layout/events/src/nsEventListenerManager.h b/mozilla/layout/events/src/nsEventListenerManager.h index fc89e832fa2..c47d9307fe1 100644 --- a/mozilla/layout/events/src/nsEventListenerManager.h +++ b/mozilla/layout/events/src/nsEventListenerManager.h @@ -99,9 +99,6 @@ public: virtual nsresult RemoveAllListeners(PRBool aScriptOnly); - virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal); - virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal); - static nsresult GetIdentifiersForType(nsIAtom* aType, nsIID& aIID, PRInt32* aSubType); protected: diff --git a/mozilla/modules/libpref/src/init/all.js b/mozilla/modules/libpref/src/init/all.js index 339193cd423..f6334400a6b 100644 --- a/mozilla/modules/libpref/src/init/all.js +++ b/mozilla/modules/libpref/src/init/all.js @@ -384,6 +384,8 @@ pref("security.policy.default.nshtmldocument.vlinkcolor.write", "sameOrigin"); pref("security.policy.default.nshtmldocument.write", "sameOrigin"); pref("security.policy.default.nshtmldocument.writeln", "sameOrigin"); +pref("security.policy.default.eventtarget.addeventlistener", "sameOrigin"); + pref("security.policy.default.navigator.preference.read", "UniversalPreferencesRead"); pref("security.policy.default.navigator.preference.write", "UniversalPreferencesWrite");