From 74202f2741f5ea48fef2cf09607220387ae2a3ec Mon Sep 17 00:00:00 2001 From: "norris%netscape.com" Date: Tue, 7 Sep 1999 20:40:20 +0000 Subject: [PATCH] Fix bug 13253. Enable restrictions on use of Components array from web JavaScript. git-svn-id: svn://10.0.0.236/trunk@46223 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/caps/idl/nsIScriptSecurityManager.idl | 34 +-- mozilla/caps/src/nsCodebasePrincipal.cpp | 8 +- mozilla/caps/src/nsScriptSecurityManager.cpp | 234 ++++++++++-------- mozilla/suite/browser/navigator.xul | 3 +- .../browser/resources/content/navigator.xul | 3 +- 5 files changed, 137 insertions(+), 145 deletions(-) diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index bd7c4096680..6c4be7451ed 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -15,46 +15,16 @@ * Copyright (C) 1999 Netscape Communications Corporation. All Rights * Reserved. */ + #include "nsISupports.idl" -#include "nsIPrincipal.idl" -[ptr] native nsJSPrincipalsList(nsJSPrincipalsList); -[ptr] native JSContext(JSContext); -[ptr] native JSObject(JSObject); -[ptr] native JSFunction(JSFunction); -[ptr] native jsval(jsval); - -interface nsString; +interface nsIPrincipal; interface nsIScriptContext; -interface nsIScriptGlobalObject; interface nsIURI; -%{C++ -struct nsJSPrincipalsList; -struct JSContext; -struct JSObject; -%} - [uuid(58df5780-8006-11d2-bd91-00805f8ae3f4)] interface nsIScriptSecurityManager : nsISupports { - // NB TODO: Change to string representation - const short SCRIPT_SECURITY_ALL_ACCESS = 0 << 0; - const short SCRIPT_SECURITY_NO_ACCESS = 1 << 0; - const short SCRIPT_SECURITY_SAME_DOMAIN_ACCESS = 1 << 1; - const short SCRIPT_SECURITY_SIGNED_ACCESS = 1 << 2; - - // NB TODO: Move to Capabilities manager - const short eJSTarget_UniversalBrowserRead=0; - const short eJSTarget_UniversalBrowserWrite=1; - const short eJSTarget_UniversalSendMail=2; - const short eJSTarget_UniversalFileRead=3; - const short eJSTarget_UniversalFileWrite=4; - const short eJSTarget_UniversalPreferencesRead=5; - const short eJSTarget_UniversalPreferencesWrite=6; - const short eJSTarget_UniversalDialerAccess=7; - const short eJSTarget_Max=8; - boolean CheckScriptAccess(in nsIScriptContext cx, in voidStar obj, [const] in string prop, in boolean isWrite); diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp index 4455590925c..cb619734ce9 100644 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ b/mozilla/caps/src/nsCodebasePrincipal.cpp @@ -25,7 +25,6 @@ #include "nsCOMPtr.h" static NS_DEFINE_IID(kICodebasePrincipalIID, NS_ICODEBASEPRINCIPAL_IID); -static char gFileScheme[] = "file"; NS_IMPL_ISUPPORTS(nsCodebasePrincipal, kICodebasePrincipalIID); @@ -128,7 +127,7 @@ nsCodebasePrincipal::SameOrigin(nsIPrincipal *other, PRBool *result) rv = mURI->GetScheme(&scheme2); if (NS_SUCCEEDED(rv) && PL_strcmp(scheme1, scheme2) == 0) { - if (PL_strcmp(scheme1, gFileScheme) == 0) { + if (PL_strcmp(scheme1, "file") == 0) { // All file: urls are considered to have the same origin. *result = PR_TRUE; } else { @@ -172,8 +171,11 @@ nsCodebasePrincipal::Init(nsIURI *uri) char *codebase; if (NS_FAILED(uri->GetSpec(&codebase))) return NS_ERROR_FAILURE; - if (NS_FAILED(mJSPrincipals.Init(codebase))) + if (NS_FAILED(mJSPrincipals.Init(codebase))) { + nsCRT::free(codebase); return NS_ERROR_FAILURE; + } + // JSPrincipals::Init adopts codebase, so no need to free now NS_ADDREF(this); mURI = uri; NS_ADDREF(mURI); diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 7edbf8ec474..7ef3d50b0f7 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -38,6 +38,19 @@ static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID); static NS_DEFINE_IID(kIScriptSecurityManagerIID, NS_ISCRIPTSECURITYMANAGER_IID); static NS_DEFINE_IID(kIXPCSecurityManagerIID, NS_IXPCSECURITYMANAGER_IID); +static const char accessErrorMessage[] = + "access disallowed from scripts at %s to documents at another domain"; + +enum { + SCRIPT_SECURITY_SAME_DOMAIN_ACCESS, + SCRIPT_SECURITY_ALL_ACCESS, + SCRIPT_SECURITY_NO_ACCESS +}; + +//////////////////////////////////// +// Methods implementing ISupports // +//////////////////////////////////// + NS_IMETHODIMP nsScriptSecurityManager::QueryInterface(REFNSIID aIID, void** aInstancePtr) { @@ -59,29 +72,10 @@ nsScriptSecurityManager::QueryInterface(REFNSIID aIID, void** aInstancePtr) NS_IMPL_ADDREF(nsScriptSecurityManager); NS_IMPL_RELEASE(nsScriptSecurityManager); -static const char accessErrorMessage[] = - "access disallowed from scripts at %s to documents at another domain"; - -nsScriptSecurityManager::nsScriptSecurityManager(void) - : mSystemPrincipal(nsnull) -{ - NS_INIT_REFCNT(); -} - -nsScriptSecurityManager::~nsScriptSecurityManager(void) -{ -// nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs); -} - -nsScriptSecurityManager * -nsScriptSecurityManager::GetScriptSecurityManager() -{ - static nsScriptSecurityManager *ssecMan = NULL; - if (!ssecMan) - ssecMan = new nsScriptSecurityManager(); - return ssecMan; -} +/////////////////////////////////////////////////// +// Methods implementing nsIScriptSecurityManager // +/////////////////////////////////////////////////// NS_IMETHODIMP nsScriptSecurityManager::CheckScriptAccess(nsIScriptContext *aContext, @@ -126,14 +120,23 @@ nsScriptSecurityManager::CheckURI(nsIScriptContext *aContext, *aResult = PR_TRUE; return NS_OK; } - if (nsCRT::strcmp(scheme, "file") == 0) { - JSContext *cx = (JSContext*) aContext->GetNativeContext(); - nsCOMPtr principal; - if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))) || - !principal) - { + if (nsCRT::strcmp(scheme, "about") == 0) { + nsXPIDLCString spec; + if (NS_FAILED(aURI->GetSpec(getter_Copies(spec)))) return NS_ERROR_FAILURE; + if (nsCRT::strcmp(spec, "about:blank") == 0) { + *aResult = PR_TRUE; + return NS_OK; } + } + JSContext *cx = (JSContext*) aContext->GetNativeContext(); + nsCOMPtr principal; + if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))) || + !principal) + { + return NS_ERROR_FAILURE; + } + if (nsCRT::strcmp(scheme, "file") == 0) { nsCOMPtr codebase; if (NS_SUCCEEDED(principal->QueryInterface( NS_GET_IID(nsICodebasePrincipal), @@ -153,27 +156,22 @@ nsScriptSecurityManager::CheckURI(nsIScriptContext *aContext, if (NS_FAILED(principal->CanAccess("UniversalFileRead", aResult))) return NS_ERROR_FAILURE; - if (!*aResult) { - // Report error. - nsXPIDLCString spec; - if (NS_FAILED(aURI->GetSpec(getter_Copies(spec)))) - return NS_ERROR_FAILURE; - JS_ReportError(cx, "illegal URL method '%s'", (const char *)spec); - } - return NS_OK; + if (*aResult) + return NS_OK; } - if (nsCRT::strcmp(scheme, "about") == 0) { + + // Only allowed for the system principal to create other URIs. + if (NS_FAILED(principal->Equals(mSystemPrincipal, aResult))) + return NS_ERROR_FAILURE; + + if (!*aResult) { + // Report error. nsXPIDLCString spec; if (NS_FAILED(aURI->GetSpec(getter_Copies(spec)))) return NS_ERROR_FAILURE; - if (nsCRT::strcmp(spec, "about:blank") == 0) { - *aResult = PR_TRUE; - return NS_OK; - } + JS_ReportError(cx, "illegal URL method '%s'", (const char *)spec); } - // Otherwise, not allowed. - *aResult = PR_FALSE; return NS_OK; } @@ -206,6 +204,89 @@ nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI *aURI, return NS_OK; } +//////////////////////////////////////////////// +// Methods implementing nsIXPCSecurityManager // +//////////////////////////////////////////////// + +NS_IMETHODIMP +nsScriptSecurityManager::CanCreateWrapper(JSContext *aJSContext, + const nsIID &aIID, + nsISupports *aObj) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanCreateInstance(JSContext *aJSContext, + const nsCID &aCID) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanGetService(JSContext *aJSContext, + const nsCID &aCID) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanCallMethod(JSContext *aJSContext, + const nsIID &aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanGetProperty(JSContext *aJSContext, + const nsIID &aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanSetProperty(JSContext *aJSContext, + const nsIID &aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + +/////////////////// +// Other methods // +/////////////////// + +nsScriptSecurityManager::nsScriptSecurityManager(void) + : mSystemPrincipal(nsnull) +{ + NS_INIT_REFCNT(); +} + +nsScriptSecurityManager::~nsScriptSecurityManager(void) +{ +// nsServiceManager::ReleaseService(kPrefServiceCID, mPrefs); +} + +nsScriptSecurityManager * +nsScriptSecurityManager::GetScriptSecurityManager() +{ + static nsScriptSecurityManager *ssecMan = NULL; + if (!ssecMan) + ssecMan = new nsScriptSecurityManager(); + return ssecMan; +} + NS_IMETHODIMP nsScriptSecurityManager::GetSubjectPrincipal(JSContext *aCx, nsIPrincipal **result) @@ -410,7 +491,8 @@ nsScriptSecurityManager::AddSecPolicyPrefix(JSContext *cx, char *pref_str) char * nsScriptSecurityManager::GetSitePolicy(const char *org) { - char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar, *end, *match = 0; + char *sitepol, *sp, *nextsp, *orghost = 0, *retval = 0, *prot, *bar; + char *end, *match = 0; int splen, matlen; nsIURL *url; nsresult rv; @@ -418,7 +500,8 @@ nsScriptSecurityManager::GetSitePolicy(const char *org) NS_WITH_SERVICE(nsIComponentManager, compMan, kComponentManagerCID, &rv); if (NS_FAILED(rv)) return nsnull; - rv = compMan->CreateInstance(kURLCID,NULL, NS_GET_IID(nsIURL), (void**) &url); + rv = compMan->CreateInstance(kURLCID, nsnull, NS_GET_IID(nsIURL), + (void**) &url); if (NS_FAILED(rv)) return nsnull; nsServiceManager::GetService(kPrefServiceCID, NS_GET_IID(nsIPref), @@ -494,11 +577,9 @@ nsScriptSecurityManager::GetSitePolicy(const char *org) return retval; } - NS_IMETHODIMP nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext) { -#if 0 nsCOMPtr subject; if (NS_FAILED(GetSubjectPrincipal(aJSContext, getter_AddRefs(subject)))) return NS_ERROR_FAILURE; @@ -509,67 +590,8 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext) return NS_ERROR_FAILURE; if (!ok) { JS_ReportError(aJSContext, "Access denied to XPConnect service."); - NS_ASSERTION(ok, "Access denied to XPConnect service."); return NS_ERROR_FAILURE; } -#endif return NS_OK; } - -NS_IMETHODIMP -nsScriptSecurityManager::CanCreateWrapper(JSContext * aJSContext, - const nsIID & aIID, - nsISupports * aObj) -{ - return CheckXPCPermissions(aJSContext); -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanCreateInstance(JSContext * aJSContext, - const nsCID & aCID) -{ - return CheckXPCPermissions(aJSContext); -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanGetService(JSContext * aJSContext, - const nsCID & aCID) -{ - return CheckXPCPermissions(aJSContext); -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanCallMethod(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return CheckXPCPermissions(aJSContext); -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanGetProperty(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return CheckXPCPermissions(aJSContext); -} - -NS_IMETHODIMP -nsScriptSecurityManager::CanSetProperty(JSContext * aJSContext, - const nsIID & aIID, - nsISupports *aObj, - nsIInterfaceInfo *aInterfaceInfo, - PRUint16 aMethodIndex, - const jsid aName) -{ - return CheckXPCPermissions(aJSContext); -} - - diff --git a/mozilla/suite/browser/navigator.xul b/mozilla/suite/browser/navigator.xul index d279b21cdb6..3e9cd0d15d7 100644 --- a/mozilla/suite/browser/navigator.xul +++ b/mozilla/suite/browser/navigator.xul @@ -539,9 +539,8 @@ Contributor(s): ______________________________________. --> - + - diff --git a/mozilla/xpfe/browser/resources/content/navigator.xul b/mozilla/xpfe/browser/resources/content/navigator.xul index d279b21cdb6..3e9cd0d15d7 100644 --- a/mozilla/xpfe/browser/resources/content/navigator.xul +++ b/mozilla/xpfe/browser/resources/content/navigator.xul @@ -539,9 +539,8 @@ Contributor(s): ______________________________________. --> - + -