diff --git a/mozilla/docshell/base/nsDocShell.cpp b/mozilla/docshell/base/nsDocShell.cpp index 6ade588bdb2..90a4ef0da09 100644 --- a/mozilla/docshell/base/nsDocShell.cpp +++ b/mozilla/docshell/base/nsDocShell.cpp @@ -4722,6 +4722,29 @@ nsDocShell::CreateAboutBlankContentViewer() mCreatingDocument = PR_TRUE; + if (mContentViewer) { + // We've got a content viewer already. Make sure the user + // permits us to discard the current document and replace it + // with about:blank. And also ensure we fire the unload events + // in the current document. + + PRBool okToUnload; + rv = mContentViewer->PermitUnload(&okToUnload); + + if (NS_SUCCEEDED(rv) && !okToUnload) { + // The user chose not to unload the page, interrupt the load. + return NS_ERROR_FAILURE; + } + + // Notify the current document that it is about to be unloaded!! + // + // It is important to fire the unload() notification *before* any state + // is changed within the DocShell - otherwise, javascript will get the + // wrong information :-( + // + (void) FireUnloadNotification(); + } + // one helper factory, please nsCOMPtr catMan(do_GetService(NS_CATEGORYMANAGER_CONTRACTID)); if (!catMan) @@ -7151,6 +7174,26 @@ nsDocShell::LoadHistoryEntry(nsISHEntry * aEntry, PRUint32 aLoadType) NS_ERROR_FAILURE); NS_ENSURE_SUCCESS(aEntry->GetContentType(contentType), NS_ERROR_FAILURE); + PRBool isJavaScript, isViewSource, isData; + if ((NS_SUCCEEDED(uri->SchemeIs("javascript", &isJavaScript)) && + isJavaScript) || + (NS_SUCCEEDED(uri->SchemeIs("view-source", &isViewSource)) && + isViewSource) || + (NS_SUCCEEDED(uri->SchemeIs("data", &isData)) && isData)) { + // We're loading a javascript: or data: URL from session + // history. Replace the current document with about:blank to + // prevent anything from the current document from leaking + // into any JavaScript code in the URL. + rv = CreateAboutBlankContentViewer(); + + if (NS_FAILED(rv)) { + // The creation of the intermittent about:blank content + // viewer failed for some reason (potentially because the + // user prevented it). Interrupt the history load. + return NS_OK; + } + } + /* If there is a valid postdata *and* the user pressed * reload or shift-reload, take user's permission before we * repost the data to the server. diff --git a/mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp b/mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp index 1b3e9f0d27c..83dfbc0d4fc 100644 --- a/mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp +++ b/mozilla/xpinstall/src/nsJSInstallTriggerGlobal.cpp @@ -44,6 +44,11 @@ #include "nsString.h" #include "nsIDOMInstallVersion.h" #include "nsIDOMInstallTriggerGlobal.h" +#include "nsIDOMWindow.h" +#include "nsIDOMDocument.h" +#include "nsIDocument.h" +#include "nsIDocShell.h" +#include "nsIObserverService.h" #include "nsInstallTrigger.h" #include "nsXPITriggerInfo.h" @@ -143,6 +148,59 @@ static JSBool CreateNativeObject(JSContext *cx, JSObject *obj, nsIDOMInstallTrig return JS_TRUE; } +// +// Helper function for URI verification +// +static nsresult +InstallTriggerCheckLoadURIFromScript(JSContext *cx, const nsAString& uriStr) +{ + nsresult rv; + nsCOMPtr secman( + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID,&rv)); + NS_ENSURE_SUCCESS(rv, rv); + + // get the script base URI + nsCOMPtr scriptURI; + nsCOMPtr principal; + rv = secman->GetSubjectPrincipal(getter_AddRefs(principal)); + NS_ENSURE_SUCCESS(rv, rv); + if (!principal) + return NS_ERROR_FAILURE; + + rv = principal->GetURI(getter_AddRefs(scriptURI)); + NS_ENSURE_SUCCESS(rv, rv); + + if (!scriptURI) { + // No URI reachable from the principal, get one from the calling + // window. + + nsIScriptContext *scx = GetScriptContextFromJSContext(cx); + NS_ENSURE_TRUE(scx, NS_ERROR_FAILURE); + + nsCOMPtr window = + do_QueryInterface(scx->GetGlobalObject()); + NS_ENSURE_TRUE(window, NS_ERROR_FAILURE); + + nsCOMPtr domDoc; + window->GetDocument(getter_AddRefs(domDoc)); + + nsCOMPtr doc = do_QueryInterface(domDoc); + NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE); + + scriptURI = doc->GetDocumentURI(); + } + + // convert the requested URL string to a URI + nsCOMPtr uri; + rv = NS_NewURI(getter_AddRefs(uri), uriStr); + NS_ENSURE_SUCCESS(rv, rv); + + // are we allowed to load this one? + rv = secman->CheckLoadURI(scriptURI, uri, + nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA); + return rv; +} + // // Native method UpdateEnabled // @@ -215,11 +273,7 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg } } - // if we can't create a security manager we might be in the wizard, allow PRBool abortLoad = PR_FALSE; - nsCOMPtr secman( - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); - // parse associative array of installs if ( argc >= 1 && JSVAL_IS_OBJECT(argv[0]) ) @@ -267,19 +321,6 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg xpiURL = NS_ConvertUTF8toUTF16(resolvedURL); } - // Make sure we're allowed to load this URL - if (secman) - { - nsCOMPtr uri; - nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL); - if (NS_SUCCEEDED(rv)) - { - rv = secman->CheckLoadURIFromScript(cx, uri); - if (NS_FAILED(rv)) - abortLoad = PR_TRUE; - } - } - nsAutoString icon(iconURL); if (iconURL && baseURL) { @@ -288,13 +329,28 @@ InstallTriggerGlobalInstall(JSContext *cx, JSObject *obj, uintN argc, jsval *arg icon = NS_ConvertUTF8toUTF16(resolvedIcon); } - nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() ); - if ( item ) - { - trigger->Add( item ); - } - else + // Make sure we're allowed to load this URL and the icon URL + nsresult rv = InstallTriggerCheckLoadURIFromScript(cx, xpiURL); + if (NS_FAILED(rv)) abortLoad = PR_TRUE; + + if (!abortLoad && iconURL) + { + rv = InstallTriggerCheckLoadURIFromScript(cx, icon); + if (NS_FAILED(rv)) + abortLoad = PR_TRUE; + } + + if (!abortLoad) + { + nsXPITriggerItem *item = new nsXPITriggerItem( name, xpiURL.get(), icon.get() ); + if ( item ) + { + trigger->Add( item ); + } + else + abortLoad = PR_TRUE; + } } else abortLoad = PR_TRUE; @@ -393,20 +449,9 @@ InstallTriggerGlobalInstallChrome(JSContext *cx, JSObject *obj, uintN argc, jsva } // Make sure caller is allowed to load this url. - // if we can't create a security manager we might be in the wizard, allow - nsCOMPtr secman( - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); - if (secman) - { - nsCOMPtr uri; - nsresult rv = NS_NewURI(getter_AddRefs(uri), sourceURL); - if (NS_SUCCEEDED(rv)) - { - rv = secman->CheckLoadURIFromScript(cx, uri); - if (NS_FAILED(rv)) - return JS_FALSE; - } - } + nsresult rv = InstallTriggerCheckLoadURIFromScript(cx, sourceURL); + if (NS_FAILED(rv)) + return JS_FALSE; if ( chromeType & CHROME_ALL ) { @@ -481,20 +526,9 @@ InstallTriggerGlobalStartSoftwareUpdate(JSContext *cx, JSObject *obj, uintN argc } // Make sure caller is allowed to load this url. - // if we can't create a security manager we might be in the wizard, allow - nsCOMPtr secman( - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); - if (secman) - { - nsCOMPtr uri; - nsresult rv = NS_NewURI(getter_AddRefs(uri), xpiURL); - if (NS_SUCCEEDED(rv)) - { - rv = secman->CheckLoadURIFromScript(cx, uri); - if (NS_FAILED(rv)) - return JS_FALSE; - } - } + nsresult rv = InstallTriggerCheckLoadURIFromScript(cx, xpiURL); + if (NS_FAILED(rv)) + return JS_FALSE; if (argc >= 2 && !JS_ValueToInt32(cx, argv[1], (int32 *)&flags)) {