From bcfbe622ee45ee04daabd0eb8a9ea21280e50c8e Mon Sep 17 00:00:00 2001 From: "dwitte%stanford.edu" Date: Mon, 12 Nov 2007 07:58:16 +0000 Subject: [PATCH] Bug 400552 - setting document.domain inconsistent in face of IDN whitelist. r+sr+a1.9=jst git-svn-id: svn://10.0.0.236/trunk@239192 18797224-902f-48f8-a5cc-f745e15eee43 --- .../html/document/src/nsHTMLDocument.cpp | 56 ++++++++++--------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/mozilla/content/html/document/src/nsHTMLDocument.cpp b/mozilla/content/html/document/src/nsHTMLDocument.cpp index c6047b6e73d..fc4bcf57535 100644 --- a/mozilla/content/html/document/src/nsHTMLDocument.cpp +++ b/mozilla/content/html/document/src/nsHTMLDocument.cpp @@ -1695,34 +1695,8 @@ nsHTMLDocument::GetDomain(nsAString& aDomain) NS_IMETHODIMP nsHTMLDocument::SetDomain(const nsAString& aDomain) { - // Check new domain - must be a superdomain of the current host - // For example, a page from foo.bar.com may set domain to bar.com, - // but not to ar.com, baz.com, or fi.foo.bar.com. if (aDomain.IsEmpty()) return NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN; - nsAutoString current; - if (NS_FAILED(GetDomain(current))) - return NS_ERROR_FAILURE; - PRBool ok = current.Equals(aDomain); - if (current.Length() > aDomain.Length() && - StringEndsWith(current, aDomain, nsCaseInsensitiveStringComparator()) && - current.CharAt(current.Length() - aDomain.Length() - 1) == '.') { - // Using only a TLD is forbidden (bug 368700) - nsCOMPtr tldService = - do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); - if (!tldService) - return NS_ERROR_NOT_AVAILABLE; - - // try to get the base domain; if this works, we're ok - NS_ConvertUTF16toUTF8 str(aDomain); - nsCAutoString etld; - nsresult rv = tldService->GetBaseDomainFromHost(str, 0, etld); - ok = NS_SUCCEEDED(rv); - } - if (!ok) { - // Error: illegal domain - return NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN; - } // Create new URI nsCOMPtr uri; @@ -1746,6 +1720,36 @@ nsHTMLDocument::SetDomain(const nsAString& aDomain) if (NS_FAILED(NS_NewURI(getter_AddRefs(newURI), newURIString))) return NS_ERROR_FAILURE; + // Check new domain - must be a superdomain of the current host + // For example, a page from foo.bar.com may set domain to bar.com, + // but not to ar.com, baz.com, or fi.foo.bar.com. + nsCAutoString current, domain; + if (NS_FAILED(uri->GetHost(current))) + current.Truncate(); + if (NS_FAILED(newURI->GetHost(domain))) + domain.Truncate(); + + PRBool ok = current.Equals(domain); + if (current.Length() > domain.Length() && + StringEndsWith(current, domain) && + current.CharAt(current.Length() - domain.Length() - 1) == '.') { + // Using only a TLD is forbidden (bug 368700) + nsCOMPtr tldService = + do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + if (!tldService) + return NS_ERROR_NOT_AVAILABLE; + + // try to get the base domain; if this works, we're ok. + // if we're dealing with an IP address, getting the base domain + // will fail, as required. + nsCAutoString baseDomain; + ok = NS_SUCCEEDED(tldService->GetBaseDomain(newURI, 0, baseDomain)); + } + if (!ok) { + // Error: illegal domain + return NS_ERROR_DOM_BAD_DOCUMENT_DOMAIN; + } + return NodePrincipal()->SetDomain(newURI); }