When going back or forward to wyciwyg pages, make sure to correctly restore

their principal from session history.  Bug 172261 and bug 301510, r+sr=jst


git-svn-id: svn://10.0.0.236/trunk@218955 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/content/html/document/src/nsHTMLDocument.cpp

@@ -3596,6 +3596,9 @@ nsHTMLDocument::CreateAndAddWyciwygChannel(void)
 
   mWyciwygChannel->SetSecurityInfo(mSecurityInfo);
 
+  // Use our new principal
+  channel->SetOwner(NodePrincipal());
+
   // Inherit load flags from the original document's channel
   channel->SetLoadFlags(mLoadFlags);
 

mozilla/content/html/document/src/nsWyciwygChannel.cpp

@@ -199,24 +199,11 @@ nsWyciwygChannel::GetURI(nsIURI* *aURI)
 NS_IMETHODIMP
 nsWyciwygChannel::GetOwner(nsISupports **aOwner)
 {
-  nsresult rv = NS_OK;
+  NS_PRECONDITION(mOwner, "Must have a principal!");
+  NS_ENSURE_STATE(mOwner);
 
-  if (!mOwner) {
-    // Create codebase principal with URI of original document, not our URI
-
-    // without an owner or an original URI!
-    NS_ENSURE_TRUE(mOriginalURI, NS_ERROR_FAILURE);
-
-    nsCOMPtr<nsIPrincipal> principal;
-    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
-    rv = secMan->GetCodebasePrincipal(mOriginalURI, getter_AddRefs(principal));
-    if (NS_SUCCEEDED(rv)) {
-      mOwner = principal;
-    }
-  }
-
-  NS_IF_ADDREF(*aOwner = mOwner);
-  return rv;
+  NS_ADDREF(*aOwner = mOwner);
+  return NS_OK;
 }
 
 NS_IMETHODIMP
@@ -299,9 +286,15 @@ nsWyciwygChannel::Open(nsIInputStream ** aReturn)
 NS_IMETHODIMP
 nsWyciwygChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
 {
+  // The only places creating wyciwyg: channels should be
+  // HTMLDocument::OpenCommon and session history.  Both should be setting an
+  // owner.
+  NS_PRECONDITION(mOwner, "Must have a principal");
+  
   LOG(("nsWyciwygChannel::AsyncOpen [this=%x]\n", this));
 
   NS_ENSURE_TRUE(!mIsPending, NS_ERROR_IN_PROGRESS);
+  NS_ENSURE_STATE(mOwner);
   NS_ENSURE_ARG_POINTER(listener);
 
   nsCAutoString spec;

mozilla/content/html/document/src/nsWyciwygProtocolHandler.cpp

@@ -127,8 +127,15 @@ nsWyciwygProtocolHandler::NewChannel(nsIURI* url, nsIChannel* *result)
 NS_IMETHODIMP
 nsWyciwygProtocolHandler::GetProtocolFlags(PRUint32 *result) 
 {
-  // Should this be an an nsINestedURI?  We don't really want random
-  // webpages loading these URIs...
-  *result = URI_NORELATIVE | URI_NOAUTH | URI_DANGEROUS_TO_LOAD;
+  // Should this be an an nsINestedURI?  We don't really want random webpages
+  // loading these URIs...
+
+  // Note that using URI_INHERITS_SECURITY_CONTEXT here is OK -- untrusted code
+  // is not allowed to link to wyciwyg URIs and users shouldn't be able to get
+  // at them, and nsDocShell::InternalLoad forbids non-history loads of these
+  // URIs.  And when loading from history we end up using the principal from
+  // the history entry, which we put there ourselves, so all is ok.
+  *result = URI_NORELATIVE | URI_NOAUTH | URI_DANGEROUS_TO_LOAD |
+    URI_INHERITS_SECURITY_CONTEXT;
   return NS_OK;
 }

mozilla/testing/mochitest/tests/index.html

@@ -60,6 +60,7 @@ RunSet.runall = function() {
       'test_bug24958.html',
       'test_bug51034.html',
       'test_bug100533.html',
+      'test_bug172261.html',  // Test for content/html/document/src stuff
       'test_bug218236.html',
       'test_bug218277.html',
       'test_bug237071.html',

mozilla/testing/mochitest/tests/test_bug172261.html

@@ -0,0 +1,68 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=172261
+-->
+<head>
+  <title>Test for Bug 172261</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=172261">Mozilla Bug 172261</a>
+<p id="display">
+  <iframe id="test"></iframe>
+</p>
+<div id="content" style="display: none">
+  
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+  /** Test for Bug 172261 **/
+  SimpleTest.waitForExplicitFinish();
+
+  var callable = false;
+  function toggleCallable() { callable = true; }
+
+  var doTestInIframe = false;
+
+  // Shouldn't do history stuff from inside onload
+  addLoadEvent(function() { setTimeout(startTest, 10) });
+
+  function startTest() {
+    // First, create a dummy document.  Use onunload handlers to make sure
+    // bfcache doesn't screw us up.
+    var doc = $("test").contentDocument;
+    
+    doc.write("<html><body onunload=''>First</body></html>");
+    doc.close();
+
+    // Now write our test document
+    doc.write("<html><script>window.onerror = parent.onerror; if (parent.doTestInIframe) { parent.is(document.domain, parent.document.domain, 'Domains should match');  parent.toggleCallable(); } <"  + "/script><body>Second</body></html>");
+    doc.close();
+
+    $("test").onload = goForward;
+    history.back();
+  }
+
+  function goForward() {
+      $("test").onload = doTest;
+      doTestInIframe = true;
+      history.forward();
+  }
+
+  function doTest() {
+    is($("test").contentDocument.domain, document.domain,
+       "Domains should match 2");
+    // Make that into an is() once bug 269270 is fixed.
+    todo($("test").contentDocument.location.href == location.href,
+         "Locations should match");
+    is(callable, true, "Subframe should be able to call us");
+    SimpleTest.finish();
+  }
+</script>
+</pre>
+</body>
+</html>
+