Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r?ckerschb
This is necessary for tests which need to verify that reports are being sent
for the correct inline sources, where the current sample size is not enough to
completely distinguish them.
MozReview-Commit-ID: 2k2vAhJhIsi
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -34,16 +34,17 @@
#include "nsNetUtil.h"
#include "nsIContentPolicy.h"
#include "nsSupportsPrimitives.h"
#include "nsThreadUtils.h"
#include "nsString.h"
#include "nsScriptSecurityManager.h"
#include "nsStringStream.h"
#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
#include "mozilla/dom/CSPReportBinding.h"
#include "mozilla/dom/CSPDictionariesBinding.h"
#include "mozilla/net/ReferrerPolicy.h"
#include "nsINetworkInterceptController.h"
#include "nsSandboxFlags.h"
#include "nsIScriptElement.h"
#include "nsIEventTarget.h"
#include "mozilla/dom/DocGroup.h"
@@ -266,22 +267,32 @@ NS_IMPL_CLASSINFO(nsCSPContext,
nullptr,
nsIClassInfo::MAIN_THREAD_ONLY,
NS_CSPCONTEXT_CID)
NS_IMPL_ISUPPORTS_CI(nsCSPContext,
nsIContentSecurityPolicy,
nsISerializable)
+int32_t nsCSPContext::sScriptSampleMaxLength;
+
nsCSPContext::nsCSPContext()
: mInnerWindowID(0)
, mLoadingContext(nullptr)
, mLoadingPrincipal(nullptr)
, mQueueUpMessages(true)
{
+ static bool sInitialized = false;
+ if (!sInitialized) {
+ Preferences::AddIntVarCache(&sScriptSampleMaxLength,
+ "security.csp.reporting.script-sample.max-length",
+ 40);
+ sInitialized = true;
+ }
+
CSPCONTEXTLOG(("nsCSPContext::nsCSPContext"));
}
nsCSPContext::~nsCSPContext()
{
CSPCONTEXTLOG(("nsCSPContext::~nsCSPContext"));
for (uint32_t i = 0; i < mPolicies.Length(); i++) {
delete mPolicies[i];
@@ -474,19 +485,19 @@ nsCSPContext::reportInlineViolation(nsCo
// use selfURI as the sourceFile
nsAutoCString sourceFile;
if (mSelfURI) {
mSelfURI->GetSpec(sourceFile);
}
nsAutoString codeSample(aContent);
- // cap the length of the script sample at 40 chars
- if (codeSample.Length() > 40) {
- codeSample.Truncate(40);
+ // cap the length of the script sample
+ if (codeSample.Length() > ScriptSampleMaxLength()) {
+ codeSample.Truncate(ScriptSampleMaxLength());
codeSample.AppendLiteral("...");
}
AsyncReportViolation(selfISupports, // aBlockedContentSource
mSelfURI, // aOriginalURI
aViolatedDirective, // aViolatedDirective
aViolatedPolicyIndex, // aViolatedPolicyIndex
observerSubject, // aObserverSubject
NS_ConvertUTF8toUTF16(sourceFile), // aSourceFile
--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@@ -101,16 +101,23 @@ class nsCSPContext : public nsIContentSe
// helper to report inline script/style violations
void reportInlineViolation(nsContentPolicyType aContentType,
const nsAString& aNonce,
const nsAString& aContent,
const nsAString& aViolatedDirective,
uint32_t aViolatedPolicyIndex,
uint32_t aLineNumber);
+ static int32_t sScriptSampleMaxLength;
+
+ static uint32_t ScriptSampleMaxLength()
+ {
+ return std::max(sScriptSampleMaxLength, 0);
+ }
+
nsString mReferrer;
uint64_t mInnerWindowID; // used for web console logging
nsTArray<nsCSPPolicy*> mPolicies;
nsCOMPtr<nsIURI> mSelfURI;
nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache;
nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup;
nsWeakPtr mLoadingContext;
// The CSP hangs off the principal, so let's store a raw pointer of the principal