Bug 1222924 - stop allowing webpages to link to moz-icon: , r?mrbkap
MozReview-Commit-ID: FKEDboWIfFQ
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -683,16 +683,25 @@ nsScriptSecurityManager::CheckLoadURIWit
else if (sViewSourceReachableFromInner &&
sourceScheme.EqualsIgnoreCase(targetScheme.get()) &&
NS_SUCCEEDED(aTargetURI->SchemeIs("view-source", &targetIsViewSource)) &&
targetIsViewSource)
{
// exception for foo: linking to view-source:foo for reftests...
return NS_OK;
}
+ else if (sourceScheme.EqualsIgnoreCase("file") &&
+ targetScheme.EqualsIgnoreCase("moz-icon"))
+ {
+ // exception for file: linking to moz-icon://.ext?size=...
+ // Note that because targetScheme is the base (innermost) URI scheme,
+ // this does NOT allow file -> moz-icon:file:///... links.
+ // This is intentional.
+ return NS_OK;
+ }
// Check for webextension
rv = NS_URIChainHasFlags(aTargetURI,
nsIProtocolHandler::URI_LOADABLE_BY_EXTENSIONS,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (hasFlags && BasePrincipal::Cast(aPrincipal)->AddonPolicy()) {
@@ -832,22 +841,16 @@ nsScriptSecurityManager::CheckLoadURIFla
// Check for chrome target URI
bool hasFlags = false;
rv = NS_URIChainHasFlags(aTargetBaseURI,
nsIProtocolHandler::URI_IS_UI_RESOURCE,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (hasFlags) {
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
- // For now, don't change behavior for moz-icon:// and just allow it.
- if (!targetScheme.EqualsLiteral("chrome")
- && !targetScheme.EqualsLiteral("resource")) {
- return NS_OK;
- }
-
// Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
// target if ALLOW_CHROME is set.
//
// ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
// loads (since docshell loads run the loaded content with its origin
// principal). So we're effectively allowing resource://, chrome://,
// and moz-icon:// source URIs to load resource://, chrome://, and
// moz-icon:// files, so long as they're not loading it as a document.
--- a/dom/security/test/mixedcontentblocker/file_main_bug803225.html
+++ b/dom/security/test/mixedcontentblocker/file_main_bug803225.html
@@ -13,17 +13,16 @@ https://bugzilla.mozilla.org/show_bug.cg
<div id="testContent"></div>
<!-- Test additional schemes the Mixed Content Blocker should not block
"about" protocol URIs that are URI_SAFE_FOR_UNTRUSTED_CONTENT (moz-safe-about; see nsAboutProtocolHandler::NewURI
"data",
"javascript",
"mailto",
"resource",
- "moz-icon",
"wss"
-->
<script>
//For tests that require setTimeout, set the timeout interval
var TIMEOUT_INTERVAL = 100;
@@ -65,52 +64,41 @@ https://bugzilla.mozilla.org/show_bug.cg
parent.postMessage({"test": "resource", "msg": "resource with resource protocol loaded"}, "http://mochi.test:8888");
}
resource_script.onerror = function() {
parent.postMessage({"test": "resource", "msg": "resource with resource protocol did not load"}, "http://mochi.test:8888");
}
testContent.appendChild(resource_script);
- // Test 4: moz-icon within an img tag
- var image=document.createElement("img");
- image.src = "moz-icon://dummy.exe?size=16";
- image.onload = function() {
- parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol loaded"}, "http://mochi.test:8888");
- }
- image.onerror = function() {
- parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol did not load"}, "http://mochi.test:8888");
- }
- // We don't need to append the image to the document. Doing so causes the image test to run twice.
-
- // Test 5: about unsafe protocol within an iframe
+ // Test 4: about unsafe protocol within an iframe
var unsafe_about_frame = document.createElement("iframe");
unsafe_about_frame.src = "about:config";
unsafe_about_frame.name = "unsafe_about_protocol";
unsafe_about_frame.onload = function() {
parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol loaded"}, "http://mochi.test:8888");
}
unsafe_about_frame.onerror = function() {
parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol did not load"}, "http://mochi.test:8888");
}
testContent.appendChild(unsafe_about_frame);
- // Test 6: data protocol within a script tag
+ // Test 5: data protocol within a script tag
var x = 2;
var newscript = document.createElement("script");
newscript.src= "data:text/javascript,var x = 4;";
newscript.onload = function() {
parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol loaded"}, "http://mochi.test:8888");
}
newscript.onerror = function() {
parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol did not load"}, "http://mochi.test:8888");
}
testContent.appendChild(newscript);
- // Test 7: mailto protocol
+ // Test 6: mailto protocol
let mm = SpecialPowers.loadChromeScript(function launchHandler() {
var { classes: Cc, interfaces: Ci } = Components;
var ioService = Cc["@mozilla.org/network/io-service;1"].
getService(Ci.nsIIOService);
var webHandler = Cc["@mozilla.org/uriloader/web-handler-app;1"].
createInstance(Ci.nsIWebHandlerApp);
webHandler.name = "Web Handler";
@@ -155,17 +143,17 @@ https://bugzilla.mozilla.org/show_bug.cg
if(!mailto) {
//There is no onerror event associated with the WebHandler, and hence we need a setTimeout to check the status
setTimeout(mailtoProtocolStatus, TIMEOUT_INTERVAL);
}
}
mailtoProtocolStatus();
- // Test 8: wss protocol
+ // Test 7: wss protocol
var wss;
wss = new WebSocket("wss://example.com/tests/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket");
var status_wss = "started";
wss.onopen = function(e) {
status_wss = "opened";
wss.close();
}
--- a/dom/security/test/mixedcontentblocker/test_bug803225.html
+++ b/dom/security/test/mixedcontentblocker/test_bug803225.html
@@ -31,17 +31,16 @@ https://bugzilla.mozilla.org/show_bug.cg
counter++;
callback();
});
}
var testsToRun = {
/* https - Tests already run as part of bug 62178. */
about: false,
- mozicon: false,
resource: false,
unsafe_about: false,
data_protocol: false,
javascript: false,
mailto: false,
wss: false,
};
@@ -95,21 +94,16 @@ https://bugzilla.mozilla.org/show_bug.cg
testsToRun["about"] = true;
break;
case "resource":
ok(event.data.msg == "resource with resource protocol loaded", "resource with resource protocol did not load");
testsToRun["resource"] = true;
break;
- case "mozicon":
- ok(event.data.msg == "resource with mozicon protocol loaded", "resource with mozicon protocol did not load");
- testsToRun["mozicon"] = true;
- break;
-
case "unsafe_about":
// This one should not load
ok(event.data.msg == "resource with unsafe about protocol did not load", "resource with unsafe about protocol loaded");
testsToRun["unsafe_about"] = true;
break;
case "data_protocol":
ok(event.data.msg == "resource with data protocol loaded", "resource with data protocol did not load");
--- a/image/test/reftest/downscaling/reftest.list
+++ b/image/test/reftest/downscaling/reftest.list
@@ -82,17 +82,19 @@ fuzzy(20,999) != downscale-2d.html?203,5
fuzzy(20,999) != downscale-2e.html?203,52,bottom about:blank
fuzzy(20,999) != downscale-2a.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2b.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2c.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2d.html?205,53,bottom about:blank
fuzzy(20,999) fails-if(OSX>=1008&&!skiaContent) != downscale-2e.html?205,53,bottom about:blank
-fuzzy(71,3391) skip-if(/^Linux\x20i686/.test(http.oscpu)) == downscale-moz-icon-1.html downscale-moz-icon-1-ref.html # linux32 timeout, bug 1328771
+# Skip on Android because it runs reftests via http, and moz-icon isn't
+# accessible from http/https origins anymore.
+fuzzy(71,3391) skip-if(Android||/^Linux\x20i686/.test(http.oscpu)) == downscale-moz-icon-1.html downscale-moz-icon-1-ref.html # linux32 timeout, bug 1328771
== downscale-png.html?16,16,interlaced downscale-png.html?16,16,normal
== downscale-png.html?24,24,interlaced downscale-png.html?24,24,normal
# Non-transparent and transparent ICO images
== downscale-16px.html?ff-0RGB.ico downscale-16px.html?ff-0RGB.png
fuzzy(1,1) == downscale-16px.html?ff-ARGB.ico downscale-16px.html?ff-ARGB.png
@@ -166,17 +168,19 @@ fuzzy(20,999) != downscale-2f.html?203,5
fuzzy(20,999) != downscale-2a.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2b.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2c.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2d.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2e.html?205,53,bottom about:blank
fuzzy(20,999) != downscale-2f.html?205,53,bottom about:blank
# Skip on WinXP with skia content
-fuzzy(77,4439) fails-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) skip-if(/^Linux\x20i686/.test(http.oscpu)) == downscale-moz-icon-1.html downscale-moz-icon-1-ref.html # linux32 timeout, bug 1328771
+# Skip on Android because it runs reftests via http, and moz-icon isn't
+# accessible from http/https origins anymore.
+fuzzy(77,4439) fails-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) skip-if(Android||/^Linux\x20i686/.test(http.oscpu)) == downscale-moz-icon-1.html downscale-moz-icon-1-ref.html # linux32 timeout, bug 1328771
== downscale-png.html?16,16,interlaced downscale-png.html?16,16,normal
== downscale-png.html?24,24,interlaced downscale-png.html?24,24,normal
# Non-transparent and transparent ICO images
fuzzy(1,3) == downscale-16px.html?ff-0RGB.ico downscale-16px.html?ff-0RGB.png
fuzzy(3,32) == downscale-16px.html?ff-ARGB.ico downscale-16px.html?ff-ARGB.png