Bug 1300720 - Part 1: Prevent file:, chrome: and resource: URIs from using an external protocol handler. r=honza
MozReview-Commit-ID: Fgu2UDGOFHG
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -497,43 +497,49 @@ nsIOService::GetCachedProtocolHandler(co
: (!nsCRT::strcasecmp(scheme, gScheme[i])))
{
return CallQueryReferent(mWeakHandler[i].get(), result);
}
}
return NS_ERROR_FAILURE;
}
+static bool
+UsesExternalProtocolHandler(const char* aScheme)
+{
+ if (NS_LITERAL_CSTRING("file").Equals(aScheme) ||
+ NS_LITERAL_CSTRING("chrome").Equals(aScheme) ||
+ NS_LITERAL_CSTRING("resource").Equals(aScheme)) {
+ // Don't allow file:, chrome: or resource: URIs to be handled with
+ // nsExternalProtocolHandler, since internally we rely on being able to
+ // use and read from these URIs.
+ return false;
+ }
+
+ nsAutoCString pref("network.protocol-handler.external.");
+ pref += aScheme;
+
+ return Preferences::GetBool(pref.get(), false);
+}
+
NS_IMETHODIMP
nsIOService::GetProtocolHandler(const char* scheme, nsIProtocolHandler* *result)
{
nsresult rv;
NS_ENSURE_ARG_POINTER(scheme);
// XXX we may want to speed this up by introducing our own protocol
// scheme -> protocol handler mapping, avoiding the string manipulation
// and service manager stuff
rv = GetCachedProtocolHandler(scheme, result);
if (NS_SUCCEEDED(rv))
return rv;
- bool externalProtocol = false;
- nsCOMPtr<nsIPrefBranch> prefBranch;
- GetPrefBranch(getter_AddRefs(prefBranch));
- if (prefBranch) {
- nsAutoCString externalProtocolPref("network.protocol-handler.external.");
- externalProtocolPref += scheme;
- rv = prefBranch->GetBoolPref(externalProtocolPref.get(), &externalProtocol);
- if (NS_FAILED(rv)) {
- externalProtocol = false;
- }
- }
-
- if (!externalProtocol) {
+ if (!UsesExternalProtocolHandler(scheme)) {
nsAutoCString contractID(NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX);
contractID += scheme;
ToLowerCase(contractID);
rv = CallGetService(contractID.get(), result);
if (NS_SUCCEEDED(rv)) {
CacheProtocolHandler(scheme, *result);
return rv;