1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* ***** BEGIN LICENSE BLOCK *****
3 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 : *
5 : * The contents of this file are subject to the Mozilla Public License Version
6 : * 1.1 (the "License"); you may not use this file except in compliance with
7 : * the License. You may obtain a copy of the License at
8 : * http://www.mozilla.org/MPL/
9 : *
10 : * Software distributed under the License is distributed on an "AS IS" basis,
11 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 : * for the specific language governing rights and limitations under the
13 : * License.
14 : *
15 : * The Original Code is mozilla.org code.
16 : *
17 : * The Initial Developer of the Original Code is
18 : * Boris Zbarsky <bzbarsky@mit.edu>.
19 : * Portions created by the Initial Developer are Copyright (C) 2004
20 : * the Initial Developer. All Rights Reserved.
21 : *
22 : * Contributor(s):
23 : *
24 : * Alternatively, the contents of this file may be used under the terms of
25 : * either of the GNU General Public License Version 2 or later (the "GPL"),
26 : * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 : * in which case the provisions of the GPL or the LGPL are applicable instead
28 : * of those above. If you wish to allow use of your version of this file only
29 : * under the terms of either the GPL or the LGPL, and not to allow others to
30 : * use your version of this file under the terms of the MPL, indicate your
31 : * decision by deleting the provisions above and replace them with the notice
32 : * and other provisions required by the GPL or the LGPL. If you do not delete
33 : * the provisions above, a recipient may use your version of this file under
34 : * the terms of any one of the MPL, the GPL or the LGPL.
35 : *
36 : * ***** END LICENSE BLOCK ***** */
37 :
38 : /*
39 : * Content policy implementation that prevents all loads of images,
40 : * subframes, etc from documents loaded as data (eg documents loaded
41 : * via XMLHttpRequest).
42 : */
43 :
44 : #include "nsDataDocumentContentPolicy.h"
45 : #include "nsNetUtil.h"
46 : #include "nsScriptSecurityManager.h"
47 : #include "nsIDocument.h"
48 : #include "nsINode.h"
49 : #include "nsIDOMWindow.h"
50 : #include "nsIDOMDocument.h"
51 :
52 36 : NS_IMPL_ISUPPORTS1(nsDataDocumentContentPolicy, nsIContentPolicy)
53 :
54 : // Helper method for ShouldLoad()
55 : // Checks a URI for the given flags. Returns true if the URI has the flags,
56 : // and false if not (or if we weren't able to tell).
57 : static bool
58 0 : HasFlags(nsIURI* aURI, PRUint32 aURIFlags)
59 : {
60 : bool hasFlags;
61 0 : nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
62 0 : return NS_SUCCEEDED(rv) && hasFlags;
63 : }
64 :
65 : NS_IMETHODIMP
66 10 : nsDataDocumentContentPolicy::ShouldLoad(PRUint32 aContentType,
67 : nsIURI *aContentLocation,
68 : nsIURI *aRequestingLocation,
69 : nsISupports *aRequestingContext,
70 : const nsACString &aMimeGuess,
71 : nsISupports *aExtra,
72 : PRInt16 *aDecision)
73 : {
74 10 : *aDecision = nsIContentPolicy::ACCEPT;
75 : // Look for the document. In most cases, aRequestingContext is a node.
76 20 : nsCOMPtr<nsIDocument> doc;
77 20 : nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);
78 10 : if (node) {
79 8 : doc = node->OwnerDoc();
80 : } else {
81 4 : nsCOMPtr<nsIDOMWindow> window = do_QueryInterface(aRequestingContext);
82 2 : if (window) {
83 0 : nsCOMPtr<nsIDOMDocument> domDoc;
84 0 : window->GetDocument(getter_AddRefs(domDoc));
85 0 : doc = do_QueryInterface(domDoc);
86 : }
87 : }
88 :
89 : // DTDs are always OK to load
90 10 : if (!doc || aContentType == nsIContentPolicy::TYPE_DTD) {
91 10 : return NS_OK;
92 : }
93 :
94 : // Nothing else is OK to load for data documents
95 0 : if (doc->IsLoadedAsData()) {
96 0 : *aDecision = nsIContentPolicy::REJECT_TYPE;
97 0 : return NS_OK;
98 : }
99 :
100 0 : if (doc->IsBeingUsedAsImage()) {
101 : // We only allow SVG images to load content from URIs that are local and
102 : // also satisfy one of the following conditions:
103 : // - URI inherits security context, e.g. data URIs
104 : // OR
105 : // - URI loadable by subsumers, e.g. blob URIs
106 : // Any URI that doesn't meet these requirements will be rejected below.
107 0 : if (!HasFlags(aContentLocation,
108 0 : nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) ||
109 : (!HasFlags(aContentLocation,
110 0 : nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) &&
111 : !HasFlags(aContentLocation,
112 0 : nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS))) {
113 0 : *aDecision = nsIContentPolicy::REJECT_TYPE;
114 :
115 : // Report error, if we can.
116 0 : if (node) {
117 0 : nsIPrincipal* requestingPrincipal = node->NodePrincipal();
118 0 : nsRefPtr<nsIURI> principalURI;
119 : nsresult rv =
120 0 : requestingPrincipal->GetURI(getter_AddRefs(principalURI));
121 0 : if (NS_SUCCEEDED(rv) && principalURI) {
122 : nsScriptSecurityManager::ReportError(
123 0 : nsnull, NS_LITERAL_STRING("CheckSameOriginError"), principalURI,
124 0 : aContentLocation);
125 : }
126 : }
127 0 : } else if (aContentType == nsIContentPolicy::TYPE_IMAGE &&
128 0 : doc->GetDocumentURI()) {
129 : // Check for (& disallow) recursive image-loads
130 : bool isRecursiveLoad;
131 : nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
132 0 : &isRecursiveLoad);
133 0 : if (NS_FAILED(rv) || isRecursiveLoad) {
134 0 : NS_WARNING("Refusing to recursively load image");
135 0 : *aDecision = nsIContentPolicy::REJECT_TYPE;
136 : }
137 : }
138 0 : return NS_OK;
139 : }
140 :
141 : // Allow all loads for non-resource documents
142 0 : if (!doc->IsResourceDoc()) {
143 0 : return NS_OK;
144 : }
145 :
146 : // For resource documents, blacklist some load types
147 0 : if (aContentType == nsIContentPolicy::TYPE_OBJECT ||
148 : aContentType == nsIContentPolicy::TYPE_DOCUMENT ||
149 : aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
150 : aContentType == nsIContentPolicy::TYPE_SCRIPT) {
151 0 : *aDecision = nsIContentPolicy::REJECT_TYPE;
152 : }
153 :
154 0 : return NS_OK;
155 : }
156 :
157 : NS_IMETHODIMP
158 0 : nsDataDocumentContentPolicy::ShouldProcess(PRUint32 aContentType,
159 : nsIURI *aContentLocation,
160 : nsIURI *aRequestingLocation,
161 : nsISupports *aRequestingContext,
162 : const nsACString &aMimeGuess,
163 : nsISupports *aExtra,
164 : PRInt16 *aDecision)
165 : {
166 : return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
167 0 : aRequestingContext, aMimeGuess, aExtra, aDecision);
168 : }
|