aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-bug-1144991.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-bug-1144991.patch')
-rw-r--r--gnu/packages/patches/icecat-bug-1144991.patch76
1 files changed, 76 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-bug-1144991.patch b/gnu/packages/patches/icecat-bug-1144991.patch
new file mode 100644
index 0000000000..5632e37eb3
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1144991.patch
@@ -0,0 +1,76 @@
+From ae49ed04f54c2f78d6ba7e545e0099602a3270fa Mon Sep 17 00:00:00 2001
+From: Boris Zbarsky <bzbarsky@mit.edu>
+Date: Thu, 19 Mar 2015 18:58:44 -0400
+Subject: [PATCH] Bug 1144991 - Be a bit more restrictive about when a
+ URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that
+ doesn't have the same scheme. r=bholley, a=abillings
+
+---
+ caps/src/nsScriptSecurityManager.cpp | 38 +++++++++++++++++++++++++-----------
+ 1 file changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
+index 3587358..6577b95 100644
+--- a/caps/src/nsScriptSecurityManager.cpp
++++ b/caps/src/nsScriptSecurityManager.cpp
+@@ -770,12 +770,31 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (hasFlags) {
+ if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
++
++ // For now, don't change behavior for resource:// or moz-icon:// and
++ // just allow them.
+ if (!targetScheme.EqualsLiteral("chrome")) {
+- // for now don't change behavior for resource: or moz-icon:
+ return NS_OK;
+ }
+
+- // allow load only if chrome package is whitelisted
++ // Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
++ // target if ALLOW_CHROME is set.
++ //
++ // ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
++ // loads (since docshell loads run the loaded content with its origin
++ // principal). So we're effectively allowing resource://, chrome://,
++ // and moz-icon:// source URIs to load resource://, chrome://, and
++ // moz-icon:// files, so long as they're not loading it as a document.
++ bool sourceIsUIResource;
++ rv = NS_URIChainHasFlags(sourceBaseURI,
++ nsIProtocolHandler::URI_IS_UI_RESOURCE,
++ &sourceIsUIResource);
++ NS_ENSURE_SUCCESS(rv, rv);
++ if (sourceIsUIResource) {
++ return NS_OK;
++ }
++
++ // Allow the load only if the chrome package is whitelisted.
+ nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService(
+ NS_CHROMEREGISTRY_CONTRACTID));
+ if (reg) {
+@@ -787,17 +806,14 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
+ }
+ }
+
+- // resource: and chrome: are equivalent, securitywise
+- // That's bogus!! Fix this. But watch out for
+- // the view-source stylesheet?
+- bool sourceIsChrome;
+- rv = NS_URIChainHasFlags(sourceBaseURI,
+- nsIProtocolHandler::URI_IS_UI_RESOURCE,
+- &sourceIsChrome);
+- NS_ENSURE_SUCCESS(rv, rv);
+- if (sourceIsChrome) {
++ // Special-case the hidden window: it's allowed to load
++ // URI_IS_UI_RESOURCE no matter what. Bug 1145470 tracks removing this.
++ nsAutoCString sourceSpec;
++ if (NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
++ sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
+ return NS_OK;
+ }
++
+ if (reportErrors) {
+ ReportError(nullptr, errorTag, sourceURI, aTargetURI);
+ }
+--
+2.2.1
+