lib/elemHideHitRegistration.js - Issue 29329154: Issue 3108 - Implement security checks for elemhide registration channel on our end instead of leav…

Side by Side Diff: lib/elemHideHitRegistration.js

Issue 29329154: Issue 3108 - Implement security checks for elemhide registration channel on our end instead of leav… (Closed)

Patch Set: Created Oct. 15, 2015, 3:11 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-2015 Eyeo GmbH	3 * Copyright (C) 2006-2015 Eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 47 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
58	58

59 return this.QueryInterface(iid);	59 return this.QueryInterface(iid);

60 },	60 },

61	61

62 //	62 //

63 // About module implementation	63 // About module implementation

64 //	64 //

65	65

66 getURIFlags: function(uri)	66 getURIFlags: function(uri)

67 {	67 {

68 return ("HIDE_FROM_ABOUTABOUT" in Ci.nsIAboutModule ? Ci.nsIAboutModule.HIDE _FROM_ABOUTABOUT : 0);	68 return Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT;

69 },	69 },

70	70

71 newChannel: function(uri)	71 newChannel: function(uri, loadInfo)
	Thomas Greiner 2015/10/15 16:04:44 Where is `loadInfo` coming from? It's not specifie Where is `loadInfo` coming from? It's not specified in the `nsIAboutModule` interface. Wladimir Palant 2015/10/15 17:59:16 It is: http://mxr.mozilla.org/mozilla-central/sour Show quoted text On 2015/10/15 16:04:44, Thomas Greiner wrote: > Where is `loadInfo` coming from? It's not specified in the `nsIAboutModule` > interface. It is: http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/about/nsIAbout... (not on MDN of course because nobody thought of setting dev-doc-needed on https://bugzilla.mozilla.org/show_bug.cgi?id=1067468). This is all part of a huge refactoring effort under https://bugzilla.mozilla.org/show_bug.cgi?id=1006868. It's being passed in by the networking code. Older Firefox versions don't have that parameter, but these also don't expect us to set nsIChannel.loadInfo - so passing undefined around is ok here. Thomas Greiner 2015/10/15 18:03:09 I see, thanks for the details. I shouldn't have re Show quoted text On 2015/10/15 17:59:16, Wladimir Palant wrote: > On 2015/10/15 16:04:44, Thomas Greiner wrote: > > Where is `loadInfo` coming from? It's not specified in the `nsIAboutModule` > > interface. > > It is: > http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/about/nsIAbout... > (not on MDN of course because nobody thought of setting dev-doc-needed on > https://bugzilla.mozilla.org/show_bug.cgi?id=1067468). This is all part of a > huge refactoring effort under > https://bugzilla.mozilla.org/show_bug.cgi?id=1006868. > > It's being passed in by the networking code. Older Firefox versions don't have > that parameter, but these also don't expect us to set nsIChannel.loadInfo - so > passing undefined around is ok here. I see, thanks for the details. I shouldn't have relied on MDN in that case.
72 {	72 {

73 let match = /\?(\d+)/.exec(uri.path);	73 let match = /\?(\d+)/.exec(uri.path);

74 if (!match)	74 if (!match)

75 throw Cr.NS_ERROR_FAILURE;	75 throw Cr.NS_ERROR_FAILURE;

76	76

77 return new HitRegistrationChannel(uri, match[1]);	77 return new HitRegistrationChannel(uri, loadInfo, match[1]);

78 },	78 },

79	79

80 QueryInterface: XPCOMUtils.generateQI([Ci.nsIFactory, Ci.nsIAboutModule])	80 QueryInterface: XPCOMUtils.generateQI([Ci.nsIFactory, Ci.nsIAboutModule])

81 };	81 };

82 AboutHandler.init();	82 AboutHandler.init();

83	83

84 /**	84 /**

85 * Channel returning data for element hiding hits.	85 * Channel returning data for element hiding hits.

86 * @constructor	86 * @constructor

87 */	87 */

88 function HitRegistrationChannel(uri, key)	88 function HitRegistrationChannel(uri, loadInfo, key)

89 {	89 {

90 this.key = key;	90 this.key = key;

91 this.URI = this.originalURI = uri;	91 this.URI = this.originalURI = uri;

	92 this.loadInfo = loadInfo;

92 }	93 }

93 HitRegistrationChannel.prototype = {	94 HitRegistrationChannel.prototype = {

94 key: null,	95 key: null,

95 URI: null,	96 URI: null,

96 originalURI: null,	97 originalURI: null,

97 contentCharset: "utf-8",	98 contentCharset: "utf-8",

98 contentLength: 0,	99 contentLength: 0,

99 contentType: "text/xml",	100 contentType: "text/xml",

100 owner: Utils.systemPrincipal,	101 owner: Utils.systemPrincipal,

101 securityInfo: null,	102 securityInfo: null,

(...skipping 13 matching lines...) Expand all Loading...
115 } catch(e) {}	116 } catch(e) {}

116 try {	117 try {

117 listener.onDataAvailable(this, context, stream, 0, stream.available());	118 listener.onDataAvailable(this, context, stream, 0, stream.available());

118 } catch(e) {}	119 } catch(e) {}

119 try {	120 try {

120 listener.onStopRequest(this, context, Cr.NS_OK);	121 listener.onStopRequest(this, context, Cr.NS_OK);

121 } catch(e) {}	122 } catch(e) {}

122 });	123 });

123 },	124 },

124	125

	126 asyncOpen2: function(listener)

	127 {

	128 if (!this.loadInfo.triggeringPrincipal.equals(Utils.systemPrincipal))

	129 throw Cr.NS_ERROR_FAILURE;

	130 this.asyncOpen(listener, null);

	131 },

	132

125 open: function()	133 open: function()

126 {	134 {

127 let {Policy} = require("contentPolicy");	135 let {Policy} = require("contentPolicy");

128 let {ElemHide} = require("elemHide");	136 let {ElemHide} = require("elemHide");

129	137

130 // This dummy binding below won't have any effect on the element. For	138 // This dummy binding below won't have any effect on the element. For

131 // elements that should be hidden however we don't return any binding at	139 // elements that should be hidden however we don't return any binding at

132 // all, this makes Gecko stop constructing the node - it cannot be shown.	140 // all, this makes Gecko stop constructing the node - it cannot be shown.

133 let data = "<bindings xmlns='http://www.mozilla.org/xbl'><binding id='dummy' bindToUntrustedContent='true'/></bindings>";	141 let data = "<bindings xmlns='http://www.mozilla.org/xbl'><binding id='dummy' bindToUntrustedContent='true'/></bindings>";

134 let filter = ElemHide.getFilterByKey(this.key);	142 let filter = ElemHide.getFilterByKey(this.key);

(...skipping 20 matching lines...) Expand all Loading...
155 {	163 {

156 throw Cr.NS_ERROR_NOT_IMPLEMENTED;	164 throw Cr.NS_ERROR_NOT_IMPLEMENTED;

157 },	165 },

158 resume: function()	166 resume: function()

159 {	167 {

160 throw Cr.NS_ERROR_NOT_IMPLEMENTED;	168 throw Cr.NS_ERROR_NOT_IMPLEMENTED;

161 },	169 },

162	170

163 QueryInterface: XPCOMUtils.generateQI([Ci.nsIChannel, Ci.nsIRequest])	171 QueryInterface: XPCOMUtils.generateQI([Ci.nsIChannel, Ci.nsIRequest])

164 };	172 };

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »