lib/elemHideHitRegistration.js - Issue 29329154: Issue 3108 - Implement security checks for elemhide registration channel on our end instead of leav…

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: lib/elemHideHitRegistration.js

Issue 29329154: Issue 3108 - Implement security checks for elemhide registration channel on our end instead of leav… (Closed)

Patch Set: Created Oct. 15, 2015, 3:11 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: lib/elemHideHitRegistration.js

===================================================================

--- a/lib/elemHideHitRegistration.js

+++ b/lib/elemHideHitRegistration.js

@@ -60,40 +60,41 @@ let AboutHandler = exports.AboutHandler

// About module implementation

getURIFlags: function(uri)

{

- return ("HIDE_FROM_ABOUTABOUT" in Ci.nsIAboutModule ? Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT : 0);

+ return Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT;

- newChannel: function(uri)

+ newChannel: function(uri, loadInfo)

Thomas Greiner 2015/10/15 16:04:44 Where is `loadInfo` coming from? It's not specifie

Wladimir Palant 2015/10/15 17:59:16 It is: http://mxr.mozilla.org/mozilla-central/sour

Thomas Greiner 2015/10/15 18:03:09 I see, thanks for the details. I shouldn't have re

{

let match = /\?(\d+)/.exec(uri.path);

if (!match)

throw Cr.NS_ERROR_FAILURE;

- return new HitRegistrationChannel(uri, match[1]);

+ return new HitRegistrationChannel(uri, loadInfo, match[1]);

QueryInterface: XPCOMUtils.generateQI([Ci.nsIFactory, Ci.nsIAboutModule])

};

AboutHandler.init();

/**

* Channel returning data for element hiding hits.

* @constructor

-function HitRegistrationChannel(uri, key)

+function HitRegistrationChannel(uri, loadInfo, key)

{

this.key = key;

this.URI = this.originalURI = uri;

+ this.loadInfo = loadInfo;

}

HitRegistrationChannel.prototype = {

key: null,

URI: null,

originalURI: null,

contentCharset: "utf-8",

contentLength: 0,

contentType: "text/xml",

@@ -117,16 +118,23 @@ HitRegistrationChannel.prototype = {

listener.onDataAvailable(this, context, stream, 0, stream.available());

} catch(e) {}

try {

listener.onStopRequest(this, context, Cr.NS_OK);

} catch(e) {}

});

+ asyncOpen2: function(listener)

+ {

+ if (!this.loadInfo.triggeringPrincipal.equals(Utils.systemPrincipal))

+ throw Cr.NS_ERROR_FAILURE;

+ this.asyncOpen(listener, null);

+ },

open: function()

{

let {Policy} = require("contentPolicy");

let {ElemHide} = require("elemHide");

// This dummy binding below won't have any effect on the element. For

// elements that should be hidden however we don't return any binding at

// all, this makes Gecko stop constructing the node - it cannot be shown.

« no previous file with comments | « no previous file | no next file » | no next file with comments »