Issue 3208 - Don`t use numerical content types outside nsIContentPolicy.shouldLoad

lib/contentPolicy.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-2015 Eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with Adblock Plus.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 /**
  * @fileOverview Content policy implementation, responsible for blocking things.
  */
 
-Cu.import("resource://gre/modules/XPCOMUtils.jsm");
-Cu.import("resource://gre/modules/Services.jsm");
+"use strict";
+
+let {XPCOMUtils} = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});
+let {Services} = Cu.import("resource://gre/modules/Services.jsm", {});
 
 let {Utils} = require("utils");
 let {Prefs} = require("prefs");
 let {FilterStorage} = require("filterStorage");
 let {BlockingFilter, WhitelistFilter, RegExpFilter} = require("filterClasses");
 let {defaultMatcher} = require("matcher");
 let {objectMouseEventHander} = require("objectTabs");
 let {RequestNotifier} = require("requestNotifier");
 let {ElemHide} = require("elemHide");
 
@@ skipping 20 matching lines @@
  * Randomly generated class name, to be applied to collapsed nodes.
  */
 let collapsedClass = "";
 
 /**
  * Maps numerical content type IDs to strings.
  * @type Map
  */
 let types = new Map();
 
- /**
- * Numerical ID for fake ELEMHIDE type.
-  */
-const TYPE_ELEMHIDE = 0xFFFD;
-
-/**
- * Numerical ID for fake POPUP type.
- */
-const TYPE_POPUP = 0xFFFE;
-
 /**
  * Public policy checking functions and auxiliary objects
  * @class
  */
 var Policy = exports.Policy =
 {
   /**
    * Map of localized content type names by their identifiers.
    * @type Map
    */
   localizedDescr: new Map(),
 
   /**
    * Map containing all schemes that should be ignored by content policy.
-   * @type Object
-   */
-  whitelistSchemes: {},
+   * @type Set
+   */
+  whitelistSchemes: new Set(),
 
   /**
    * Called on module startup, initializes various exported properties.
    */
   init: function()
   {
     // Populate types map
     let iface = Ci.nsIContentPolicy;
     for (let name in iface)
       if (name.indexOf("TYPE_") == 0 && name != "TYPE_DATAREQUEST")
         types.set(iface[name], name.substr(5));
-    types.set(TYPE_ELEMHIDE, "ELEMHIDE");
-    types.set(TYPE_POPUP, "POPUP");
 
     // Populate localized type names
     for (let typeName of contentTypes)
       this.localizedDescr.set(typeName, Utils.getString("type_label_" + typeName.toLowerCase()));
 
     // whitelisted URL schemes
     for (let scheme of Prefs.whitelistschemes.toLowerCase().split(" "))
-      this.whitelistSchemes[scheme] = true;
+      this.whitelistSchemes.add(scheme);
 
     // Generate class identifier used to collapse node and register corresponding
     // stylesheet.
     let offset = "a".charCodeAt(0);
     for (let i = 0; i < 20; i++)
       collapsedClass +=  String.fromCharCode(offset + Math.random() * 26);
 
     let collapseStyle = Services.io.newURI("data:text/css," +
         encodeURIComponent("." + collapsedClass +
         "{-moz-binding: url(chrome://global/content/bindings/general.xml#foobarbazdummy) !important;}"), null, null);
@@ skipping 146 matching lines @@
     return !match || match instanceof WhitelistFilter;
   },
 
   /**
    * Checks whether the location's scheme is blockable.
    * @param location  {nsIURI}
    * @return {Boolean}
    */
   isBlockableScheme: function(location)
   {
-    return !(location.scheme in Policy.whitelistSchemes);
+    return !Policy.whitelistSchemes.has(location.scheme);
   },
 
   /**
    * Checks whether a page is whitelisted.
    * @param {String} url
    * @param {String} [parentUrl] location of the parent page
    * @param {String} [sitekey] public key provided on the page
    * @return {Filter} filter that matched the URL or null if not whitelisted
    */
   isWhitelisted: function(url, parentUrl, sitekey)
   {
     if (!url)
       return null;
 
     // Do not apply exception rules to schemes on our whitelistschemes list.
     let match = /^([\w\-]+):/.exec(url);
-    if (match && match[1] in Policy.whitelistSchemes)
+    if (match && Policy.whitelistSchemes.has(match[1]))
       return null;
 
     if (!parentUrl)
       parentUrl = url;
 
     // Ignore fragment identifier
     let index = url.indexOf("#");
     if (index >= 0)
       url = url.substring(0, index);
 
@@ skipping 118 matching lines @@
         let uri = additional || Utils.makeURI(subject.location.href);
         if (!Policy.processNode(subject.opener, subject.opener.document, "POPUP", uri, false))
         {
           subject.stop();
           Utils.runAsync(() => subject.close());
         }
         else if (uri.spec == "about:blank")
         {
           // An about:blank pop-up most likely means that a load will be
           // initiated asynchronously. Wait for that.
-          Utils.runAsync(function()
+          Utils.runAsync(() =>
           {
             let channel = subject.QueryInterface(Ci.nsIInterfaceRequestor)
                                  .getInterface(Ci.nsIDocShell)
                                  .QueryInterface(Ci.nsIDocumentLoader)
                                  .documentChannel;
             if (channel)
               this.observe(subject, topic, data, channel.URI);
           });
         }
         break;
       }
     }
   },
 
   //
   // nsIChannelEventSink interface implementation
   //
 
   asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback)
   {
     let result = Cr.NS_OK;
     try
     {
       // nsILoadInfo.contentPolicyType was introduced in Gecko 35, then
       // renamed to nsILoadInfo.externalContentPolicyType in Gecko 44.
       let loadInfo = oldChannel.loadInfo;
-      let contentType = loadInfo.externalContentPolicyType || loadInfo.contentPolicyType;
+      let contentType = ("externalContentPolicyType" in loadInfo ?
+          loadInfo.externalContentPolicyType : loadInfo.contentPolicyType);
       if (!contentType)
         return;
 
       let wnd = Utils.getRequestWindow(newChannel);
       if (!wnd)
         return;
 
       if (contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT)
       {
         if (wnd.history.length <= 1 && wnd.opener)
@@ skipping 219 matching lines @@
   if (!wnd || wnd.closed)
     return;
 
   if (entry.type == "OBJECT")
   {
     node.removeEventListener("mouseover", objectMouseEventHander, true);
     node.removeEventListener("mouseout", objectMouseEventHander, true);
   }
   Policy.processNode(wnd, node, entry.type, Utils.makeURI(entry.location), true);
 }