lib/contentPolicy.js - Issue 29329450: Issue 3208 - Don`t use numerical content types outside nsIContentPolicy.shouldLoad

Delta Between Two Patch Sets: lib/contentPolicy.js

Issue 29329450: Issue 3208 - Don`t use numerical content types outside nsIContentPolicy.shouldLoad (Closed)

Left Patch Set: Created Oct. 29, 2015, 12:23 p.m.

Right Patch Set: Removed unrelated change Created Nov. 4, 2015, 9:27 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-2015 Eyeo GmbH	3 * Copyright (C) 2006-2015 Eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12 * GNU General Public License for more details.	12 * GNU General Public License for more details.

13 *	13 *

14 * You should have received a copy of the GNU General Public License	14 * You should have received a copy of the GNU General Public License

15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.	15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.

16 */	16 */

17	17

18 /**	18 /**

19 * @fileOverview Content policy implementation, responsible for blocking things.	19 * @fileOverview Content policy implementation, responsible for blocking things.

20 */	20 */

21	21

22 Cu.import("resource://gre/modules/XPCOMUtils.jsm");	22 "use strict";

23 Cu.import("resource://gre/modules/Services.jsm");	23

	24 let {XPCOMUtils} = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});

	25 let {Services} = Cu.import("resource://gre/modules/Services.jsm", {});

24	26

25 let {Utils} = require("utils");	27 let {Utils} = require("utils");

26 let {Prefs} = require("prefs");	28 let {Prefs} = require("prefs");

27 let {FilterStorage} = require("filterStorage");	29 let {FilterStorage} = require("filterStorage");

28 let {BlockingFilter, WhitelistFilter, RegExpFilter} = require("filterClasses");	30 let {BlockingFilter, WhitelistFilter, RegExpFilter} = require("filterClasses");

29 let {defaultMatcher} = require("matcher");	31 let {defaultMatcher} = require("matcher");

30 let {objectMouseEventHander} = require("objectTabs");	32 let {objectMouseEventHander} = require("objectTabs");

31 let {RequestNotifier} = require("requestNotifier");	33 let {RequestNotifier} = require("requestNotifier");

32 let {ElemHide} = require("elemHide");	34 let {ElemHide} = require("elemHide");

33	35

(...skipping 16 matching lines...) Expand all Loading...
50 "ELEMHIDE", "POPUP", "GENERICHIDE", "GENERICBLOCK"	52 "ELEMHIDE", "POPUP", "GENERICHIDE", "GENERICBLOCK"

51 ]);	53 ]);

52	54

53 /**	55 /**

54 * Randomly generated class name, to be applied to collapsed nodes.	56 * Randomly generated class name, to be applied to collapsed nodes.

55 */	57 */

56 let collapsedClass = "";	58 let collapsedClass = "";

57	59

58 /**	60 /**

59 * Maps numerical content type IDs to strings.	61 * Maps numerical content type IDs to strings.

60 * @type Map	62 * @type Map
Thomas Greiner 2015/11/02 18:54:36 Detail: Since we've already been specifying the ty Detail: Since we've already been specifying the types of arrays (e.g. `string[]`), it would make sense doing the same for `Set` and `Map` as well (e.g. `Map.<number, string>`). Wladimir Palant 2015/11/03 11:26:49 True, will improve JSDoc comments in a separate co Show quoted text On 2015/11/02 18:54:36, Thomas Greiner wrote: > Detail: Since we've already been specifying the types of arrays (e.g. > `string[]`), it would make sense doing the same for `Set` and `Map` as well > (e.g. `Map.<number, string>`). True, will improve JSDoc comments in a separate commit. Thomas Greiner 2015/11/03 11:54:54 Great, thanks. Show quoted text On 2015/11/03 11:26:49, Wladimir Palant wrote: > On 2015/11/02 18:54:36, Thomas Greiner wrote: > > Detail: Since we've already been specifying the types of arrays (e.g. > > `string[]`), it would make sense doing the same for `Set` and `Map` as well > > (e.g. `Map.<number, string>`). > > True, will improve JSDoc comments in a separate commit. Great, thanks.
61 */	63 */

62 let types = new Map();	64 let types = new Map();

63	65

64 /**	66 /**

65 * Public policy checking functions and auxiliary objects	67 * Public policy checking functions and auxiliary objects

66 * @class	68 * @class

67 */	69 */

68 var Policy = exports.Policy =	70 var Policy = exports.Policy =

69 {	71 {

70 /**	72 /**

71 * Map of localized content type names by their identifiers.	73 * Map of localized content type names by their identifiers.

72 * @type Map	74 * @type Map

73 */	75 */

74 localizedDescr: new Map(),	76 localizedDescr: new Map(),

75	77

76 /**	78 /**

77 * Map containing all schemes that should be ignored by content policy.	79 * Map containing all schemes that should be ignored by content policy.

78 * @type Object	80 * @type Set

79 */	81 */

80 whitelistSchemes: {},	82 whitelistSchemes: new Set(),

81	83

82 /**	84 /**

83 * Called on module startup, initializes various exported properties.	85 * Called on module startup, initializes various exported properties.

84 */	86 */

85 init: function()	87 init: function()

86 {	88 {

87 // Populate types map	89 // Populate types map

88 let iface = Ci.nsIContentPolicy;	90 let iface = Ci.nsIContentPolicy;

89 for (let name in iface)	91 for (let name in iface)

90 if (name.indexOf("TYPE_") == 0 && name != "TYPE_DATAREQUEST")	92 if (name.indexOf("TYPE_") == 0 && name != "TYPE_DATAREQUEST")

91 types.set(iface[name], name.substr(5));	93 types.set(iface[name], name.substr(5));

92	94

93 // Populate localized type names	95 // Populate localized type names

94 for (let typeName of contentTypes)	96 for (let typeName of contentTypes)

95 this.localizedDescr.set(typeName, Utils.getString("type_label_" + typeName .toLowerCase()));	97 this.localizedDescr.set(typeName, Utils.getString("type_label_" + typeName .toLowerCase()));

96	98

97 // whitelisted URL schemes	99 // whitelisted URL schemes

98 for (let scheme of Prefs.whitelistschemes.toLowerCase().split(" "))	100 for (let scheme of Prefs.whitelistschemes.toLowerCase().split(" "))

99 this.whitelistSchemes[scheme] = true;	101 this.whitelistSchemes.add(scheme);

100	102

101 // Generate class identifier used to collapse node and register correspondin g	103 // Generate class identifier used to collapse node and register correspondin g

102 // stylesheet.	104 // stylesheet.

103 let offset = "a".charCodeAt(0);	105 let offset = "a".charCodeAt(0);

104 for (let i = 0; i < 20; i++)	106 for (let i = 0; i < 20; i++)

105 collapsedClass += String.fromCharCode(offset + Math.random() * 26);	107 collapsedClass += String.fromCharCode(offset + Math.random() * 26);

106	108

107 let collapseStyle = Services.io.newURI("data:text/css," +	109 let collapseStyle = Services.io.newURI("data:text/css," +

108 encodeURIComponent("." + collapsedClass +	110 encodeURIComponent("." + collapsedClass +

109 "{-moz-binding: url(chrome://global/content/bindings/general.xml#foobarb azdummy) !important;}"), null, null);	111 "{-moz-binding: url(chrome://global/content/bindings/general.xml#foobarb azdummy) !important;}"), null, null);

(...skipping 146 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
256 return !match \|\| match instanceof WhitelistFilter;	258 return !match \|\| match instanceof WhitelistFilter;

257 },	259 },

258	260

259 /**	261 /**

260 * Checks whether the location's scheme is blockable.	262 * Checks whether the location's scheme is blockable.

261 * @param location {nsIURI}	263 * @param location {nsIURI}

262 * @return {Boolean}	264 * @return {Boolean}

263 */	265 */

264 isBlockableScheme: function(location)	266 isBlockableScheme: function(location)

265 {	267 {

266 return !(location.scheme in Policy.whitelistSchemes);	268 return !Policy.whitelistSchemes.has(location.scheme);

267 },	269 },

268	270

269 /**	271 /**

270 * Checks whether a page is whitelisted.	272 * Checks whether a page is whitelisted.

271 * @param {String} url	273 * @param {String} url

272 * @param {String} [parentUrl] location of the parent page	274 * @param {String} [parentUrl] location of the parent page

273 * @param {String} [sitekey] public key provided on the page	275 * @param {String} [sitekey] public key provided on the page

274 * @return {Filter} filter that matched the URL or null if not whitelisted	276 * @return {Filter} filter that matched the URL or null if not whitelisted

275 */	277 */

276 isWhitelisted: function(url, parentUrl, sitekey)	278 isWhitelisted: function(url, parentUrl, sitekey)

277 {	279 {

278 if (!url)	280 if (!url)

279 return null;	281 return null;

280	282

281 // Do not apply exception rules to schemes on our whitelistschemes list.	283 // Do not apply exception rules to schemes on our whitelistschemes list.

282 let match = /^([\w\-]+):/.exec(url);	284 let match = /^([\w\-]+):/.exec(url);

283 if (match && match[1] in Policy.whitelistSchemes)	285 if (match && Policy.whitelistSchemes.has(match[1]))

284 return null;	286 return null;

285	287

286 if (!parentUrl)	288 if (!parentUrl)

287 parentUrl = url;	289 parentUrl = url;

288	290

289 // Ignore fragment identifier	291 // Ignore fragment identifier

290 let index = url.indexOf("#");	292 let index = url.indexOf("#");

291 if (index >= 0)	293 if (index >= 0)

292 url = url.substring(0, index);	294 url = url.substring(0, index);

293	295

(...skipping 118 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
412 let uri = additional \|\| Utils.makeURI(subject.location.href);	414 let uri = additional \|\| Utils.makeURI(subject.location.href);

413 if (!Policy.processNode(subject.opener, subject.opener.document, "POPUP" , uri, false))	415 if (!Policy.processNode(subject.opener, subject.opener.document, "POPUP" , uri, false))

414 {	416 {

415 subject.stop();	417 subject.stop();

416 Utils.runAsync(() => subject.close());	418 Utils.runAsync(() => subject.close());

417 }	419 }

418 else if (uri.spec == "about:blank")	420 else if (uri.spec == "about:blank")

419 {	421 {

420 // An about:blank pop-up most likely means that a load will be	422 // An about:blank pop-up most likely means that a load will be

421 // initiated asynchronously. Wait for that.	423 // initiated asynchronously. Wait for that.

422 Utils.runAsync(function()	424 Utils.runAsync(() =>

423 {	425 {

424 let channel = subject.QueryInterface(Ci.nsIInterfaceRequestor)	426 let channel = subject.QueryInterface(Ci.nsIInterfaceRequestor)

425 .getInterface(Ci.nsIDocShell)	427 .getInterface(Ci.nsIDocShell)

426 .QueryInterface(Ci.nsIDocumentLoader)	428 .QueryInterface(Ci.nsIDocumentLoader)

427 .documentChannel;	429 .documentChannel;

428 if (channel)	430 if (channel)

429 this.observe(subject, topic, data, channel.URI);	431 this.observe(subject, topic, data, channel.URI);

430 });	432 });

431 }	433 }

432 break;	434 break;

433 }	435 }

434 }	436 }

435 },	437 },

436	438

437 //	439 //

438 // nsIChannelEventSink interface implementation	440 // nsIChannelEventSink interface implementation

439 //	441 //

440	442

441 asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback)	443 asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback)

442 {	444 {

443 let result = Cr.NS_OK;	445 let result = Cr.NS_OK;

444 try	446 try

445 {	447 {

446 // nsILoadInfo.contentPolicyType was introduced in Gecko 35, then	448 // nsILoadInfo.contentPolicyType was introduced in Gecko 35, then

447 // renamed to nsILoadInfo.externalContentPolicyType in Gecko 44.	449 // renamed to nsILoadInfo.externalContentPolicyType in Gecko 44.

448 let loadInfo = oldChannel.loadInfo;	450 let loadInfo = oldChannel.loadInfo;

449 let contentType = loadInfo.externalContentPolicyType \|\| loadInfo.contentPo licyType;	451 let contentType = ("externalContentPolicyType" in loadInfo ?

	452 loadInfo.externalContentPolicyType : loadInfo.contentPolicyType);

450 if (!contentType)	453 if (!contentType)

451 return;	454 return;

452	455

453 let wnd = Utils.getRequestWindow(newChannel);	456 let wnd = Utils.getRequestWindow(newChannel);

454 if (!wnd)	457 if (!wnd)

455 return;	458 return;

456	459

457 if (contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT)	460 if (contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT)

458 {	461 {

459 if (wnd.history.length <= 1 && wnd.opener)	462 if (wnd.history.length <= 1 && wnd.opener)

(...skipping 219 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
679 if (!wnd \|\| wnd.closed)	682 if (!wnd \|\| wnd.closed)

680 return;	683 return;

681	684

682 if (entry.type == "OBJECT")	685 if (entry.type == "OBJECT")

683 {	686 {

684 node.removeEventListener("mouseover", objectMouseEventHander, true);	687 node.removeEventListener("mouseover", objectMouseEventHander, true);

685 node.removeEventListener("mouseout", objectMouseEventHander, true);	688 node.removeEventListener("mouseout", objectMouseEventHander, true);

686 }	689 }

687 Policy.processNode(wnd, node, entry.type, Utils.makeURI(entry.location), true) ;	690 Policy.processNode(wnd, node, entry.type, Utils.makeURI(entry.location), true) ;

688 }	691 }

LEFT	RIGHT