lib/contentPolicy.js - Issue 29329450: Issue 3208 - Don`t use numerical content types outside nsIContentPolicy.shouldLoad

Unified Diff: lib/contentPolicy.js

Issue 29329450: Issue 3208 - Don`t use numerical content types outside nsIContentPolicy.shouldLoad (Closed)

Patch Set: Removed unrelated change Created Nov. 4, 2015, 9:27 a.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Index: lib/contentPolicy.js

===================================================================

--- a/lib/contentPolicy.js

+++ b/lib/contentPolicy.js

@@ -29,115 +29,77 @@ let {Prefs} = require("prefs");

let {FilterStorage} = require("filterStorage");

let {BlockingFilter, WhitelistFilter, RegExpFilter} = require("filterClasses");

let {defaultMatcher} = require("matcher");

let {objectMouseEventHander} = require("objectTabs");

let {RequestNotifier} = require("requestNotifier");

let {ElemHide} = require("elemHide");

/**

- * List of explicitly supported content types

- * @type string[]

+ * Set of explicitly supported content types

+ * @type Set

-let contentTypes = ["OTHER", "SCRIPT", "IMAGE", "STYLESHEET", "OBJECT", "SUBDOCUMENT", "DOCUMENT", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT", "MEDIA"];

+let contentTypes = new Set([

+ "OTHER", "SCRIPT", "IMAGE", "STYLESHEET", "OBJECT", "SUBDOCUMENT", "DOCUMENT",

+ "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT", "MEDIA", "ELEMHIDE", "POPUP",

+ "GENERICHIDE", "GENERICBLOCK"

+]);

/**

- * List of content types that aren't associated with a visual document area

- * @type string[]

+ * Set of content types that aren't associated with a visual document area

+ * @type Set

-let nonVisualTypes = ["SCRIPT", "STYLESHEET", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT"];

+let nonVisualTypes = new Set([

+ "SCRIPT", "STYLESHEET", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT",

+ "ELEMHIDE", "POPUP", "GENERICHIDE", "GENERICBLOCK"

+]);

/**

* Randomly generated class name, to be applied to collapsed nodes.

let collapsedClass = "";

/**

+ * Maps numerical content type IDs to strings.

+ * @type Map

+ */

+let types = new Map();

+/**

* Public policy checking functions and auxiliary objects

* @class

var Policy = exports.Policy =

{

/**

- * Map of content type identifiers by their name.

- * @type Object

+ * Map of localized content type names by their identifiers.

+ * @type Map

- type: {},

- /**

- * Map of content type names by their identifiers (reverse of type map).

- * @type Object

- */

- typeDescr: {},

- /**

- * Map of numerical content types with their corresponding masks

- * @type Object

- */

- typeMask: {},

- /**

- * Map of localized content type names by their identifiers.

- * @type Object

- */

- localizedDescr: {},

- /**

- * Lists the non-visual content types.

- * @type Object

- */

- nonVisual: {},

+ localizedDescr: new Map(),

/**

* Map containing all schemes that should be ignored by content policy.

* @type Set

whitelistSchemes: new Set(),

/**

* Called on module startup, initializes various exported properties.

init: function()

{

- // type constant by type description and type description by type constant

+ // Populate types map

let iface = Ci.nsIContentPolicy;

+ for (let name in iface)

+ if (name.indexOf("TYPE_") == 0 && name != "TYPE_DATAREQUEST")

+ types.set(iface[name], name.substr(5));

+ // Populate localized type names

for (let typeName of contentTypes)

- {

- if ("TYPE_" + typeName in iface)

- {

- let id = iface["TYPE_" + typeName];

- this.type[typeName] = id;

- this.typeDescr[id] = typeName;

- this.localizedDescr[id] = Utils.getString("type_label_" + typeName.toLowerCase());

- this.typeMask[id] = RegExpFilter.typeMap[typeName];

- }

- this.type.GENERICBLOCK = 0xFFFB;

- this.typeDescr[0xFFFB] = "GENERICBLOCK";

- this.localizedDescr[0xFFFB] = Utils.getString("type_label_genericblock");

- this.typeMask[0xFFFB] = RegExpFilter.typeMap.GENERICBLOCK;

- this.type.GENERICHIDE = 0xFFFC;

- this.typeDescr[0xFFFC] = "GENERICHIDE";

- this.localizedDescr[0xFFFC] = Utils.getString("type_label_generichide");

- this.typeMask[0xFFFC] = RegExpFilter.typeMap.GENERICHIDE;

- this.type.ELEMHIDE = 0xFFFD;

- this.typeDescr[0xFFFD] = "ELEMHIDE";

- this.localizedDescr[0xFFFD] = Utils.getString("type_label_elemhide");

- this.typeMask[0xFFFD] = RegExpFilter.typeMap.ELEMHIDE;

- this.type.POPUP = 0xFFFE;

- this.typeDescr[0xFFFE] = "POPUP";

- this.localizedDescr[0xFFFE] = Utils.getString("type_label_popup");

- this.typeMask[0xFFFE] = RegExpFilter.typeMap.POPUP;

- for (let type of nonVisualTypes)

- this.nonVisual[this.type[type]] = true;

+ this.localizedDescr.set(typeName, Utils.getString("type_label_" + typeName.toLowerCase()));

// whitelisted URL schemes

for (let scheme of Prefs.whitelistschemes.toLowerCase().split(" "))

this.whitelistSchemes.add(scheme);

// Generate class identifier used to collapse node and register corresponding

// stylesheet.

let offset = "a".charCodeAt(0);

@@ -164,16 +126,20 @@ var Policy = exports.Policy =

* @return {Boolean} false if the node should be blocked

processNode: function(wnd, node, contentType, location, collapse)

{

let topWnd = wnd.top;

if (!topWnd || !topWnd.location || !topWnd.location.href)

return true;

+ // Interpret unknown types as "other"

+ if (!contentTypes.has(contentType))

+ contentType = "OTHER";

let originWindow = Utils.getOriginWindow(wnd);

let wndLocation = originWindow.location.href;

let docDomain = getHostname(wndLocation);

let match = null;

let [sitekey, sitekeyWnd] = getSitekey(wnd);

let nogeneric = false;

function cleanWindowLocation(wnd)

@@ -194,33 +160,31 @@ var Policy = exports.Policy =

let parentWndLocation = cleanWindowLocation(testWnd);

while (true)

{

let testWndLocation = parentWndLocation;

parentWndLocation = (testWnd == testWnd.parent ? testWndLocation : cleanWindowLocation(testWnd.parent));

let parentDocDomain = getHostname(parentWndLocation);

let typeMap = RegExpFilter.typeMap.DOCUMENT;

- if (contentType == Policy.type.ELEMHIDE)

+ if (contentType == "ELEMHIDE")

typeMap = typeMap | RegExpFilter.typeMap.ELEMHIDE;

let whitelistMatch = defaultMatcher.matchesAny(testWndLocation, typeMap, parentDocDomain, false, sitekey);

if (whitelistMatch instanceof WhitelistFilter)

{

FilterStorage.increaseHitCount(whitelistMatch, wnd);

RequestNotifier.addNodeData(testWnd.document, topWnd,

- (whitelistMatch.contentType & RegExpFilter.typeMap.DOCUMENT) ? Policy.type.DOCUMENT : Policy.type.ELEMHIDE,

+ (whitelistMatch.contentType & RegExpFilter.typeMap.DOCUMENT) ? "DOCUMENT" : "ELEMHIDE",

parentDocDomain, false, testWndLocation, whitelistMatch);

return true;

}

- let genericType = (contentType == Policy.type.ELEMHIDE ?

- Policy.type.GENERICHIDE :

- Policy.type.GENERICBLOCK);

+ let genericType = (contentType == "ELEMHIDE" ? "GENERICHIDE" : "GENERICBLOCK");

let nogenericMatch = defaultMatcher.matchesAny(testWndLocation,

- Policy.typeMask[genericType], parentDocDomain, false, testSitekey);

+ RegExpFilter.typeMap[genericType], parentDocDomain, false, testSitekey);

if (nogenericMatch instanceof WhitelistFilter)

{

nogeneric = true;

FilterStorage.increaseHitCount(nogenericMatch, wnd);

RequestNotifier.addNodeData(testWnd.document, topWnd, genericType,

parentDocDomain, false, testWndLocation,

nogenericMatch);

@@ -231,25 +195,25 @@ var Policy = exports.Policy =

if (testWnd == testSitekeyWnd)

[testSitekey, testSitekeyWnd] = getSitekey(testWnd.parent);

testWnd = testWnd.parent;

}

// Data loaded by plugins should be attached to the document

- if (contentType == Policy.type.OBJECT_SUBREQUEST && node instanceof Ci.nsIDOMElement)

+ if (contentType == "OBJECT_SUBREQUEST" && node instanceof Ci.nsIDOMElement)

node = node.ownerDocument;

// Fix type for objects misrepresented as frames or images

- if (contentType != Policy.type.OBJECT && (node instanceof Ci.nsIDOMHTMLObjectElement || node instanceof Ci.nsIDOMHTMLEmbedElement))

- contentType = Policy.type.OBJECT;

+ if (contentType != "OBJECT" && (node instanceof Ci.nsIDOMHTMLObjectElement || node instanceof Ci.nsIDOMHTMLEmbedElement))

+ contentType = "OBJECT";

let locationText = location.spec;

- if (!match && contentType == Policy.type.ELEMHIDE)

+ if (!match && contentType == "ELEMHIDE")

{

match = location;

locationText = match.text.replace(/^.*?#/, '#');

location = locationText;

if (!match.isActiveOnDomain(docDomain))

return true;

@@ -260,31 +224,31 @@ var Policy = exports.Policy =

RequestNotifier.addNodeData(node, topWnd, contentType, docDomain, false, locationText, exception);

return true;

}

if (nogeneric && match.isGeneric())

return true;

}

- let thirdParty = (contentType == Policy.type.ELEMHIDE ? false : isThirdParty(location, docDomain));

+ let thirdParty = (contentType == "ELEMHIDE" ? false : isThirdParty(location, docDomain));

- if (!match && Prefs.enabled && contentType in Policy.typeMask)

+ if (!match && Prefs.enabled && RegExpFilter.typeMap.hasOwnProperty(contentType))

{

- match = defaultMatcher.matchesAny(locationText, Policy.typeMask[contentType],

+ match = defaultMatcher.matchesAny(locationText, RegExpFilter.typeMap[contentType],

docDomain, thirdParty, sitekey, nogeneric);

- if (match instanceof BlockingFilter && node.ownerDocument && !(contentType in Policy.nonVisual))

+ if (match instanceof BlockingFilter && node.ownerDocument && !nonVisualTypes.has(contentType))

{

let prefCollapse = (match.collapse != null ? match.collapse : !Prefs.fastcollapse);

if (collapse || prefCollapse)

schedulePostProcess(node);

}

// Track mouse events for objects

- if (!match && contentType == Policy.type.OBJECT && node.nodeType == Ci.nsIDOMNode.ELEMENT_NODE)

+ if (!match && contentType == "OBJECT" && node.nodeType == Ci.nsIDOMNode.ELEMENT_NODE)

{

node.addEventListener("mouseover", objectMouseEventHander, true);

node.addEventListener("mouseout", objectMouseEventHander, true);

}

// Store node data

RequestNotifier.addNodeData(node, topWnd, contentType, docDomain, thirdParty, locationText, match);

@@ -405,37 +369,33 @@ var PolicyImplementation =

// nsIContentPolicy interface implementation

shouldLoad: function(contentType, contentLocation, requestOrigin, node, mimeTypeGuess, extra)

{

// Ignore requests without context and top-level documents

- if (!node || contentType == Policy.type.DOCUMENT)

+ if (!node || contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT)

return Ci.nsIContentPolicy.ACCEPT;

// Ignore standalone objects

- if (contentType == Policy.type.OBJECT && node.ownerDocument && !/^text\/|[+\/]xml$/.test(node.ownerDocument.contentType))

+ if (contentType == Ci.nsIContentPolicy.TYPE_OBJECT && node.ownerDocument && !/^text\/|[+\/]xml$/.test(node.ownerDocument.contentType))

return Ci.nsIContentPolicy.ACCEPT;

let wnd = Utils.getWindow(node);

if (!wnd)

return Ci.nsIContentPolicy.ACCEPT;

// Ignore whitelisted schemes

let location = Utils.unwrapURL(contentLocation);

if (!Policy.isBlockableScheme(location))

return Ci.nsIContentPolicy.ACCEPT;

- // Interpret unknown types as "other"

- if (!(contentType in Policy.typeDescr))

- contentType = Policy.type.OTHER;

- let result = Policy.processNode(wnd, node, contentType, location, false);

+ let result = Policy.processNode(wnd, node, types.get(contentType), location, false);

return (result ? Ci.nsIContentPolicy.ACCEPT : Ci.nsIContentPolicy.REJECT_REQUEST);

shouldProcess: function(contentType, contentLocation, requestOrigin, insecNode, mimeType, extra)

{

return Ci.nsIContentPolicy.ACCEPT;

@@ -447,17 +407,17 @@ var PolicyImplementation =

switch (topic)

{

case "content-document-global-created":

{

if (!(subject instanceof Ci.nsIDOMWindow) || !subject.opener)

return;

let uri = additional || Utils.makeURI(subject.location.href);

- if (!Policy.processNode(subject.opener, subject.opener.document, Policy.type.POPUP, uri, false))

+ if (!Policy.processNode(subject.opener, subject.opener.document, "POPUP", uri, false))

{

subject.stop();

Utils.runAsync(() => subject.close());

}

else if (uri.spec == "about:blank")

{

// An about:blank pop-up most likely means that a load will be

// initiated asynchronously. Wait for that.

@@ -505,17 +465,17 @@ var PolicyImplementation =

// seen the original channel yet because the redirect happened before

// the async code in observe() had a chance to run.

this.observe(wnd, "content-document-global-created", null, oldChannel.URI);

this.observe(wnd, "content-document-global-created", null, newChannel.URI);

}

return;

}

- if (!Policy.processNode(wnd, wnd.document, contentType, newChannel.URI, false))

+ if (!Policy.processNode(wnd, wnd.document, types.get(contentType), newChannel.URI, false))

result = Cr.NS_BINDING_ABORTED;

}

catch (e)

{

// We shouldn't throw exceptions here - this will prevent the redirect.

Cu.reportError(e);

}

finally

@@ -717,15 +677,15 @@ function isThirdParty(/**nsIURI*/locatio

* Re-checks filters on an element.

function refilterNode(/**Node*/ node, /**RequestEntry*/ entry)

{

let wnd = Utils.getWindow(node);

if (!wnd || wnd.closed)

return;

- if (entry.type == Policy.type.OBJECT)

+ if (entry.type == "OBJECT")

{

node.removeEventListener("mouseover", objectMouseEventHander, true);

node.removeEventListener("mouseout", objectMouseEventHander, true);

}

Policy.processNode(wnd, node, entry.type, Utils.makeURI(entry.location), true);

}

« no previous file with comments | « chrome/content/ui/composer.js ('k') | lib/elemHide.js » ('j') | no next file with comments »