From 5e39c1b25b74f99c85ab4ec7a63997ee85aa1c59 Mon Sep 17 00:00:00 2001 From: Infocatcher Date: Wed, 29 Aug 2012 14:23:05 +0400 Subject: [PATCH 1/4] Use checkLoadURIStrWithPrincipal() instead of checkLoadURIStr() Because checkLoadURIStr() are missing in Nightly --- modules/tabbarDNDObserver.js | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/modules/tabbarDNDObserver.js b/modules/tabbarDNDObserver.js index 21e66b77..75bc343b 100644 --- a/modules/tabbarDNDObserver.js +++ b/modules/tabbarDNDObserver.js @@ -1035,17 +1035,18 @@ catch(e) { securityCheck : function TabbarDND_securityCheck(aURI, aEvent) { let session = this.treeStyleTab.currentDragSession; - let (sourceDoc = session ? session.sourceDocument : null) { - let sourceURI = sourceDoc ? sourceDoc.documentURI : 'file:///' ; - let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); - if (normalizedURI && sourceURI.indexOf('chrome://') < 0) { - try { - SecMan.checkLoadURIStr(sourceURI, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD); - } - catch(e) { - aEvent.stopPropagation(); - throw 'Drop of ' + aURI + ' denied.'; - } + if (!session) //TODO: use some fake nodePrincipal? + throw 'Drop of ' + aURI + ' denied: no drag session.'; + let sourceDoc = session.sourceDocument; + let sourceURI = sourceDoc.documentURI; + let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); + if (normalizedURI && sourceURI.substr(0, 9) != 'chrome://') { + try { + SecMan.checkLoadURIStrWithPrincipal(sourceDoc.nodePrincipal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD); + } + catch(e) { + aEvent.stopPropagation(); + throw 'Drop of ' + aURI + ' denied.'; } } }, From 13eee1e594142cedb4a409ac9ffdc4453b36eea2 Mon Sep 17 00:00:00 2001 From: Infocatcher Date: Wed, 29 Aug 2012 18:29:04 +0400 Subject: [PATCH 2/4] Skip missing nsIDragSession.sourceDocument See https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIDragSession#Attributes --- modules/tabbarDNDObserver.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/tabbarDNDObserver.js b/modules/tabbarDNDObserver.js index 75bc343b..f9559261 100644 --- a/modules/tabbarDNDObserver.js +++ b/modules/tabbarDNDObserver.js @@ -1038,6 +1038,8 @@ catch(e) { if (!session) //TODO: use some fake nodePrincipal? throw 'Drop of ' + aURI + ' denied: no drag session.'; let sourceDoc = session.sourceDocument; + if (!sourceDoc) // The drag originated outside the application + return; let sourceURI = sourceDoc.documentURI; let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); if (normalizedURI && sourceURI.substr(0, 9) != 'chrome://') { From bc6912fe03a9a24a2fd45c71cfb1a198cf350479 Mon Sep 17 00:00:00 2001 From: Infocatcher Date: Sat, 1 Sep 2012 17:01:38 +0400 Subject: [PATCH 3/4] Inherit built-in dragDropSecurityCheck() behavior See chrome://global/content/nsDragAndDrop.js --- modules/tabbarDNDObserver.js | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/modules/tabbarDNDObserver.js b/modules/tabbarDNDObserver.js index f9559261..9631d300 100644 --- a/modules/tabbarDNDObserver.js +++ b/modules/tabbarDNDObserver.js @@ -1034,22 +1034,24 @@ catch(e) { }, securityCheck : function TabbarDND_securityCheck(aURI, aEvent) { + // See dragDropSecurityCheck() in chrome://global/content/nsDragAndDrop.js let session = this.treeStyleTab.currentDragSession; - if (!session) //TODO: use some fake nodePrincipal? + if (!session) { //TODO: use some fake nodePrincipal? + aEvent.stopPropagation(); throw 'Drop of ' + aURI + ' denied: no drag session.'; - let sourceDoc = session.sourceDocument; - if (!sourceDoc) // The drag originated outside the application - return; - let sourceURI = sourceDoc.documentURI; + } let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); - if (normalizedURI && sourceURI.substr(0, 9) != 'chrome://') { - try { - SecMan.checkLoadURIStrWithPrincipal(sourceDoc.nodePrincipal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD); - } - catch(e) { - aEvent.stopPropagation(); - throw 'Drop of ' + aURI + ' denied.'; - } + if (!normalizedURI) + return; + let sourceDoc = session.sourceDocument; + let principal = sourceDoc ? sourceDoc.nodePrincipal + : SecMan.getSimpleCodebasePrincipal(this.treeStyleTab.IOService.newURI("file:///", null, null)); + try { + SecMan.checkLoadURIStrWithPrincipal(principal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD); + } + catch(e) { + aEvent.stopPropagation(); + throw 'Drop of ' + aURI + ' denied.'; } }, From 790d3dfee01448e084b07fefa449e2054320141f Mon Sep 17 00:00:00 2001 From: Infocatcher Date: Sat, 1 Sep 2012 17:16:19 +0400 Subject: [PATCH 4/4] Ignore wrong URIs in securityCheck() Example: view-source:chrome://browser/content/tabbrowser.xml --- modules/tabbarDNDObserver.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/tabbarDNDObserver.js b/modules/tabbarDNDObserver.js index 9631d300..c56e4b69 100644 --- a/modules/tabbarDNDObserver.js +++ b/modules/tabbarDNDObserver.js @@ -1040,7 +1040,12 @@ catch(e) { aEvent.stopPropagation(); throw 'Drop of ' + aURI + ' denied: no drag session.'; } - let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); + let normalizedURI; + try { + normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI); + } + catch(e) { + } if (!normalizedURI) return; let sourceDoc = session.sourceDocument;