/src/mozilla-central/dom/base/nsNoDataProtocolContentPolicy.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Content policy implementation that prevents all loads of images,
 * subframes, etc from protocols that don't return data but rather open
 * applications (such as mailto).
 */

#include "nsNoDataProtocolContentPolicy.h"
#include "nsIDOMWindow.h"
#include "nsString.h"
#include "nsIProtocolHandler.h"
#include "nsIIOService.h"
#include "nsIExternalProtocolHandler.h"
#include "nsIURI.h"
#include "nsNetUtil.h"
#include "nsContentUtils.h"

NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)

NS_IMETHODIMP
nsNoDataProtocolContentPolicy::ShouldLoad(nsIURI *aContentLocation,
                                          nsILoadInfo *aLoadInfo,
                                          const nsACString &aMimeGuess,
                                          int16_t *aDecision)
{
  uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();

  MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(contentType),
             "We should only see external content policy types here.");

  *aDecision = nsIContentPolicy::ACCEPT;

  // Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the
  // plugin, so they don't necessarily open external apps
  // TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to
  // concern ourselves with them.
  if (contentType != TYPE_DOCUMENT &&
      contentType != TYPE_SUBDOCUMENT &&
      contentType != TYPE_OBJECT &&
      contentType != TYPE_WEBSOCKET) {

    // The following are just quick-escapes for the most common cases
    // where we would allow the content to be loaded anyway.
    nsAutoCString scheme;
    aContentLocation->GetScheme(scheme);
    if (scheme.EqualsLiteral("http") ||
        scheme.EqualsLiteral("https") ||
        scheme.EqualsLiteral("ftp") ||
        scheme.EqualsLiteral("file") ||
        scheme.EqualsLiteral("chrome")) {
      return NS_OK;
    }

    bool shouldBlock;
    nsresult rv = NS_URIChainHasFlags(aContentLocation,
                                      nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
                                      &shouldBlock);
    if (NS_SUCCEEDED(rv) && shouldBlock) {
      *aDecision = nsIContentPolicy::REJECT_REQUEST;
    }
  }

  return NS_OK;
}

NS_IMETHODIMP
nsNoDataProtocolContentPolicy::ShouldProcess(nsIURI *aContentLocation,
                                             nsILoadInfo* aLoadInfo,
                                             const nsACString &aMimeGuess,
                                             int16_t *aDecision)
{
  return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
}

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		/*
8		* Content policy implementation that prevents all loads of images,
9		* subframes, etc from protocols that don't return data but rather open
10		* applications (such as mailto).
11		*/
12
13		#include "nsNoDataProtocolContentPolicy.h"
14		#include "nsIDOMWindow.h"
15		#include "nsString.h"
16		#include "nsIProtocolHandler.h"
17		#include "nsIIOService.h"
18		#include "nsIExternalProtocolHandler.h"
19		#include "nsIURI.h"
20		#include "nsNetUtil.h"
21		#include "nsContentUtils.h"
22
23		NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)
24
25		NS_IMETHODIMP
26		nsNoDataProtocolContentPolicy::ShouldLoad(nsIURI *aContentLocation,
27		nsILoadInfo *aLoadInfo,
28		const nsACString &aMimeGuess,
29		int16_t *aDecision)
30	0	{
31	0	uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
32	0
33	0	MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(contentType),
34	0	"We should only see external content policy types here.");
35	0
36	0	*aDecision = nsIContentPolicy::ACCEPT;
37	0
38	0	// Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the
39	0	// plugin, so they don't necessarily open external apps
40	0	// TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to
41	0	// concern ourselves with them.
42	0	if (contentType != TYPE_DOCUMENT &&
43	0	contentType != TYPE_SUBDOCUMENT &&
44	0	contentType != TYPE_OBJECT &&
45	0	contentType != TYPE_WEBSOCKET) {
46	0
47	0	// The following are just quick-escapes for the most common cases
48	0	// where we would allow the content to be loaded anyway.
49	0	nsAutoCString scheme;
50	0	aContentLocation->GetScheme(scheme);
51	0	if (scheme.EqualsLiteral("http") \|\|
52	0	scheme.EqualsLiteral("https") \|\|
53	0	scheme.EqualsLiteral("ftp") \|\|
54	0	scheme.EqualsLiteral("file") \|\|
55	0	scheme.EqualsLiteral("chrome")) {
56	0	return NS_OK;
57	0	}
58	0
59	0	bool shouldBlock;
60	0	nsresult rv = NS_URIChainHasFlags(aContentLocation,
61	0	nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
62	0	&shouldBlock);
63	0	if (NS_SUCCEEDED(rv) && shouldBlock) {
64	0	*aDecision = nsIContentPolicy::REJECT_REQUEST;
65	0	}
66	0	}
67	0
68	0	return NS_OK;
69	0	}
70
71		NS_IMETHODIMP
72		nsNoDataProtocolContentPolicy::ShouldProcess(nsIURI *aContentLocation,
73		nsILoadInfo* aLoadInfo,
74		const nsACString &aMimeGuess,
75		int16_t *aDecision)
76	0	{
77	0	return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
78	0	}

Coverage Report

Created: 2018-09-25 14:53