/src/mozilla-central/dom/serviceworkers/ServiceWorkerUtils.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
2 | | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
3 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
4 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
5 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
6 | | |
7 | | #include "ServiceWorkerUtils.h" |
8 | | |
9 | | #include "mozilla/Preferences.h" |
10 | | #include "mozilla/dom/ClientInfo.h" |
11 | | #include "mozilla/dom/ServiceWorkerRegistrarTypes.h" |
12 | | #include "nsIURL.h" |
13 | | |
14 | | namespace mozilla { |
15 | | namespace dom { |
16 | | |
17 | | |
18 | | bool |
19 | | ServiceWorkerParentInterceptEnabled() |
20 | 0 | { |
21 | 0 | static Atomic<bool> sEnabled; |
22 | 0 | static Atomic<bool> sInitialized; |
23 | 0 | if (!sInitialized) { |
24 | 0 | AssertIsOnMainThread(); |
25 | 0 | sInitialized = true; |
26 | 0 | sEnabled = Preferences::GetBool("dom.serviceWorkers.parent_intercept", false); |
27 | 0 | } |
28 | 0 | return sEnabled; |
29 | 0 | } |
30 | | |
31 | | bool |
32 | | ServiceWorkerRegistrationDataIsValid(const ServiceWorkerRegistrationData& aData) |
33 | 0 | { |
34 | 0 | return !aData.scope().IsEmpty() && |
35 | 0 | !aData.currentWorkerURL().IsEmpty() && |
36 | 0 | !aData.cacheName().IsEmpty(); |
37 | 0 | } |
38 | | |
39 | | namespace { |
40 | | |
41 | | nsresult |
42 | | CheckForSlashEscapedCharsInPath(nsIURI* aURI) |
43 | 0 | { |
44 | 0 | MOZ_ASSERT(aURI); |
45 | 0 |
|
46 | 0 | // A URL that can't be downcast to a standard URL is an invalid URL and should |
47 | 0 | // be treated as such and fail with SecurityError. |
48 | 0 | nsCOMPtr<nsIURL> url(do_QueryInterface(aURI)); |
49 | 0 | if (NS_WARN_IF(!url)) { |
50 | 0 | return NS_ERROR_DOM_SECURITY_ERR; |
51 | 0 | } |
52 | 0 | |
53 | 0 | nsAutoCString path; |
54 | 0 | nsresult rv = url->GetFilePath(path); |
55 | 0 | if (NS_WARN_IF(NS_FAILED(rv))) { |
56 | 0 | return rv; |
57 | 0 | } |
58 | 0 | |
59 | 0 | ToLowerCase(path); |
60 | 0 | if (path.Find("%2f") != kNotFound || |
61 | 0 | path.Find("%5c") != kNotFound) { |
62 | 0 | return NS_ERROR_DOM_TYPE_ERR; |
63 | 0 | } |
64 | 0 | |
65 | 0 | return NS_OK; |
66 | 0 | } |
67 | | |
68 | | } // anonymous namespace |
69 | | |
70 | | nsresult |
71 | | ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo, |
72 | | nsIURI* aScopeURI, |
73 | | nsIURI* aScriptURI) |
74 | 0 | { |
75 | 0 | MOZ_DIAGNOSTIC_ASSERT(aScopeURI); |
76 | 0 | MOZ_DIAGNOSTIC_ASSERT(aScriptURI); |
77 | 0 |
|
78 | 0 | nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal(); |
79 | 0 | NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR); |
80 | 0 |
|
81 | 0 | bool isHttp = false; |
82 | 0 | bool isHttps = false; |
83 | 0 | Unused << aScriptURI->SchemeIs("http", &isHttp); |
84 | 0 | Unused << aScriptURI->SchemeIs("https", &isHttps); |
85 | 0 | NS_ENSURE_TRUE(isHttp || isHttps, NS_ERROR_DOM_SECURITY_ERR); |
86 | 0 |
|
87 | 0 | nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI); |
88 | 0 | NS_ENSURE_SUCCESS(rv, rv); |
89 | 0 |
|
90 | 0 | rv = CheckForSlashEscapedCharsInPath(aScriptURI); |
91 | 0 | NS_ENSURE_SUCCESS(rv, rv); |
92 | 0 |
|
93 | 0 | nsAutoCString ref; |
94 | 0 | Unused << aScopeURI->GetRef(ref); |
95 | 0 | NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR); |
96 | 0 |
|
97 | 0 | Unused << aScriptURI->GetRef(ref); |
98 | 0 | NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR); |
99 | 0 |
|
100 | 0 | rv = principal->CheckMayLoad(aScopeURI, true /* report */, |
101 | 0 | false /* allowIfInheritsPrincipal */); |
102 | 0 | NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR); |
103 | 0 |
|
104 | 0 | rv = principal->CheckMayLoad(aScriptURI, true /* report */, |
105 | 0 | false /* allowIfInheritsPrincipal */); |
106 | 0 | NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR); |
107 | 0 |
|
108 | 0 | return NS_OK; |
109 | 0 | } |
110 | | |
111 | | } // namespace dom |
112 | | } // namespace mozilla |