Check favicon urls with script sec manager and content policy.

2004-11-14  Christian Persch  <chpe@cvs.gnome.org>

	* embed/mozilla/EphyBrowser.cpp:
	* embed/mozilla/EphyBrowser.h:
	* embed/mozilla/Makefile.am:

	Check favicon urls with script sec manager and content policy.

3 files changed, 75 insertions, 28 deletions

diff --git a/embed/mozilla/EphyBrowser.cpp b/embed/mozilla/EphyBrowser.cpp
index 10d6eceb9..a203e0b9e 100644
--- a/embed/mozilla/EphyBrowser.cpp
+++ b/embed/mozilla/EphyBrowser.cpp
@@ -70,8 +70,13 @@
 #undef MOZILLA_STRICT_API
 #include "nsMemory.h"
 #include "nsIChannel.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIServiceManager.h"
 
 #ifdef ALLOW_PRIVATE_API
+/* not frozen yet */
+#include "nsIContentPolicy.h"
+/* will never be frozen */
 #include "nsIDocShell.h"
 #include "nsIMarkupDocumentViewer.h"
 #ifdef HAVE_MOZILLA_PSM
@@ -113,9 +118,15 @@ EphyEventListener::Init(EphyEmbed *aOwner)
 	return NS_OK;
 }
 
-nsresult
-EphyFaviconEventListener::HandleFaviconLink (nsIDOMNode *node)
+NS_IMETHODIMP
+EphyFaviconEventListener::HandleEvent(nsIDOMEvent* aDOMEvent)
 {
+	nsCOMPtr<nsIDOMEventTarget> eventTarget;
+	aDOMEvent->GetTarget(getter_AddRefs(eventTarget));
+
+	nsCOMPtr<nsIDOMNode> node = do_QueryInterface(eventTarget);
+	NS_ENSURE_TRUE (node, NS_ERROR_FAILURE);
+
 	nsCOMPtr<nsIDOMElement> linkElement;
 	linkElement = do_QueryInterface (node);
 	if (!linkElement) return NS_ERROR_FAILURE;
@@ -149,36 +160,72 @@ EphyFaviconEventListener::HandleFaviconLink (nsIDOMNode *node)
 
 		nsEmbedString spec;
 		rv = doc->GetDocumentURI (spec);
-		NS_ENSURE_SUCCESS (rv, rv);
+		NS_ENSURE_SUCCESS (rv, NS_ERROR_FAILURE);
 
-		nsCOMPtr<nsIURI> uri;
-		rv = EphyUtils::NewURI (getter_AddRefs(uri), spec);
-		NS_ENSURE_SUCCESS (rv, rv);
+		nsCOMPtr<nsIURI> docUri;
+		EphyUtils::NewURI (getter_AddRefs(docUri), spec);
+		NS_ENSURE_TRUE (docUri, NS_ERROR_FAILURE);
+
+		nsEmbedCString faviconUrl;
+		rv = docUri->Resolve (link, faviconUrl);
+		NS_ENSURE_SUCCESS (rv, NS_ERROR_FAILURE);
 
-		nsEmbedCString favicon_url;
-		rv = uri->Resolve (link, favicon_url);
-		if (NS_FAILED (rv)) return NS_ERROR_FAILURE;
-		
-		char *url = g_strdup (favicon_url.get());
+		nsCOMPtr<nsIURI> favUri;
+		 EphyUtils::NewURI (getter_AddRefs (favUri), faviconUrl);
+		NS_ENSURE_TRUE (favUri, NS_ERROR_FAILURE);
+
+		/* check if load is allowed */
+		nsCOMPtr<nsIScriptSecurityManager> secMan
+			(do_GetService("@mozilla.org/scriptsecuritymanager;1"));
+		/* refuse if we can't check */
+		NS_ENSURE_TRUE (secMan, NS_OK);
+
+		rv = secMan->CheckLoadURI(docUri, favUri,
+					  nsIScriptSecurityManager::STANDARD);
+		/* failure means it didn't pass the security check */
+		if (NS_FAILED (rv)) return NS_OK;
+
+		/* security check passed, now check with content policy */
+		nsCOMPtr<nsIContentPolicy> policy =
+			do_GetService("@mozilla.org/layout/content-policy;1");
+		/* refuse if we can't check */
+		NS_ENSURE_TRUE (policy, NS_OK);
+
+#if MOZ_NSICONTENTPOLICY_VARIANT == 2
+		/* FIXME: mozilla tabbrowser.xml passes
+		 * safeGetProperty(event.target, "type") as mimetype guess:
+		 */
+		PRUnichar typeAttr[] = { 't', 'y', 'p', 'e', '\0' };
+		nsEmbedString typeVal;
+		linkElement->GetAttribute (nsEmbedString (typeAttr), typeVal);
+
+		nsEmbedCString cTypeVal;
+		NS_UTF16ToCString (typeVal, NS_CSTRING_ENCODING_UTF8, cTypeVal);
+
+		PRInt16 decision = 0;
+		rv = policy->ShouldLoad (nsIContentPolicy::TYPE_IMAGE,
+					 favUri, docUri, eventTarget,
+					 cTypeVal, nsnull,
+					 &decision);
+		NS_ENSURE_SUCCESS (rv, NS_ERROR_FAILURE);
+		if (decision != nsIContentPolicy::ACCEPT) return NS_OK;
+#else
+		PRBool shouldLoad = PR_FALSE;
+		rv = policy->ShouldLoad (nsIContentPolicy::IMAGE,
+					 favUri, eventTarget,
+					 nsnull /* FIXME: DOM window*/,
+					 &shouldLoad);
+		NS_ENSURE_SUCCESS (rv, NS_ERROR_FAILURE);
+		if (!shouldLoad) return NS_OK;
+#endif
+
+		/* ok, we accept this as a valid favicon for this site */
+		char *url = g_strdup (faviconUrl.get());
 		g_signal_emit_by_name (mOwner, "ge_favicon", url);
 		g_free (url);
 	}
 
 	return NS_OK;
-}	
-
-NS_IMETHODIMP
-EphyFaviconEventListener::HandleEvent(nsIDOMEvent* aDOMEvent)
-{
-	nsCOMPtr<nsIDOMEventTarget> eventTarget;
-	aDOMEvent->GetTarget(getter_AddRefs(eventTarget));
-
-	nsCOMPtr<nsIDOMNode> node = do_QueryInterface(eventTarget);
-	NS_ENSURE_TRUE (node, NS_ERROR_FAILURE);
-
-	HandleFaviconLink (node);
-
-	return NS_OK;
 }
 
 NS_IMETHODIMP
diff --git a/embed/mozilla/EphyBrowser.h b/embed/mozilla/EphyBrowser.h
index deb96b15a..68811f550 100644
--- a/embed/mozilla/EphyBrowser.h
+++ b/embed/mozilla/EphyBrowser.h
@@ -66,9 +66,6 @@ class EphyFaviconEventListener : public EphyEventListener
 {
 public:
 	NS_IMETHOD HandleEvent(nsIDOMEvent* aEvent);
-
-private:
-	nsresult HandleFaviconLink (nsIDOMNode *node);
 };
 
 class EphyPopupBlockEventListener : public EphyEventListener
diff --git a/embed/mozilla/Makefile.am b/embed/mozilla/Makefile.am
index 58ca89e96..747be8078 100644
--- a/embed/mozilla/Makefile.am
+++ b/embed/mozilla/Makefile.am
@@ -4,6 +4,7 @@ INCLUDES = \
 	-I$(top_srcdir)		    			\
 	$(MOZILLA_COMPONENT_CFLAGS)			\
 	-I$(MOZILLA_INCLUDE_ROOT)			\
+	-I$(MOZILLA_INCLUDE_ROOT)/caps			\
 	-I$(MOZILLA_INCLUDE_ROOT)/chardet		\
 	-I$(MOZILLA_INCLUDE_ROOT)/commandhandler	\
 	-I$(MOZILLA_INCLUDE_ROOT)/content		\
@@ -13,6 +14,7 @@ INCLUDES = \
 	-I$(MOZILLA_INCLUDE_ROOT)/exthandler		\
 	-I$(MOZILLA_INCLUDE_ROOT)/gfx			\
 	-I$(MOZILLA_INCLUDE_ROOT)/helperAppDlg		\
+	-I$(MOZILLA_INCLUDE_ROOT)/js			\
 	-I$(MOZILLA_INCLUDE_ROOT)/history		\
 	-I$(MOZILLA_INCLUDE_ROOT)/layout		\
 	-I$(MOZILLA_INCLUDE_ROOT)/locale		\
@@ -31,6 +33,7 @@ INCLUDES = \
 	-I$(MOZILLA_INCLUDE_ROOT)/windowwatcher		\
 	-I$(MOZILLA_INCLUDE_ROOT)/xmlextras		\
 	-I$(MOZILLA_INCLUDE_ROOT)/xpcom			\
+	-I$(MOZILLA_INCLUDE_ROOT)/xpconnect		\
 	$(EPIPHANY_DEPENDENCY_CFLAGS) 			\
 	-DSHARE_DIR=\"$(pkgdatadir)\"   		\
 	-DMOZILLA_HOME=\"$(MOZILLA_HOME)\"		\