Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : /*
8 : * Content policy implementation that prevents all loads of images,
9 : * subframes, etc from protocols that don't return data but rather open
10 : * applications (such as mailto).
11 : */
12 :
13 : #include "nsNoDataProtocolContentPolicy.h"
14 : #include "nsIDOMWindow.h"
15 : #include "nsString.h"
16 : #include "nsIProtocolHandler.h"
17 : #include "nsIIOService.h"
18 : #include "nsIExternalProtocolHandler.h"
19 : #include "nsIURI.h"
20 : #include "nsNetUtil.h"
21 : #include "nsContentUtils.h"
22 :
23 24 : NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)
24 :
25 : NS_IMETHODIMP
26 23 : nsNoDataProtocolContentPolicy::ShouldLoad(uint32_t aContentType,
27 : nsIURI *aContentLocation,
28 : nsIURI *aRequestingLocation,
29 : nsISupports *aRequestingContext,
30 : const nsACString &aMimeGuess,
31 : nsISupports *aExtra,
32 : nsIPrincipal *aRequestPrincipal,
33 : int16_t *aDecision)
34 : {
35 23 : MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
36 : "We should only see external content policy types here.");
37 :
38 23 : *aDecision = nsIContentPolicy::ACCEPT;
39 :
40 : // Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the
41 : // plugin, so they don't necessarily open external apps
42 : // TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to
43 : // concern ourselves with them.
44 23 : if (aContentType != TYPE_DOCUMENT &&
45 13 : aContentType != TYPE_SUBDOCUMENT &&
46 13 : aContentType != TYPE_OBJECT &&
47 : aContentType != TYPE_WEBSOCKET) {
48 :
49 : // The following are just quick-escapes for the most common cases
50 : // where we would allow the content to be loaded anyway.
51 13 : nsAutoCString scheme;
52 13 : aContentLocation->GetScheme(scheme);
53 34 : if (scheme.EqualsLiteral("http") ||
54 16 : scheme.EqualsLiteral("https") ||
55 16 : scheme.EqualsLiteral("ftp") ||
56 29 : scheme.EqualsLiteral("file") ||
57 8 : scheme.EqualsLiteral("chrome")) {
58 13 : return NS_OK;
59 : }
60 :
61 : bool shouldBlock;
62 : nsresult rv = NS_URIChainHasFlags(aContentLocation,
63 : nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
64 0 : &shouldBlock);
65 0 : if (NS_SUCCEEDED(rv) && shouldBlock) {
66 0 : *aDecision = nsIContentPolicy::REJECT_REQUEST;
67 : }
68 : }
69 :
70 10 : return NS_OK;
71 : }
72 :
73 : NS_IMETHODIMP
74 0 : nsNoDataProtocolContentPolicy::ShouldProcess(uint32_t aContentType,
75 : nsIURI *aContentLocation,
76 : nsIURI *aRequestingLocation,
77 : nsISupports *aRequestingContext,
78 : const nsACString &aMimeGuess,
79 : nsISupports *aExtra,
80 : nsIPrincipal *aRequestPrincipal,
81 : int16_t *aDecision)
82 : {
83 : return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
84 : aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
85 0 : aDecision);
86 : }
|
