Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=4 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at */
#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__
#include "nsIScriptSecurityManager.h"
#include "mozilla/Maybe.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsServiceManagerUtils.h"
#include "nsStringFwd.h"
#include "js/TypeDecls.h"
#include <stdint.h>
class nsIIOService;
class nsIStringBundle;
namespace mozilla {
class OriginAttributes;
class SystemPrincipal;
} // namespace mozilla
namespace JS {
enum class RuntimeCode;
} // namespace JS
// nsScriptSecurityManager //
{ \
0x7ee2a4c0, 0x4b93, 0x17d3, { \
0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
} \
class nsScriptSecurityManager final : public nsIScriptSecurityManager {
static void Shutdown();
static nsScriptSecurityManager* GetScriptSecurityManager();
// Invoked exactly once, by XPConnect.
static void InitStatics();
void InitJSCallbacks(JSContext* aCx);
// This has to be static because it is called after gScriptSecMan is cleared.
static void ClearJSCallbacks(JSContext* aCx);
static already_AddRefed<mozilla::SystemPrincipal>
* Utility method for comparing two URIs. For security purposes, two URIs
* are equivalent if their schemes, hosts, and ports (if any) match. This
* method returns true if aSubjectURI and aObjectURI have the same origin,
* false otherwise.
static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
static uint32_t SecurityHashURI(nsIURI* aURI);
static bool IsHttpOrHttpsAndCrossOrigin(nsIURI* aUriA, nsIURI* aUriB);
static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
nsIURI* aTarget, bool aFromPrivateWindow,
uint64_t aInnerWindowID = 0);
static nsresult ReportError(const char* aMessageTag,
const nsACString& sourceSpec,
const nsACString& targetSpec,
bool aFromPrivateWindow,
uint64_t aInnerWindowID = 0);
static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
void DeactivateDomainPolicy();
// GetScriptSecurityManager is the only call that can make one
virtual ~nsScriptSecurityManager();
// Decides, based on CSP, whether or not eval() and stuff can be executed.
static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
JS::RuntimeCode kind,
JS::Handle<JSString*> aCode);
static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
nsresult Init();
nsresult InitPrefs();
static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
void ScriptSecurityPrefChanged(const char* aPref = nullptr);
inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
nsIPrincipal** aPrincipal,
bool aIgnoreSandboxing);
nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
uint32_t aFlags, bool aFromPrivateWindow,
uint64_t aInnerWindowID);
// Returns the file URI allowlist, initializing it if it has not been
// initialized.
const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
bool mPrefInitialized;
bool mIsJavaScriptEnabled;
// List of URIs whose domains and sub-domains are allowlisted to allow
// access to file: URIs. Lazily initialized; isNothing() when not yet
// initialized.
mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
// This machinery controls new-style domain policies. The old-style
// policy machinery will be removed soon.
nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
static std::atomic<bool> sStrictFileOriginPolicy;
static mozilla::StaticRefPtr<nsIIOService> sIOService;
static nsIStringBundle* sStrBundle;
#endif // nsScriptSecurityManager_h__