Bug 30304: avoid leaking browser language via DTD

acatarineu · May 2, 2019 · 4618869 · 4618869
1 parent 8a9df95
commit 4618869
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp
@@ -862,6 +862,14 @@ nsresult nsScriptSecurityManager::CheckLoadURIFlags(nsIURI* aSourceURI,
           if (accessAllowed) {
             return NS_OK;
           }
+
+          // Allow loading from about:* pages, whitelisted or not.
+          nsAutoCString sourceScheme;
+          rv = aSourceBaseURI->GetScheme(sourceScheme);
+          if (NS_FAILED(rv)) return rv;
+          if (sourceScheme.EqualsLiteral("about")) {
+            return NS_OK;
+          }
         }
       }
     }

diff --git a/chrome/nsChromeRegistry.cpp b/chrome/nsChromeRegistry.cpp
@@ -521,6 +521,14 @@ nsChromeRegistry::AllowContentToAccess(nsIURI* aURI, bool* aResult) {
   if (NS_SUCCEEDED(rv)) {
     *aResult = !!(flags & CONTENT_ACCESSIBLE);
   }
+
+  // Do not leak browser language to content
+  nsAutoCString provider, path;
+  rv = GetProviderAndPath(aURI, provider, path);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (provider.EqualsLiteral("locale")) {
+    *aResult = false;
+  }
   return NS_OK;
 }
 

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
@@ -212,11 +212,6 @@ static bool IsImageLoadInEditorAppType(nsILoadInfo* aLoadInfo) {
 }
 
 static nsresult DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
-  // Bug 1228117: determine the correct security policy for DTD loads
-  if (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DTD) {
-    return NS_OK;
-  }
-
   if (IsImageLoadInEditorAppType(aLoadInfo)) {
     return NS_OK;
   }