From 3926185105065eadd101a86cf0424a894bcc09fd Mon Sep 17 00:00:00 2001 From: Cameron Kaiser Date: Sat, 27 Oct 2018 16:22:07 -0700 Subject: [PATCH] #517: more complete workaround for Rocket Loader --- dom/base/Element.cpp | 11 ----------- dom/base/nsContentUtils.cpp | 8 ++++---- dom/base/nsScriptLoader.cpp | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp index 2056fe7e9..ec0fa330d 100644 --- a/dom/base/Element.cpp +++ b/dom/base/Element.cpp @@ -1168,17 +1168,6 @@ Element::GetDestinationInsertionPoints() void Element::GetAttribute(const nsAString& aName, DOMString& aReturn) { - // Complete the illusion of TenFourFox issue 517 by preventing Rocket Loader - // from seeing the data-cf-nonce attribute. This doesn't seem to be used - // anywhere else in the Cloudflare stack. - if (!IsXULElement() && MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) { -#if DEBUG - fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n"); -#endif - aReturn.SetNull(); - return; - } - const nsAttrValue* val = mAttrsAndChildren.GetAttr(aName, IsHTMLElement() && IsInHTMLDocument() ? diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 6f839e63c..20ab3ef78 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -7216,10 +7216,10 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType) } } - // Workaround for Rocket Script; current versions do not load properly. + // Workaround for Rocket Loader; current versions do not work properly. // This version just relaxes the limits on the MIME type so that the - // browser loads the scripts for us and RocketScript is not involved. - // Old-school Rocket Script that used text/rocketscript is OK; we don't + // browser loads the scripts for us and Rocket Loader is not involved. + // Old-school Rocket Loader that used text/rocketscript works OK; we don't // interfere with that. // (TenFourFox issue 517.) if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"), @@ -7227,7 +7227,7 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType) // Don't use Find(). We really care just if it's at the end. // If we need to look elsewhere, use FindInReadable(). #if DEBUG - fprintf(stderr, "TenFourFox: Rocket Script detected\n"); + fprintf(stderr, "TenFourFox: Rocket Loader dependent script detected\n"); #endif return true; } diff --git a/dom/base/nsScriptLoader.cpp b/dom/base/nsScriptLoader.cpp index 432b4fc33..e04ef230b 100644 --- a/dom/base/nsScriptLoader.cpp +++ b/dom/base/nsScriptLoader.cpp @@ -467,6 +467,26 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) NS_ASSERTION(!aElement->IsMalformed(), "Executing malformed script"); + // TenFourFox issue 517. Complete the illusion by just not loading + // the Rocket Loader script in the first place. Not only is this much + // faster, but it also can be very reliably detected by looking for a + // |data-cf-nonce| property on the script tag which appears nowhere else + // in the Cloudflare stack presently, eliminates a hack in querying + // attributes for that property, and works better for certain sites + // where the load can clash with certain inline script elements. + nsCOMPtr domElement = do_QueryInterface(aElement); + NS_ASSERTION(domElement, "script could not be QIed to nsIDOMElement"); + if (MOZ_LIKELY(domElement)) { + nsAutoString foo; + domElement->GetAttribute(NS_LITERAL_STRING("data-cf-nonce"), foo); + if (MOZ_UNLIKELY(!foo.IsEmpty())) { +#if DEBUG + fprintf(stderr, "TenFourFox blocking Rocket Loader main script.\n"); +#endif + return false; + } + } + nsCOMPtr scriptContent = do_QueryInterface(aElement); // Step 12. Check that the script is not an eventhandler