From 0bbf06ea62ae66ddc0a61760b06b50688bc3ffa0 Mon Sep 17 00:00:00 2001
From: Cameron Kaiser <classilla@floodgap.com>
Date: Sat, 18 Aug 2018 14:59:52 -0700
Subject: [PATCH] #517: fake out current Rocket Loader

---
 dom/base/Element.cpp        | 11 +++++++++++
 dom/base/nsContentUtils.cpp | 19 ++++++++++++++++---
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp
index c07c1b2fd..8beb04e72 100644
--- a/dom/base/Element.cpp
+++ b/dom/base/Element.cpp
@@ -1168,6 +1168,17 @@ Element::GetDestinationInsertionPoints()
 void
 Element::GetAttribute(const nsAString& aName, DOMString& aReturn)
 {
+  // Complete the illusion of issue 517 by preventing Rocket Loader from
+  // seeing the data-cf-nonce attribute. This doesn't seem to be used
+  // anywhere else in the Cloudflare stack.
+  if (MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) {
+#if DEBUG
+    fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n");
+#endif
+    aReturn.SetNull();
+    return;
+  }
+
   const nsAttrValue* val =
     mAttrsAndChildren.GetAttr(aName,
                               IsHTMLElement() && IsInHTMLDocument() ?
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 3a9afc301..6f839e63c 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7108,9 +7108,6 @@ nsContentUtils::IsForbiddenSystemRequestHeader(const nsACString& aHeader)
   };
   for (uint32_t i = 0; i < ArrayLength(kInvalidHeaders); ++i) {
     if (aHeader.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
-#if DEBUG
-      fprintf(stderr, "offending header was %s\n", kInvalidHeaders[i]);
-#endif
       return true;
     }
   }
@@ -7219,6 +7216,22 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
     }
   }
 
+  // Workaround for Rocket Script; current versions do not load properly.
+  // This version just relaxes the limits on the MIME type so that the
+  // browser loads the scripts for us and RocketScript is not involved.
+  // Old-school Rocket Script that used text/rocketscript is OK; we don't
+  // interfere with that.
+  // (TenFourFox issue 517.)
+  if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"),
+                     nsCaseInsensitiveStringComparator())) {
+      // Don't use Find(). We really care just if it's at the end.
+      // If we need to look elsewhere, use FindInReadable().
+#if DEBUG
+    fprintf(stderr, "TenFourFox: Rocket Script detected\n");
+#endif
+    return true;
+  }
+
   return false;
 }