#611: M1277475

2025-02-05 10:31:24 +00:00 · 2020-06-16 19:38:16 -07:00 · 2020-06-16 19:38:16 -07:00 · 0c828a96e6
commit 0c828a96e6
parent 80ece6a151
7 changed files with 26 additions and 5 deletions
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@ -8293,7 +8293,7 @@ nsDocument::IsScriptEnabled()
 {
  // If this document is sandboxed without 'allow-scripts'
  // script is not enabled
-  if (mSandboxFlags & SANDBOXED_SCRIPTS) {
+  if (HasScriptsBlockedBySandbox()) {
    return false;
  }

@ -13044,6 +13044,12 @@ nsIDocument::InlineScriptAllowedByCSP()
  return allowsInlineScript;
 }

+bool
+nsIDocument::HasScriptsBlockedBySandbox()
+{
+  return mSandboxFlags & SANDBOXED_SCRIPTS;
+}
+
 static bool
 MightBeAboutOrChromeScheme(nsIURI* aURI)
 {
--- a/dom/base/nsIDocument.h
+++ b/dom/base/nsIDocument.h
@ -2678,6 +2678,8 @@ public:
    return mUserHasInteracted;
  }

+  bool HasScriptsBlockedBySandbox();
+
  bool InlineScriptAllowedByCSP();

  void SetLinkHandlingEnabled(bool aValue) { mLinksEnabled = aValue; }
--- a/dom/base/nsScriptLoader.cpp
+++ b/dom/base/nsScriptLoader.cpp
@ -272,7 +272,7 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
                          bool aScriptFromHead)
 {
  // If this document is sandboxed without 'allow-scripts', abort.
-  if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+  if (mDocument->HasScriptsBlockedBySandbox()) {
    return NS_OK;
  }

@ -704,7 +704,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)

  // inline script
  // Is this document sandboxed without 'allow-scripts'?
-  if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+  if (mDocument->HasScriptsBlockedBySandbox()) {
    return false;
  }

--- a/dom/events/EventListenerManager.cpp
+++ b/dom/events/EventListenerManager.cpp
@ -735,7 +735,7 @@ EventListenerManager::SetEventHandler(nsIAtom* aName,
  if (doc) {
    // Don't allow adding an event listener if the document is sandboxed
    // without 'allow-scripts'.
-    if (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+    if (doc->HasScriptsBlockedBySandbox()) {
      return NS_ERROR_DOM_SECURITY_ERR;
    }

--- a/dom/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/jsurl/nsJSProtocolHandler.cpp
@ -201,7 +201,7 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel,
    // Sandboxed document check: javascript: URI's are disabled
    // in a sandboxed document unless 'allow-scripts' was specified.
    nsIDocument* doc = aOriginalInnerWindow->GetExtantDoc();
-    if (doc && (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS)) {
+    if (doc && doc->HasScriptsBlockedBySandbox()) {
        return NS_ERROR_DOM_RETVAL_UNDEFINED;
    }

--- a/dom/webidl/Document.webidl
+++ b/dom/webidl/Document.webidl
@ -403,6 +403,12 @@ partial interface Document {
  [ChromeOnly] readonly attribute boolean userHasInteracted;
 };

+// Extension to give chrome and XBL JS the ability to determine whether
+// the document is sandboxed without permission to run scripts.
+partial interface Document {
+  [Func="IsChromeOrXBL"] readonly attribute boolean hasScriptsBlockedBySandbox;
+};
+
 // Extension to give chrome and XBL JS the ability to determine whether
 // inline scripts are blocked by the document's CSP.
 partial interface Document {
--- a/layout/style/xbl-marquee/xbl-marquee.xml
+++ b/layout/style/xbl-marquee/xbl-marquee.xml
@ -240,6 +240,13 @@
        <parameter name="aIgnoreNextCall"/>
        <body>
          <![CDATA[
+          // _setEventListener is only used for setting the attribute event
+          // handlers, which we want to ignore if our document is sandboxed
+          // without the allow-scripts keyword.
+          if (document.hasScriptsBlockedBySandbox) {
+            return true;
+          }
+
          // attribute event handlers should only be added if the
          // document's CSP allows it.
          if (!document.inlineScriptAllowedByCSP) {