#517: more complete workaround for Rocket Loader

2018-10-27 16:22:07 -07:00 · 2018-10-27 16:22:07 -07:00 · 3926185105
parent 09256df984
commit 3926185105
3 changed files with 24 additions and 15 deletions
--- a/dom/base/Element.cpp
+++ b/dom/base/Element.cpp
@ -1168,17 +1168,6 @@ Element::GetDestinationInsertionPoints()
 void
 Element::GetAttribute(const nsAString& aName, DOMString& aReturn)
 {
-  // Complete the illusion of TenFourFox issue 517 by preventing Rocket Loader
-  // from seeing the data-cf-nonce attribute. This doesn't seem to be used
-  // anywhere else in the Cloudflare stack.
-  if (!IsXULElement() && MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) {
-#if DEBUG
-    fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n");
-#endif
-    aReturn.SetNull();
-    return;
-  }
-
  const nsAttrValue* val =
    mAttrsAndChildren.GetAttr(aName,
                              IsHTMLElement() && IsInHTMLDocument() ?
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -7216,10 +7216,10 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
    }
  }

-  // Workaround for Rocket Script; current versions do not load properly.
+  // Workaround for Rocket Loader; current versions do not work properly.
  // This version just relaxes the limits on the MIME type so that the
-  // browser loads the scripts for us and RocketScript is not involved.
-  // Old-school Rocket Script that used text/rocketscript is OK; we don't
+  // browser loads the scripts for us and Rocket Loader is not involved.
+  // Old-school Rocket Loader that used text/rocketscript works OK; we don't
  // interfere with that.
  // (TenFourFox issue 517.)
  if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"),
@ -7227,7 +7227,7 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
      // Don't use Find(). We really care just if it's at the end.
      // If we need to look elsewhere, use FindInReadable().
 #if DEBUG
-    fprintf(stderr, "TenFourFox: Rocket Script detected\n");
+    fprintf(stderr, "TenFourFox: Rocket Loader dependent script detected\n");
 #endif
    return true;
  }
--- a/dom/base/nsScriptLoader.cpp
+++ b/dom/base/nsScriptLoader.cpp
@ -467,6 +467,26 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)

  NS_ASSERTION(!aElement->IsMalformed(), "Executing malformed script");

+  // TenFourFox issue 517. Complete the illusion by just not loading
+  // the Rocket Loader script in the first place. Not only is this much
+  // faster, but it also can be very reliably detected by looking for a
+  // |data-cf-nonce| property on the script tag which appears nowhere else
+  // in the Cloudflare stack presently, eliminates a hack in querying
+  // attributes for that property, and works better for certain sites
+  // where the load can clash with certain inline script elements.
+  nsCOMPtr<nsIDOMElement> domElement = do_QueryInterface(aElement);
+  NS_ASSERTION(domElement, "script could not be QIed to nsIDOMElement");
+  if (MOZ_LIKELY(domElement)) {
+    nsAutoString foo;
+    domElement->GetAttribute(NS_LITERAL_STRING("data-cf-nonce"), foo);
+    if (MOZ_UNLIKELY(!foo.IsEmpty())) {
+#if DEBUG
+      fprintf(stderr, "TenFourFox blocking Rocket Loader main script.\n");
+#endif
+      return false;
+    }
+  }
+
  nsCOMPtr<nsIContent> scriptContent = do_QueryInterface(aElement);

  // Step 12. Check that the script is not an eventhandler