Ejemplo n.º 1
0
void
nsCSPHostSrc::toString(nsAString& outStr) const
{
  // If mHost is a single "*", we append the wildcard and return.
  if (mHost.EqualsASCII("*") &&
      mScheme.IsEmpty() &&
      mPort.IsEmpty()) {
    outStr.Append(mHost);
    return;
  }

  // append scheme
  outStr.Append(mScheme);

  // append host
  outStr.AppendASCII("://");
  outStr.Append(mHost);

  // append port
  if (!mPort.IsEmpty()) {
    outStr.AppendASCII(":");
    outStr.Append(mPort);
  }

  // in CSP 1.1, paths are ignoed
  // outStr.Append(mPath);
  // outStr.Append(mFileAndArguments);
}
Ejemplo n.º 2
0
void
nsCSPNonceSrc::toString(nsAString& outStr) const
{
  outStr.AppendASCII(CSP_EnumToKeyword(CSP_NONCE));
  outStr.Append(mNonce);
  outStr.AppendASCII("'");
}
Ejemplo n.º 3
0
/* readonly attribute DOMString format; */
static void
AppendToFormat(nsAString & aResult, const char* aFormat)
{
    if (!aResult.IsEmpty()) {
        aResult.AppendASCII(",");
    }
    aResult.AppendASCII(aFormat);
}
Ejemplo n.º 4
0
void
nsCSPHashSrc::toString(nsAString& outStr) const
{
  outStr.AppendASCII("'");
  outStr.Append(mAlgorithm);
  outStr.AppendASCII("-");
  outStr.Append(mHash);
  outStr.AppendASCII("'");
}
Ejemplo n.º 5
0
void
nsRequireSRIForDirective::toString(nsAString &outStr) const
{
  outStr.AppendASCII(CSP_CSPDirectiveToString(
    nsIContentSecurityPolicy::REQUIRE_SRI_FOR));
  for (uint32_t i = 0; i < mTypes.Length(); i++) {
    if (mTypes[i] == nsIContentPolicy::TYPE_SCRIPT) {
      outStr.AppendASCII(" script");
    }
    else if (mTypes[i] == nsIContentPolicy::TYPE_STYLESHEET) {
      outStr.AppendASCII(" style");
    }
  }
}
Ejemplo n.º 6
0
void
nsCSPDirective::toString(nsAString& outStr) const
{
  // Append directive name
  outStr.AppendASCII(CSP_EnumToDirective(mDirective));
  outStr.AppendASCII(" ");

  // Append srcs
  uint32_t length = mSrcs.Length();
  for (uint32_t i = 0; i < length; i++) {
    mSrcs[i]->toString(outStr);
    if (i != (length - 1)) {
      outStr.AppendASCII(" ");
    }
  }
}
Ejemplo n.º 7
0
void
nsCSPPolicy::toString(nsAString& outStr) const
{
  uint32_t length = mDirectives.Length();
  for (uint32_t i = 0; i < length; ++i) {

    if (mDirectives[i]->equals(nsIContentSecurityPolicy::REFERRER_DIRECTIVE)) {
      outStr.AppendASCII(CSP_CSPDirectiveToString(nsIContentSecurityPolicy::REFERRER_DIRECTIVE));
      outStr.AppendASCII(" ");
      outStr.Append(mReferrerPolicy);
    } else {
      mDirectives[i]->toString(outStr);
    }
    if (i != (length - 1)) {
      outStr.AppendASCII("; ");
    }
  }
}
Ejemplo n.º 8
0
void
nsCSPKeywordSrc::toString(nsAString& outStr) const
{
  if (mInvalidated) {
    MOZ_ASSERT(mKeyword == CSP_UNSAFE_INLINE,
               "can only ignore 'unsafe-inline' within toString()");
    return;
  }
  outStr.AppendASCII(CSP_EnumToKeyword(mKeyword));
}
Ejemplo n.º 9
0
void
nsCSPReportURI::toString(nsAString& outStr) const
{
  nsAutoCString spec;
  nsresult rv = mReportURI->GetSpec(spec);
  if (NS_FAILED(rv)) {
    return;
  }
  outStr.AppendASCII(spec.get());
}
Ejemplo n.º 10
0
void
GeneratePermissionName(nsAString& aPermission,
                       const nsAString& aName,
                       const nsAString& aManifestURL)
{
  aPermission.AssignASCII("indexedDB-chrome-");
  aPermission.Append(aName);
  aPermission.AppendASCII("|");
  aPermission.Append(aManifestURL);
}
Ejemplo n.º 11
0
void
nsCSPPolicy::toString(nsAString& outStr) const
{
  uint32_t length = mDirectives.Length();
  for (uint32_t i = 0; i < length; ++i) {
    mDirectives[i]->toString(outStr);
    if (i != (length - 1)) {
      outStr.AppendASCII("; ");
    }
  }
}
Ejemplo n.º 12
0
/*
 * Use this function only after ::allows() returned 'false'. Most and
 * foremost it's used to get the violated directive before sending reports.
 * The parameter outDirective is the equivalent of 'outViolatedDirective'
 * for the ::permits() function family.
 */
void
nsCSPPolicy::getDirectiveStringForContentType(nsContentPolicyType aContentType,
                                              nsAString& outDirective) const
{
  nsCSPDirective* defaultDir = nullptr;
  for (uint32_t i = 0; i < mDirectives.Length(); i++) {
    if (mDirectives[i]->restrictsContentType(aContentType)) {
      mDirectives[i]->toString(outDirective);
      return;
    }
    if (mDirectives[i]->isDefaultDirective()) {
      defaultDir = mDirectives[i];
    }
  }
  // if we haven't found a matching directive yet,
  // the contentType must be restricted by the default directive
  if (defaultDir) {
    defaultDir->toString(outDirective);
    return;
  }
  NS_ASSERTION(false, "Can not query directive string for contentType!");
  outDirective.AppendASCII("couldNotQueryViolatedDirective");
}
Ejemplo n.º 13
0
/* static */ void
FeaturePolicyUtils::DefaultAllowListFeature(const nsAString& aFeatureName,
                                            const nsAString& aDefaultOrigin,
                                            nsAString& aDefaultAllowList)
{
  uint32_t numFeatures = (sizeof(sSupportedFeatures) / sizeof(sSupportedFeatures[0]));
  for (uint32_t i = 0; i < numFeatures; ++i) {
    if (aFeatureName.LowerCaseEqualsASCII(sSupportedFeatures[i].mFeatureName)) {
      switch (sSupportedFeatures[i].mDefaultAllowList) {
        case FeatureMap::eAll:
          aDefaultAllowList.AppendASCII("*");
          return;

        case FeatureMap::eSelf:
          aDefaultAllowList = aDefaultOrigin;
          return;

        default:
          MOZ_CRASH("Unknown default value");
      }
    }
  }
}
Ejemplo n.º 14
0
void
nsWin32Locale::GetXPLocale(LCID winLCID, nsAString& locale)
{
  initFunctionPointers ();

  if (lcidToLocaleName)
  {
    WCHAR ret_locale[LOCALE_NAME_MAX_LENGTH];
    int rv = lcidToLocaleName(winLCID, ret_locale, LOCALE_NAME_MAX_LENGTH, 0);
    // rv 0 means that the function failed to match up the LCID, so we fallback
    // to the old function
    if (rv != 0)
    {
      locale.Assign(ret_locale);
      return;
    }
  }

  DWORD    lang_id, sublang_id;
  size_t   i, j;

  lang_id = PRIMARYLANGID(LANGIDFROMLCID(winLCID));
  sublang_id = SUBLANGID(LANGIDFROMLCID(winLCID));

  /* Special-case Norwegian Bokmal and Norwegian Nynorsk, which have the same
     LANG_ID on Windows, but have separate ISO-639-2 codes */
  if (lang_id == LANG_NORWEGIAN) {
    if (sublang_id == SUBLANG_NORWEGIAN_BOKMAL) {
      locale.AssignASCII("nb-NO");
    } else if (sublang_id == SUBLANG_NORWEGIAN_NYNORSK) {
      locale.AssignASCII("nn-NO");
    } else {
      locale.AssignASCII("no-NO");
    }
    return;
  }

  for(i=0;i<LENGTH_MAPPING_LIST;i++) {
    if (lang_id==iso_list[i].win_code) {
      /* Special-case Croatian and Serbian, which have the same LANG_ID on
         Windows, but have been split into separate ISO-639-2 codes */
      if (lang_id == LANG_CROATIAN) {
        if (sublang_id == SUBLANG_DEFAULT) {
          locale.AssignLiteral(CROATIAN_ISO_CODE);
        } else {
          locale.AssignLiteral(SERBIAN_ISO_CODE);
        }
      } else {
        locale.AssignASCII(iso_list[i].iso_code);
      }
      for(j=0;iso_list[i].sublang_list[j].win_code;j++) {
        if (sublang_id == iso_list[i].sublang_list[j].win_code) {
          locale.Append(PRUnichar('-'));
          locale.AppendASCII(iso_list[i].sublang_list[j].iso_code);
          break;
        }
      }
      return;
    }
  }

  //
  // didn't find any match. fall back to en-US, which is better 
  // than unusable buttons without 'OK', 'Cancel', etc (bug 224546)       
  //
  locale.AssignLiteral("en-US"); 
  return;
}
Ejemplo n.º 15
0
void
nsCSPSchemeSrc::toString(nsAString& outStr) const
{
  outStr.Append(mScheme);
  outStr.AppendASCII(":");
}
void
nsHTMLContentSerializer::AppendAndTranslateEntities(const nsAString& aStr,
                                                     nsAString& aOutputStr)
{
  if (mBodyOnly && !mInBody) {
    return;
  }

  if (mDisableEntityEncoding) {
    aOutputStr.Append(aStr);
    return;
  }

  bool nonBasicEntities =
    !!(mFlags & (nsIDocumentEncoder::OutputEncodeLatin1Entities |
                 nsIDocumentEncoder::OutputEncodeHTMLEntities   |
                 nsIDocumentEncoder::OutputEncodeW3CEntities));

  if (!nonBasicEntities &&
      (mFlags & (nsIDocumentEncoder::OutputEncodeBasicEntities))) {
    const char **entityTable = mInAttribute ? kAttrEntities : kEntities;
    PRUint32 start = 0;
    const PRUint32 len = aStr.Length();
    for (PRUint32 i = 0; i < len; ++i) {
      const char* entity = nsnull;
      i = FindNextBasicEntity(aStr, len, i, entityTable, &entity);
      PRUint32 normalTextLen = i - start; 
      if (normalTextLen) {
        aOutputStr.Append(Substring(aStr, start, normalTextLen));
      }
      if (entity) {
        aOutputStr.AppendASCII(entity);
        start = i + 1;
      }
    }
    return;
  } else if (nonBasicEntities) {
    nsIParserService* parserService = nsContentUtils::GetParserService();

    if (!parserService) {
      NS_ERROR("Can't get parser service");
      return;
    }

    nsReadingIterator<PRUnichar> done_reading;
    aStr.EndReading(done_reading);

    // for each chunk of |aString|...
    PRUint32 advanceLength = 0;
    nsReadingIterator<PRUnichar> iter;

    const char **entityTable = mInAttribute ? kAttrEntities : kEntities;
    nsCAutoString entityReplacement;

    for (aStr.BeginReading(iter);
         iter != done_reading;
         iter.advance(PRInt32(advanceLength))) {
      PRUint32 fragmentLength = iter.size_forward();
      PRUint32 lengthReplaced = 0; // the number of UTF-16 codepoints
                                    //  replaced by a particular entity
      const PRUnichar* c = iter.get();
      const PRUnichar* fragmentStart = c;
      const PRUnichar* fragmentEnd = c + fragmentLength;
      const char* entityText = nsnull;
      const char* fullConstEntityText = nsnull;
      char* fullEntityText = nsnull;

      advanceLength = 0;
      // for each character in this chunk, check if it
      // needs to be replaced
      for (; c < fragmentEnd; c++, advanceLength++) {
        PRUnichar val = *c;
        if (val <= kValNBSP && entityTable[val]) {
          fullConstEntityText = entityTable[val];
          break;
        } else if (val > 127 &&
                  ((val < 256 &&
                    mFlags & nsIDocumentEncoder::OutputEncodeLatin1Entities) ||
                    mFlags & nsIDocumentEncoder::OutputEncodeHTMLEntities)) {
          entityReplacement.Truncate();
          parserService->HTMLConvertUnicodeToEntity(val, entityReplacement);

          if (!entityReplacement.IsEmpty()) {
            entityText = entityReplacement.get();
            break;
          }
        }
        else if (val > 127 &&
                  mFlags & nsIDocumentEncoder::OutputEncodeW3CEntities &&
                  mEntityConverter) {
          if (NS_IS_HIGH_SURROGATE(val) &&
              c + 1 < fragmentEnd &&
              NS_IS_LOW_SURROGATE(*(c + 1))) {
            PRUint32 valUTF32 = SURROGATE_TO_UCS4(val, *(++c));
            if (NS_SUCCEEDED(mEntityConverter->ConvertUTF32ToEntity(valUTF32,
                              nsIEntityConverter::entityW3C, &fullEntityText))) {
              lengthReplaced = 2;
              break;
            }
            else {
              advanceLength++;
            }
          }
          else if (NS_SUCCEEDED(mEntityConverter->ConvertToEntity(val,
                                nsIEntityConverter::entityW3C, 
                                &fullEntityText))) {
            lengthReplaced = 1;
            break;
          }
        }
      }

      aOutputStr.Append(fragmentStart, advanceLength);
      if (entityText) {
        aOutputStr.Append(PRUnichar('&'));
        AppendASCIItoUTF16(entityText, aOutputStr);
        aOutputStr.Append(PRUnichar(';'));
        advanceLength++;
      }
      else if (fullConstEntityText) {
        aOutputStr.AppendASCII(fullConstEntityText);
        ++advanceLength;
      }
      // if it comes from nsIEntityConverter, it already has '&' and ';'
      else if (fullEntityText) {
        AppendASCIItoUTF16(fullEntityText, aOutputStr);
        nsMemory::Free(fullEntityText);
        advanceLength += lengthReplaced;
      }
    }
  } else {
    nsXMLContentSerializer::AppendAndTranslateEntities(aStr, aOutputStr);
  }
}
Ejemplo n.º 17
0
void
nsBlockAllMixedContentDirective::toString(nsAString& outStr) const
{
  outStr.AppendASCII(CSP_CSPDirectiveToString(
    nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT));
}
Ejemplo n.º 18
0
void
nsUpgradeInsecureDirective::toString(nsAString& outStr) const
{
  outStr.AppendASCII(CSP_CSPDirectiveToString(
    nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE));
}
bool
nsHTMLContentSerializer::AppendAndTranslateEntities(const nsAString& aStr,
                                                     nsAString& aOutputStr)
{
  if (mBodyOnly && !mInBody) {
    return true;
  }

  if (mDisableEntityEncoding) {
    return aOutputStr.Append(aStr, mozilla::fallible);
  }

  bool nonBasicEntities =
    !!(mFlags & (nsIDocumentEncoder::OutputEncodeLatin1Entities |
                 nsIDocumentEncoder::OutputEncodeHTMLEntities   |
                 nsIDocumentEncoder::OutputEncodeW3CEntities));

  if (!nonBasicEntities &&
      (mFlags & (nsIDocumentEncoder::OutputEncodeBasicEntities))) {
    const uint8_t* entityTable = mInAttribute ? kAttrEntities : kEntities;
    uint32_t start = 0;
    const uint32_t len = aStr.Length();
    for (uint32_t i = 0; i < len; ++i) {
      const char* entity = nullptr;
      i = FindNextBasicEntity(aStr, len, i, entityTable, &entity);
      uint32_t normalTextLen = i - start; 
      if (normalTextLen) {
        NS_ENSURE_TRUE(aOutputStr.Append(Substring(aStr, start, normalTextLen),
                                         mozilla::fallible), false);
      }
      if (entity) {
        NS_ENSURE_TRUE(aOutputStr.AppendASCII(entity, mozilla::fallible), false);
        start = i + 1;
      }
    }
    return true;
  } else if (nonBasicEntities) {
    nsIParserService* parserService = nsContentUtils::GetParserService();

    if (!parserService) {
      NS_ERROR("Can't get parser service");
      return true;
    }

    nsReadingIterator<char16_t> done_reading;
    aStr.EndReading(done_reading);

    // for each chunk of |aString|...
    uint32_t advanceLength = 0;
    nsReadingIterator<char16_t> iter;

    const uint8_t* entityTable = mInAttribute ? kAttrEntities : kEntities;
    nsAutoCString entityReplacement;

    for (aStr.BeginReading(iter);
         iter != done_reading;
         iter.advance(int32_t(advanceLength))) {
      uint32_t fragmentLength = done_reading - iter;
      uint32_t lengthReplaced = 0; // the number of UTF-16 codepoints
                                    //  replaced by a particular entity
      const char16_t* c = iter.get();
      const char16_t* fragmentStart = c;
      const char16_t* fragmentEnd = c + fragmentLength;
      const char* entityText = nullptr;
      const char* fullConstEntityText = nullptr;
      char* fullEntityText = nullptr;

      advanceLength = 0;
      // for each character in this chunk, check if it
      // needs to be replaced
      for (; c < fragmentEnd; c++, advanceLength++) {
        char16_t val = *c;
        if (val <= kValNBSP && entityTable[val]) {
          fullConstEntityText = kEntityStrings[entityTable[val]];
          break;
        } else if (val > 127 &&
                  ((val < 256 &&
                    mFlags & nsIDocumentEncoder::OutputEncodeLatin1Entities) ||
                    mFlags & nsIDocumentEncoder::OutputEncodeHTMLEntities)) {
          entityReplacement.Truncate();
          parserService->HTMLConvertUnicodeToEntity(val, entityReplacement);

          if (!entityReplacement.IsEmpty()) {
            entityText = entityReplacement.get();
            break;
          }
        }
        else if (val > 127 &&
                  mFlags & nsIDocumentEncoder::OutputEncodeW3CEntities &&
                  mEntityConverter) {
          if (NS_IS_HIGH_SURROGATE(val) &&
              c + 1 < fragmentEnd &&
              NS_IS_LOW_SURROGATE(*(c + 1))) {
            uint32_t valUTF32 = SURROGATE_TO_UCS4(val, *(++c));
            if (NS_SUCCEEDED(mEntityConverter->ConvertUTF32ToEntity(valUTF32,
                              nsIEntityConverter::entityW3C, &fullEntityText))) {
              lengthReplaced = 2;
              break;
            }
            else {
              advanceLength++;
            }
          }
          else if (NS_SUCCEEDED(mEntityConverter->ConvertToEntity(val,
                                nsIEntityConverter::entityW3C, 
                                &fullEntityText))) {
            lengthReplaced = 1;
            break;
          }
        }
      }

      bool result = aOutputStr.Append(fragmentStart, advanceLength, mozilla::fallible);
      if (entityText) {
        NS_ENSURE_TRUE(aOutputStr.Append(char16_t('&'), mozilla::fallible), false);
        NS_ENSURE_TRUE(AppendASCIItoUTF16(entityText, aOutputStr, mozilla::fallible), false);
        NS_ENSURE_TRUE(aOutputStr.Append(char16_t(';'), mozilla::fallible), false);
        advanceLength++;
      }
      else if (fullConstEntityText) {
        NS_ENSURE_TRUE(aOutputStr.AppendASCII(fullConstEntityText, mozilla::fallible), false);
        ++advanceLength;
      }
      // if it comes from nsIEntityConverter, it already has '&' and ';'
      else if (fullEntityText) {
        bool ok = AppendASCIItoUTF16(fullEntityText, aOutputStr, mozilla::fallible);
        free(fullEntityText);
        advanceLength += lengthReplaced;
        NS_ENSURE_TRUE(ok, false);
      }
      NS_ENSURE_TRUE(result, false);
    }
  } else {
    NS_ENSURE_TRUE(nsXMLContentSerializer::AppendAndTranslateEntities(aStr, aOutputStr), false);
  }

  return true;
}
Ejemplo n.º 20
0
void
nsCSPKeywordSrc::toString(nsAString& outStr) const
{
  outStr.AppendASCII(CSP_EnumToKeyword(mKeyword));
}