NS_IMETHODIMP CompareCache::OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext, nsresult aStatus, uint32_t aLen, const uint8_t* aString) { AssertIsOnMainThread(); if (mAborted) { return aStatus; } if (NS_WARN_IF(NS_FAILED(aStatus))) { mManager->CacheFinished(aStatus, false); return aStatus; } char16_t* buffer = nullptr; size_t len = 0; nsresult rv = nsScriptLoader::ConvertToUTF16(nullptr, aString, aLen, NS_LITERAL_STRING("UTF-8"), nullptr, buffer, len); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->CacheFinished(rv, false); return rv; } mBuffer.Adopt(buffer, len); mManager->CacheFinished(NS_OK, true); return NS_OK; }
/** Ensures basic sanity of attribute value. This function also (tries to :-( ) makes sure, that no unwanted / dangerous URLs appear in the document (like javascript: and data:). Pass the value as |aValue| arg. It will be modified in-place. If the value is not allowed at all, we return with NS_ERROR_ILLEGAL_VALUE. In that case, do not use the |aValue|, but output nothing. */ nsresult mozSanitizingHTMLSerializer::SanitizeAttrValue(nsHTMLTag aTag, const nsAString& anAttrName, nsString& aValue /*inout*/) { /* First, cut the attribute to 1000 chars. Attributes with values longer than 1000 chars seem bogus, considering that we don't support any JS. The longest attributes I can think of are URLs, and URLs with 1000 chars are likely to be bogus, too. */ aValue = Substring(aValue, 0, 1000); //aValue.Truncate(1000); //-- this cuts half of the document !!?!! aValue.Adopt(escape(aValue)); /* Check some known bad stuff. Add more! I don't care too much, if it happens to trigger in some innocent cases (like <img alt="Statistical data: Mortage rates and newspapers">) - security first. */ if (aValue.Find("javascript:") != kNotFound || aValue.Find("data:") != kNotFound || aValue.Find("base64") != kNotFound) return NS_ERROR_ILLEGAL_VALUE; // Check img src scheme if (aTag == eHTMLTag_img && anAttrName.LowerCaseEqualsLiteral("src")) { nsresult rv; nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv); NS_ENSURE_SUCCESS(rv, rv); nsCAutoString scheme; rv = ioService->ExtractScheme(NS_LossyConvertUTF16toASCII(aValue), scheme); NS_ENSURE_SUCCESS(rv, rv); if (!scheme.Equals("cid", nsCaseInsensitiveCStringComparator())) return NS_ERROR_ILLEGAL_VALUE; } #ifdef DEBUG_BenB printf("attribute value for %s: -%s-\n", NS_LossyConvertUTF16toASCII(anAttrName).get(), NS_LossyConvertUTF16toASCII(aValue).get()); #endif return NS_OK; }
/*---------------------------------------------------------------------------- ConvertStringLineBreaks ----------------------------------------------------------------------------*/ nsresult nsLinebreakConverter::ConvertStringLineBreaks(nsString& aIoString, ELinebreakType aSrcBreaks, ELinebreakType aDestBreaks) { NS_ASSERTION(aDestBreaks != eLinebreakAny && aSrcBreaks != eLinebreakSpace, "Invalid parameter"); // nothing to do if (aIoString.IsEmpty()) { return NS_OK; } nsresult rv; // remember the old buffer in case // we blow it away later nsString::char_iterator stringBuf; aIoString.BeginWriting(stringBuf); int32_t newLen; rv = ConvertUnicharLineBreaksInSitu(&stringBuf, aSrcBreaks, aDestBreaks, aIoString.Length() + 1, &newLen); if (NS_FAILED(rv)) { return rv; } if (stringBuf != aIoString.get()) { aIoString.Adopt(stringBuf); } return NS_OK; }
NS_IMETHODIMP CompareNetwork::OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext, nsresult aStatus, uint32_t aLen, const uint8_t* aString) { AssertIsOnMainThread(); // If no channel, Abort() has been called. if (!mChannel) { return NS_OK; } if (NS_WARN_IF(NS_FAILED(aStatus))) { if (aStatus == NS_ERROR_REDIRECT_LOOP) { mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); } else { mManager->NetworkFinished(aStatus); } return NS_OK; } nsCOMPtr<nsIRequest> request; nsresult rv = aLoader->GetRequest(getter_AddRefs(request)); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request); if (httpChannel) { bool requestSucceeded; rv = httpChannel->GetRequestSucceeded(&requestSucceeded); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } if (NS_WARN_IF(!requestSucceeded)) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } nsAutoCString maxScope; // Note: we explicitly don't check for the return value here, because the // absence of the header is not an error condition. unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Service-Worker-Allowed"), maxScope); mManager->SetMaxScope(maxScope); bool isFromCache = false; nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(httpChannel)); if (cacheChannel) { cacheChannel->IsFromCache(&isFromCache); } // [9.2 Update]4.13, If response's cache state is not "local", // set registration's last update check time to the current time if (!isFromCache) { RefPtr<ServiceWorkerRegistrationInfo> registration = mManager->GetRegistration(); registration->RefreshLastUpdateCheckTime(); } nsAutoCString mimeType; rv = httpChannel->GetContentType(mimeType); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); return rv; } if (!mimeType.LowerCaseEqualsLiteral("text/javascript") && !mimeType.LowerCaseEqualsLiteral("application/x-javascript") && !mimeType.LowerCaseEqualsLiteral("application/javascript")) { mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); return rv; } } else { // The only supported request schemes are http, https, and app. // Above, we check to ensure that the request is http or https // based on the channel qi. Here we test the scheme to ensure // that it is app. Otherwise, bail. nsCOMPtr<nsIChannel> channel = do_QueryInterface(request); if (NS_WARN_IF(!channel)) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } nsCOMPtr<nsIURI> uri; rv = channel->GetURI(getter_AddRefs(uri)); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } nsAutoCString scheme; rv = uri->GetScheme(scheme); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } if (NS_WARN_IF(!scheme.LowerCaseEqualsLiteral("app"))) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } } char16_t* buffer = nullptr; size_t len = 0; rv = nsScriptLoader::ConvertToUTF16(httpChannel, aString, aLen, NS_LITERAL_STRING("UTF-8"), nullptr, buffer, len); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return rv; } mBuffer.Adopt(buffer, len); mManager->NetworkFinished(NS_OK); return NS_OK; }
/** Similar to SanitizeAttrValue. */ nsresult mozSanitizingHTMLSerializer::SanitizeTextNode(nsString& aText /*inout*/) { aText.Adopt(escape(aText)); return NS_OK; }
NS_IMETHODIMP CompareNetwork::OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext, nsresult aStatus, uint32_t aLen, const uint8_t* aString) { AssertIsOnMainThread(); // If no channel, Abort() has been called. if (!mChannel) { return NS_OK; } if (NS_WARN_IF(NS_FAILED(aStatus))) { mManager->NetworkFinished(aStatus); return NS_OK; } nsCOMPtr<nsIRequest> request; nsresult rv = aLoader->GetRequest(getter_AddRefs(request)); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request); if (httpChannel) { bool requestSucceeded; rv = httpChannel->GetRequestSucceeded(&requestSucceeded); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } if (!requestSucceeded) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } nsAutoCString maxScope; // Note: we explicitly don't check for the return value here, because the // absense of the header is not an error condition. unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Service-Worker-Allowed"), maxScope); mManager->SetMaxScope(maxScope); } else { // The only supported request schemes are http, https, and app. // Above, we check to ensure that the request is http or https // based on the channel qi. Here we test the scheme to ensure // that it is app. Otherwise, bail. nsCOMPtr<nsIChannel> channel = do_QueryInterface(request); if (NS_WARN_IF(!channel)) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } nsCOMPtr<nsIURI> uri; rv = channel->GetURI(getter_AddRefs(uri)); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } nsAutoCString scheme; rv = uri->GetScheme(scheme); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } if (!scheme.LowerCaseEqualsLiteral("app")) { mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } } // FIXME(nsm): "Extract mime type..." char16_t* buffer = nullptr; size_t len = 0; rv = nsScriptLoader::ConvertToUTF16(httpChannel, aString, aLen, NS_LITERAL_STRING("UTF-8"), nullptr, buffer, len); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return rv; } mBuffer.Adopt(buffer, len); mManager->NetworkFinished(NS_OK); return NS_OK; }
NS_IMETHODIMP CompareNetwork::OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext, nsresult aStatus, uint32_t aLen, const uint8_t* aString) { AssertIsOnMainThread(); // If no channel, Abort() has been called. if (!mChannel) { return NS_OK; } if (NS_WARN_IF(NS_FAILED(aStatus))) { if (aStatus == NS_ERROR_REDIRECT_LOOP) { mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); } else { mManager->NetworkFinished(aStatus); } return NS_OK; } nsCOMPtr<nsIRequest> request; nsresult rv = aLoader->GetRequest(getter_AddRefs(request)); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request); MOZ_ASSERT(httpChannel, "How come we don't have an HTTP channel?"); bool requestSucceeded; rv = httpChannel->GetRequestSucceeded(&requestSucceeded); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return NS_OK; } if (NS_WARN_IF(!requestSucceeded)) { // Get the stringified numeric status code, not statusText which could be // something misleading like OK for a 404. uint32_t status = 0; httpChannel->GetResponseStatus(&status); // don't care if this fails, use 0. nsAutoString statusAsText; statusAsText.AppendInt(status); RefPtr<ServiceWorkerRegistrationInfo> registration = mManager->GetRegistration(); ServiceWorkerManager::LocalizeAndReportToAllClients( registration->mScope, "ServiceWorkerRegisterNetworkError", nsTArray<nsString> { NS_ConvertUTF8toUTF16(registration->mScope), statusAsText, mManager->URL() }); mManager->NetworkFinished(NS_ERROR_FAILURE); return NS_OK; } nsAutoCString maxScope; // Note: we explicitly don't check for the return value here, because the // absence of the header is not an error condition. Unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Service-Worker-Allowed"), maxScope); mManager->SetMaxScope(maxScope); bool isFromCache = false; nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(httpChannel)); if (cacheChannel) { cacheChannel->IsFromCache(&isFromCache); } // [9.2 Update]4.13, If response's cache state is not "local", // set registration's last update check time to the current time if (!isFromCache) { RefPtr<ServiceWorkerRegistrationInfo> registration = mManager->GetRegistration(); registration->RefreshLastUpdateCheckTime(); } nsAutoCString mimeType; rv = httpChannel->GetContentType(mimeType); if (NS_WARN_IF(NS_FAILED(rv))) { // We should only end up here if !mResponseHead in the channel. If headers // were received but no content type was specified, we'll be given // UNKNOWN_CONTENT_TYPE "application/x-unknown-content-type" and so fall // into the next case with its better error message. mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); return rv; } if (!mimeType.LowerCaseEqualsLiteral("text/javascript") && !mimeType.LowerCaseEqualsLiteral("application/x-javascript") && !mimeType.LowerCaseEqualsLiteral("application/javascript")) { RefPtr<ServiceWorkerRegistrationInfo> registration = mManager->GetRegistration(); ServiceWorkerManager::LocalizeAndReportToAllClients( registration->mScope, "ServiceWorkerRegisterMimeTypeError", nsTArray<nsString> { NS_ConvertUTF8toUTF16(registration->mScope), NS_ConvertUTF8toUTF16(mimeType), mManager->URL() }); mManager->NetworkFinished(NS_ERROR_DOM_SECURITY_ERR); return rv; } char16_t* buffer = nullptr; size_t len = 0; rv = nsScriptLoader::ConvertToUTF16(httpChannel, aString, aLen, NS_LITERAL_STRING("UTF-8"), nullptr, buffer, len); if (NS_WARN_IF(NS_FAILED(rv))) { mManager->NetworkFinished(rv); return rv; } mBuffer.Adopt(buffer, len); mManager->NetworkFinished(NS_OK); return NS_OK; }
void nsImportStringBundle::GetStringByName(const char *aName, nsIStringBundle *aBundle, nsString &aResult) { aResult.Adopt(GetStringByName(aName, aBundle)); }
void nsImportStringBundle::GetStringByID(PRInt32 aStringID, nsIStringBundle *aBundle, nsString &aResult) { aResult.Adopt(GetStringByID(aStringID, aBundle)); }
void nsOEStringBundle::GetStringByID(int32_t stringID, nsString& result) { char16_t *ptrv = GetStringByID(stringID); result.Adopt(ptrv); }