diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /dom/security/sanitizer/Sanitizer.cpp | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/sanitizer/Sanitizer.cpp')
-rw-r--r-- | dom/security/sanitizer/Sanitizer.cpp | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/dom/security/sanitizer/Sanitizer.cpp b/dom/security/sanitizer/Sanitizer.cpp new file mode 100644 index 0000000000..9d087523ff --- /dev/null +++ b/dom/security/sanitizer/Sanitizer.cpp @@ -0,0 +1,187 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "BindingDeclarations.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DocumentFragment.h" +#include "mozilla/dom/SanitizerBinding.h" +#include "nsContentUtils.h" +#include "nsGenericHTMLElement.h" +#include "nsTreeSanitizer.h" +#include "Sanitizer.h" + +namespace mozilla::dom { + +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Sanitizer, mGlobal) + +NS_IMPL_CYCLE_COLLECTING_ADDREF(Sanitizer) +NS_IMPL_CYCLE_COLLECTING_RELEASE(Sanitizer) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Sanitizer) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +JSObject* Sanitizer::WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) { + return Sanitizer_Binding::Wrap(aCx, this, aGivenProto); +} + +/* static */ +already_AddRefed<Sanitizer> Sanitizer::New(nsIGlobalObject* aGlobal, + const SanitizerConfig& aOptions, + ErrorResult& aRv) { + nsTreeSanitizer treeSanitizer(nsIParserUtils::SanitizerAllowStyle); + treeSanitizer.WithWebSanitizerOptions(aGlobal, aOptions, aRv); + if (aRv.Failed()) { + return nullptr; + } + + RefPtr<Sanitizer> sanitizer = + new Sanitizer(aGlobal, std::move(treeSanitizer)); + return sanitizer.forget(); +} + +/* static */ +already_AddRefed<Sanitizer> Sanitizer::Constructor( + const GlobalObject& aGlobal, const SanitizerConfig& aOptions, + ErrorResult& aRv) { + nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports()); + return New(global, aOptions, aRv); +} + +/* static */ +already_AddRefed<DocumentFragment> Sanitizer::InputToNewFragment( + const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) { + // turns an DocumentFragmentOrDocument into a new DocumentFragment for + // internal use with nsTreeSanitizer + + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); + if (!window || !window->GetDoc()) { + // FIXME: Should we throw another exception? + aRv.Throw(NS_ERROR_FAILURE); + return nullptr; + } + + // We need to create a new docfragment based on the input + // and can't use a live document (possibly with mutation observershandlers) + nsAutoString innerHTML; + if (aInput.IsDocumentFragment()) { + RefPtr<DocumentFragment> inFragment = &aInput.GetAsDocumentFragment(); + inFragment->GetInnerHTML(innerHTML); + } else if (aInput.IsDocument()) { + RefPtr<Document> doc = &aInput.GetAsDocument(); + nsCOMPtr<Element> docElement = doc->GetDocumentElement(); + if (docElement) { + docElement->GetInnerHTML(innerHTML, IgnoreErrors()); + } + } + if (innerHTML.IsEmpty()) { + AutoTArray<nsString, 1> params = {}; + LogLocalizedString("SanitizerRcvdNoInput", params, + nsIScriptError::warningFlag); + + RefPtr<DocumentFragment> emptyFragment = + window->GetDoc()->CreateDocumentFragment(); + return emptyFragment.forget(); + } + // Create an inert HTML document, loaded as data. + // this ensures we do not cause any requests. + RefPtr<Document> emptyDoc = + nsContentUtils::CreateInertHTMLDocument(window->GetDoc()); + if (!emptyDoc) { + aRv.Throw(NS_ERROR_FAILURE); + return nullptr; + } + // We don't have a context element yet. let's create a mock HTML body element + RefPtr<mozilla::dom::NodeInfo> info = + emptyDoc->NodeInfoManager()->GetNodeInfo( + nsGkAtoms::body, nullptr, kNameSpaceID_XHTML, nsINode::ELEMENT_NODE); + + nsCOMPtr<nsINode> context = NS_NewHTMLBodyElement( + info.forget(), mozilla::dom::FromParser::FROM_PARSER_FRAGMENT); + RefPtr<DocumentFragment> fragment = nsContentUtils::CreateContextualFragment( + context, innerHTML, true /* aPreventScriptExecution */, aRv); + if (aRv.Failed()) { + aRv.ThrowInvalidStateError("Could not parse input"); + return nullptr; + } + return fragment.forget(); +} + +already_AddRefed<DocumentFragment> Sanitizer::Sanitize( + const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) { + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); + if (!window || !window->GetDoc()) { + aRv.Throw(NS_ERROR_FAILURE); + return nullptr; + } + RefPtr<DocumentFragment> fragment = + Sanitizer::InputToNewFragment(aInput, aRv); + if (aRv.Failed()) { + return nullptr; + } + + mTreeSanitizer.Sanitize(fragment); + return fragment.forget(); +} + +RefPtr<DocumentFragment> Sanitizer::SanitizeFragment( + RefPtr<DocumentFragment> aFragment, ErrorResult& aRv) { + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); + if (!window || !window->GetDoc()) { + aRv.Throw(NS_ERROR_FAILURE); + return nullptr; + } + // FIXME(freddyb) + // (how) can we assert that the supplied doc is indeed inert? + mTreeSanitizer.Sanitize(aFragment); + return aFragment.forget(); +} + +/* ------ Logging ------ */ + +void Sanitizer::LogLocalizedString(const char* aName, + const nsTArray<nsString>& aParams, + uint32_t aFlags) { + uint64_t innerWindowID = 0; + bool isPrivateBrowsing = true; + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); + if (window && window->GetDoc()) { + auto* doc = window->GetDoc(); + innerWindowID = doc->InnerWindowID(); + isPrivateBrowsing = nsContentUtils::IsInPrivateBrowsing(doc); + } + nsAutoString logMsg; + nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES, + aName, aParams, logMsg); + LogMessage(logMsg, aFlags, innerWindowID, isPrivateBrowsing); +} + +/* static */ +void Sanitizer::LogMessage(const nsAString& aMessage, uint32_t aFlags, + uint64_t aInnerWindowID, bool aFromPrivateWindow) { + // Prepending 'Sanitizer' to the outgoing console message + nsString message; + message.AppendLiteral(u"Sanitizer: "); + message.Append(aMessage); + + // Allow for easy distinction in devtools code. + constexpr auto category = "Sanitizer"_ns; + + if (aInnerWindowID > 0) { + // Send to content console + nsContentUtils::ReportToConsoleByWindowID(message, aFlags, category, + aInnerWindowID); + } else { + // Send to browser console + nsContentUtils::LogSimpleConsoleError(message, category, aFromPrivateWindow, + true /* from chrome context */, + aFlags); + } +} + +} // namespace mozilla::dom |