From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- browser/components/uitour/UITourChild.sys.mjs | 124 ++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 browser/components/uitour/UITourChild.sys.mjs (limited to 'browser/components/uitour/UITourChild.sys.mjs') diff --git a/browser/components/uitour/UITourChild.sys.mjs b/browser/components/uitour/UITourChild.sys.mjs new file mode 100644 index 0000000000..65ef20931b --- /dev/null +++ b/browser/components/uitour/UITourChild.sys.mjs @@ -0,0 +1,124 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const PREF_TEST_WHITELIST = "browser.uitour.testingOrigins"; +const UITOUR_PERMISSION = "uitour"; + +export class UITourChild extends JSWindowActorChild { + handleEvent(event) { + if (!Services.prefs.getBoolPref("browser.uitour.enabled")) { + return; + } + if (!this.ensureTrustedOrigin()) { + return; + } + + this.sendAsyncMessage("UITour:onPageEvent", { + detail: event.detail, + type: event.type, + pageVisibilityState: this.document.visibilityState, + }); + } + + isTestingOrigin(aURI) { + if ( + Services.prefs.getPrefType(PREF_TEST_WHITELIST) != + Services.prefs.PREF_STRING + ) { + return false; + } + + // Add any testing origins (comma-seperated) to the whitelist for the session. + for (let origin of Services.prefs + .getCharPref(PREF_TEST_WHITELIST) + .split(",")) { + try { + let testingURI = Services.io.newURI(origin); + if (aURI.prePath == testingURI.prePath) { + return true; + } + } catch (ex) { + console.error(ex); + } + } + return false; + } + + // This function is copied from UITour.sys.mjs. + isSafeScheme(aURI) { + let allowedSchemes = new Set(["https", "about"]); + if (!Services.prefs.getBoolPref("browser.uitour.requireSecure")) { + allowedSchemes.add("http"); + } + + if (!allowedSchemes.has(aURI.scheme)) { + return false; + } + + return true; + } + + ensureTrustedOrigin() { + if (this.browsingContext.top != this.browsingContext) { + return false; + } + + let uri = this.document.documentURIObject; + + if (uri.schemeIs("chrome")) { + return true; + } + + if (!this.isSafeScheme(uri)) { + return false; + } + + let principal = Services.scriptSecurityManager.principalWithOA( + this.document.nodePrincipal, + {} + ); + let permission = Services.perms.testPermissionFromPrincipal( + principal, + UITOUR_PERMISSION + ); + if (permission == Services.perms.ALLOW_ACTION) { + return true; + } + + // Bug 1557153: To allow Skyline messaging, workaround for UNKNOWN_ACTION + // overriding browser/app/permissions default + // Bug 1837407: Do a similar thing for support.mozilla.org for the same + // underlying issue (bug 1579517). + return ( + uri.host == "www.mozilla.org" || + uri.host == "support.mozilla.org" || + this.isTestingOrigin(uri) + ); + } + + receiveMessage(aMessage) { + switch (aMessage.name) { + case "UITour:SendPageCallback": + this.sendPageEvent("Response", aMessage.data); + break; + case "UITour:SendPageNotification": + this.sendPageEvent("Notification", aMessage.data); + break; + } + } + + sendPageEvent(type, detail) { + if (!this.ensureTrustedOrigin()) { + return; + } + + let win = this.contentWindow; + let eventName = "mozUITour" + type; + let event = new win.CustomEvent(eventName, { + bubbles: true, + detail: Cu.cloneInto(detail, win), + }); + win.document.dispatchEvent(event); + } +} -- cgit v1.2.3