Bug 1725766 - Disallow view-source URI to open external apps, r=necko-reviewers,dragana (0ae88a03) · Commits · The Tor Project / Applications / Mullvad Browser

netwerk/protocol/viewsource/nsViewSourceHandler.cpp

+21 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@

		#include "nsViewSourceHandler.h"
		#include "nsViewSourceChannel.h"
		#include "nsIExternalProtocolHandler.h"
		#include "nsNetUtil.h"
		#include "nsSimpleNestedURI.h"

		@@ -81,6 +82,26 @@ nsresult nsViewSourceHandler::CreateNewURI(const nsACString& aSpec,
		aCharset, aBaseURI);
		if (NS_FAILED(rv)) return rv;

		nsCOMPtr<nsIIOService> ios = do_GetIOService(&rv);
		if (NS_FAILED(rv)) {
		return rv;
		}

		nsAutoCString scheme;
		innerURI->GetScheme(scheme);
		nsCOMPtr<nsIProtocolHandler> handler;
		rv = ios->GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
		if (NS_FAILED(rv)) {
		return rv;
		}

		nsCOMPtr<nsIExternalProtocolHandler> externalHandler =
		do_QueryInterface(handler);
		// We should not allow view-source to open any external app.
		if (externalHandler) {
		return NS_ERROR_MALFORMED_URI;
		}

		nsAutoCString asciiSpec;
		rv = innerURI->GetAsciiSpec(asciiSpec);
		if (NS_FAILED(rv)) return rv;

netwerk/test/unit/test_bug1725766.js

0 → 100644

+56 −0

Original line number	Diff line number	Diff line
		/* -- indent-tabs-mode: nil; js-indent-level: 2 -- */
		/* vim:set ts=2 sw=2 sts=2 et: */
		/* This Source Code Form is subject to the terms of the Mozilla Public
		* License, v. 2.0. If a copy of the MPL was not distributed with this
		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

		"use strict";

		const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");

		function makeChan(url) {
		let chan = NetUtil.newChannel({
		uri: url,
		loadUsingSystemPrincipal: true,
		contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
		}).QueryInterface(Ci.nsIHttpChannel);
		chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
		return chan;
		}

		function channelOpenPromise(chan, flags) {
		return new Promise(resolve => {
		function finish(req, buffer) {
		resolve([req, buffer]);
		}
		let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
		internal.setWaitForHTTPSSVCRecord();
		chan.asyncOpen(new ChannelListener(finish, null, flags));
		});
		}

		add_task(async function viewsourceExternalProtocol() {
		Assert.throws(
		() => makeChan("view-source:mailto:foo.example.com"),
		/NS_ERROR_MALFORMED_URI/
		);
		});

		add_task(async function viewsourceExternalProtocolRedirect() {
		let httpserv = new HttpServer();
		httpserv.registerPathHandler("/", function handler(metadata, response) {
		response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
		response.setHeader("Location", "mailto:foo@bar.com", false);

		var body = "Moved\n";
		response.bodyOutputStream.write(body, body.length);
		});
		httpserv.start(-1);

		let chan = makeChan(
		`view-source:http://127.0.0.1:${httpserv.identity.primaryPort}/`
		);
		let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE);
		Assert.equal(req.status, Cr.NS_ERROR_MALFORMED_URI);
		await httpserv.stop();
		});

netwerk/test/unit/xpcshell.ini

+1 −0

Original line number	Diff line number	Diff line
		@@ -537,3 +537,4 @@ run-sequentially = node server exceptions dont replay well
		[test_http3_direct_proxy.js]
		skip-if = tsan \|\| os =='android' \|\| socketprocess_networking
		run-sequentially = node server exceptions dont replay well
		[test_bug1725766.js]