Commit afca3454 authored by Kathleen Brade's avatar Kathleen Brade Committed by Georg Koppen
Browse files

Bug 12827: Create preference to disable SVG. 

If the svg.in-content.enabled preference is false, disallow all use of
SVG within content pages.

In the following situations it is very difficult to determine if code
is executing within a chrome context or not:
  SVG hasFeature() API.
  SVG hasExtension() API.
  Use of SVG glyphs within custom OpenType fonts.
In these cases, everything is assumed to be content; that is, setting
the pref. to false will block use of the above features from chrome
as well. This is OK because these features are unlikely to be used by
core browser code.
parent 6167067a

dom/base/nsNameSpaceManager.cpp

+2 −1
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
#include "nsContentCreatorFunctions.h"

#include "nsString.h"

#include "mozilla/dom/NodeInfo.h"

#include "nsSVGUtils.h"

#include "mozilla/ClearOnShutdown.h"

#include "mozilla/dom/XBLChildrenElement.h"

#include "mozilla/dom/Element.h"
@@ -179,7 +180,7 @@ NS_NewElement(Element** aResult, 
          kNameSpaceID_XML, ni->NodeType(), ni->GetExtraName());

    return NS_NewXMLElement(aResult, genericXMLNI.forget());

  }

  if (ns == kNameSpaceID_SVG) {

  if (ns == kNameSpaceID_SVG && NS_SVGEnabled(ni->GetDocument())) {

    return NS_NewSVGElement(aResult, ni.forget(), aFromParser);

  }

  if (ns == kNameSpaceID_XBL && ni->Equals(nsGkAtoms::children)) {

dom/base/nsObjectLoadingContent.cpp

+13 −3
Original line number Diff line number Diff line
@@ -56,6 +56,7 @@ 
#include "nsMimeTypes.h"

#include "nsStyleUtil.h"

#include "nsUnicharUtils.h"

#include "nsSVGUtils.h"

#include "mozilla/Preferences.h"

#include "nsSandboxFlags.h"
@@ -2671,10 +2672,19 @@ nsObjectLoadingContent::GetTypeOfContent(const nsCString& aMIMEType) 


  // SVGs load as documents, but are their own capability

  bool isSVG = aMIMEType.LowerCaseEqualsLiteral("image/svg+xml");

  bool isSVGEnabled = false;

  if (isSVG) {

    nsCOMPtr<nsIContent> thisContent =

              do_QueryInterface(static_cast<nsIImageLoadingContent*>(this));

    isSVGEnabled = NS_SVGEnabled(thisContent->OwnerDoc());

  }



  if (isSVGEnabled || !isSVG) {

    Capabilities supportType = isSVG ? eSupportSVG : eSupportDocuments;

    if ((caps & supportType) && IsSupportedDocument(aMIMEType)) {

      return eType_Document;

    }

  }



  if (caps & eSupportPlugins && PluginExistsForType(aMIMEType.get())) {

    // ShouldPlay will handle checking for disabled plugins

dom/svg/nsSVGFeatures.cpp

+13 −0
Original line number Diff line number Diff line
@@ -13,6 +13,7 @@ 
 */



#include "nsSVGFeatures.h"

#include "nsSVGUtils.h"

#include "nsIContent.h"

#include "nsIDocument.h"

#include "mozilla/Preferences.h"
@@ -22,6 +23,12 @@ using namespace mozilla; 
/*static*/ bool

nsSVGFeatures::HasFeature(nsISupports* aObject, const nsAString& aFeature)

{

  // Since we do not have access to the document here we pass nullptr, which

  // means only the svg.in-content.enabled pref is checked. This is OK since

  // we do not expect chrome code to use the HasFeature() API.

  if (!NS_SVGEnabled(nullptr))

    return false;



  if (aFeature.EqualsLiteral("http://www.w3.org/TR/SVG11/feature#Script")) {

    nsCOMPtr<nsIContent> content(do_QueryInterface(aObject));

    if (content) {
@@ -44,6 +51,12 @@ nsSVGFeatures::HasFeature(nsISupports* aObject, const nsAString& aFeature) 
/*static*/ bool

nsSVGFeatures::HasExtension(const nsAString& aExtension)

{

  // Since we do not have access to the document here we pass nullptr, which

  // means only the svg.in-content.enabled pref is checked. This is OK since

  // we do not expect chrome code to use the HasExtension() API.

  if (!NS_SVGEnabled(nullptr))

    return false;



#define SVG_SUPPORTED_EXTENSION(str) if (aExtension.EqualsLiteral(str)) return true;

  SVG_SUPPORTED_EXTENSION("http://www.w3.org/1999/xhtml")

  SVG_SUPPORTED_EXTENSION("http://www.w3.org/1998/Math/MathML")

dom/xml/nsXMLContentSink.cpp

+9 −3
Original line number Diff line number Diff line
@@ -473,8 +473,10 @@ nsXMLContentSink::CreateElement(const char16_t** aAtts, uint32_t aAttsCount, 
      || aNodeInfo->Equals(nsGkAtoms::script, kNameSpaceID_SVG)

    ) {

    nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(content);

    if (sele) {

      sele->SetScriptLineNumber(aLineNumber);

      sele->SetCreatorParser(GetParser());

    }

    mConstrainSize = false;

  }
@@ -556,6 +558,7 @@ nsXMLContentSink::CloseElement(nsIContent* aContent) 
    nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent);



    if (mPreventScriptExecution) {

      if (sele)

        sele->PreventExecution();

      return NS_OK;

    }
@@ -563,6 +566,9 @@ nsXMLContentSink::CloseElement(nsIContent* aContent) 
    // Always check the clock in nsContentSink right after a script

    StopDeflecting();



    if (!sele)

      return NS_OK;



    // Now tell the script that it's ready to go. This may execute the script

    // or return true, or neither if the script doesn't need executing.

    bool block = sele->AttemptToExecute();

dom/xml/nsXMLFragmentContentSink.cpp

+2 −2
Original line number Diff line number Diff line
@@ -230,7 +230,7 @@ nsXMLFragmentContentSink::CloseElement(nsIContent* aContent) 
  if (mPreventScriptExecution && aContent->Tag() == nsGkAtoms::script &&

      (aContent->IsHTML() || aContent->IsSVG())) {

    nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent);

    NS_ASSERTION(sele, "script did QI correctly!");

    if (sele)

      sele->PreventExecution();

  }

  return NS_OK;