Unverified Commit 99096c5e authored by sanketh's avatar sanketh Committed by Matthew Finkel
Browse files

Bug 1673237 - Always allow SVGs on about: pages r=acat,tjr,emilio 

- Updated layout/svg/tests/test_disabled.html to ensure that this doesn't allow
  rendering SVGs on about:blank and about:srcdoc.

Differential Revision: https://phabricator.services.mozilla.com/D95139
parent 48b54eef

dom/base/nsNodeInfoManager.cpp

+11 −7
Original line number Diff line number Diff line
@@ -352,9 +352,12 @@ void nsNodeInfoManager::RemoveNodeInfo(NodeInfo* aNodeInfo) { 
  MOZ_ASSERT(ret, "Can't find mozilla::dom::NodeInfo to remove!!!");

}



static bool IsSystemOrAddonPrincipal(nsIPrincipal* aPrincipal) {

static bool IsSystemOrAddonOrAboutPrincipal(nsIPrincipal* aPrincipal) {

  return aPrincipal->IsSystemPrincipal() ||

         BasePrincipal::Cast(aPrincipal)->AddonPolicy();

         BasePrincipal::Cast(aPrincipal)->AddonPolicy() ||

         // NOTE: about:blank and about:srcdoc inherit the principal of their

         // parent, so aPrincipal->SchemeIs("about") returns false for them.

         aPrincipal->SchemeIs("about");

}



bool nsNodeInfoManager::InternalSVGEnabled() {
@@ -375,17 +378,18 @@ bool nsNodeInfoManager::InternalSVGEnabled() { 
  }



  // We allow SVG (regardless of the pref) if this is a system or add-on

  // principal, or if this load was requested for a system or add-on principal

  // (e.g. a remote image being served as part of system or add-on UI)

  // principal or about: page, or if this load was requested for a system or

  // add-on principal or about: page (e.g. a remote image being served as part

  // of system or add-on UI or about: page)

  bool conclusion =

      (SVGEnabled || IsSystemOrAddonPrincipal(mPrincipal) ||

      (SVGEnabled || IsSystemOrAddonOrAboutPrincipal(mPrincipal) ||

       (loadInfo &&

        (loadInfo->GetExternalContentPolicyType() ==

             nsIContentPolicy::TYPE_IMAGE ||

         loadInfo->GetExternalContentPolicyType() ==

             nsIContentPolicy::TYPE_OTHER) &&

        (IsSystemOrAddonPrincipal(loadInfo->GetLoadingPrincipal()) ||

         IsSystemOrAddonPrincipal(loadInfo->TriggeringPrincipal()))));

        (IsSystemOrAddonOrAboutPrincipal(loadInfo->GetLoadingPrincipal()) ||

         IsSystemOrAddonOrAboutPrincipal(loadInfo->TriggeringPrincipal()))));

  mSVGEnabled = Some(conclusion);

  return conclusion;

}

layout/svg/tests/file_disabled_iframe.html

+30 −1
Original line number Diff line number Diff line
@@ -48,5 +48,34 @@ 
  t.firstChild.firstChild.textContent = "1&2<3>4\xA0";

  is(t.innerHTML, '<svg><style>1&amp;2&lt;3&gt;4&nbsp;\u003C/style></svg>');



  //

  // Tests for Bug 1673237

  //



  // This test fails if about:blank renders SVGs

  t.innerHTML = null;

  var iframe = document.createElement("iframe");

  iframe.setAttribute("src", "about:blank")

  t.appendChild(iframe);

  iframe.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg"));

  iframe.firstChild.textContent = "<foo>";

  is(iframe.innerHTML, "<svg:svg>&lt;foo&gt;</svg:svg>");



  // This test fails if about:blank renders SVGs

  var win = window.open("about:blank");

  win.document.body.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg"))

  win.document.body.firstChild.textContent = "<foo>";

  is(win.document.body.innerHTML, "<svg:svg>&lt;foo&gt;</svg:svg>");

  win.close();



  // This test fails if about:srcdoc renders SVGs

  t.innerHTML = null;

  iframe = document.createElement("iframe");

  iframe.srcdoc = "<svg:svg></svg:svg>";

  iframe.onload = function() {

    iframe.contentDocument.body.firstChild.textContent = "<foo>";

    is(iframe.contentDocument.body.innerHTML, "<svg:svg>&lt;foo&gt;</svg:svg>");

    SimpleTest.finish();

  }

  t.appendChild(iframe);

</script>