t, triggeringPrincipal) { if (!uriString) { return ""; } // Strip leading and trailing whitespace, then try to create a // URI from the dropped string. If that succeeds, we're // dropping a URI and we need to do a security check to make // sure the source document can load the dropped URI. uriString = uriString.replace(/^\s*|\s*$/g, ""); // Apply URI fixup so that this validation prevents bad URIs even if the // similar fixup is applied later, especialy fixing typos up will convert // non-URI to URI. // We don't know if the uri comes from a private context, but luckily we // are only using fixedURI, so there's no risk to use the wrong search // engine. let fixupFlags = Ci.nsIURIFixup.FIXUP_FLAG_FIX_SCHEME_TYPOS | Ci.nsIURIFixup.FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP; let info = Services.uriFixup.getFixupURIInfo(uriString, fixupFlags); if (!info.fixedURI || info.keywordProviderName) { // Loading a keyword search should always be fine for all cases. return uriString; } let uri = info.fixedURI; let secMan = Services.scriptSecurityManager; let flags = secMan.STANDARD; if (disallowInherit) { flags |= secMan.DISALLOW_INHERIT_PRINCIPAL; } secMan.checkLoadURIWithPrincipal(triggeringPrincipal, uri, flags); // Once we validated, return the URI after fixup, instead of the original // uriString. return uri.spec; }, _getTriggeringPrincipalFromDataTransfer( aDataTransfer, fallbackToSystemPrincipal ) { let sourceNode = aDataTransfer.mozSourceNode; if ( sourceNode && (sourceNode.localName !== "browser" || sourceNode.namespaceURI !== "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul") ) { // Use sourceNode's principal only if the sourceNode is not browser. // // If sourceNode is browser, the actual triggering principal may be // differ than sourceNode's principal, since sourceNode's principal is // top level document's one and the drag may be triggered from a frame // with different principal. if (sourceNode.nodePrincipal) { return sourceNode.nodePrincipal; } } // First, fallback to mozTriggeringPrincipalURISpec that is set when the // drop comes from another content process. let principalURISpec = aDataTransfer.mozTriggeringPrincipalURISpec; if (!principalURISpec) { // Fallback to either system principal or file principal, supposing // the drop comes from outside of the browser, so that drops of file // URIs are always allowed. // // TODO: Investigate and describe the difference between them, // or use only one principal. (Bug 1367038) if (fallbackToSystemPrincipal) { return Services.scriptSecurityManager.getSystemPrincipal(); } principalURISpec = "file:///"; } return Services.scriptSecurityManager.createContentPrincipal( Services.io.newURI(principalURISpec), {} ); }, getTriggeringPrincipal(aEvent) { let dataTransfer = aEvent.dataTransfer; return this._getTriggeringPrincipalFromDataTransfer(dataTransfer, true); }, getPolicyContainer(aEvent) { let sourceNode = aEvent.dataTransfer.mozSourceNode; if (aEvent.dataTransfer.policyContainer !== null) { return aEvent.dataTransfer.policyContainer; } if ( sourceNode && (sourceNode.localName !== "browser" || sourceNode.namespaceURI !== "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul") ) { // Use sourceNode's policyContainer only if the sourceNode is not browser. // // If sourceNode is browser, the actual triggering policyContainer may be differ than sourceNode's policyContainer, // since sourceNode's policyContainer is top level document's one and the drag may be triggered from a // frame with different policyContainer. return sourceNode.policyContainer; } return null; }, canDropLink(aEvent, aAllowSameDocument) { if (this._eventTargetIsDisabled(aEvent)) { return false; } let dataTransfer = aEvent.dataTransfer; let types = dataTransfer.types; if ( !types.includes("application/x-moz-file") && !types.includes("text/x-moz-url") && !types.includes("text/uri-list") && !types.includes("text/x-moz-text-internal") && !types.includes("text/plain") ) { return false; } if (aAllowSameDocument) { return true; } // If this is an external drag, allow drop. let sourceTopWC = dataTransfer.sourceTopWindowContext; if (!sourceTopWC) { return true; } // If drag source and drop target are in the same top window, don't allow. let eventWC = aEvent.originalTarget.ownerGlobal.browsingContext.currentWindowContext; if (eventWC && sourceTopWC == eventWC.topWindowContext) { return false; } return true; }, dropLinks(aEvent, aDisallowInherit) { if (aEvent && this._eventTargetIsDisabled(aEvent)) { return []; } let dataTransfer = aEvent.dataTransfer; let links = this._getDropLinks(dataTransfer); let triggeringPrincipal = this._getTriggeringPrincipalFromDataTransfer( dataTransfer, false ); for (let link of links) { try { link.url = this._validateURI( dataTransfer, link.url, aDisallowInherit, triggeringPrincipal ); } catch (ex) { // Prevent the drop entirely if any of the links are invalid even if // one of them is valid. aEvent.stopPropagation(); aEvent.preventDefault(); throw ex; } } return links; }, validateURIsForDrop(aEvent, aURIs, aDisallowInherit) { let dataTransfer = aEvent.dataTransfer; let triggeringPrincipal = this._getTriggeringPrincipalFromDataTransfer( dataTransfer, false ); for (let uri of aURIs) { this._validateURI( dataTransfer, uri, aDisallowInherit, triggeringPrincipal ); } }, queryLinks(aDataTransfer) { return this._getDropLinks(aDataTransfer); }, _eventTargetIsDisabled(aEvent) { let ownerDoc = aEvent.originalTarget.ownerDocument; if (!ownerDoc || !ownerDoc.defaultView) { return false; } return ownerDoc.defaultView.windowUtils.isNodeDisabledForEvents( aEvent.originalTarget ); }, }; PK