| blob | 93e7a2973281a7dc50b284e293fbf6320e0a68cc |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* vim: set ts=4 sw=4 et tw=78: */
3 /* ***** BEGIN LICENSE BLOCK *****
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 *
6 * The contents of this file are subject to the Mozilla Public License Version
7 * 1.1 (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at
9 * http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS" basis,
12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 * for the specific language governing rights and limitations under the
14 * License.
15 *
16 * The Original Code is mozilla.org code.
17 *
18 * The Initial Developer of the Original Code is
19 * Netscape Communications Corporation.
20 * Portions created by the Initial Developer are Copyright (C) 1998
21 * the Initial Developer. All Rights Reserved.
22 *
23 * Contributor(s):
24 * Pierre Phaneuf <pp@ludusdesign.com>
25 *
26 * Alternatively, the contents of this file may be used under the terms of
27 * either of the GNU General Public License Version 2 or later (the "GPL"),
28 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29 * in which case the provisions of the GPL or the LGPL are applicable instead
30 * of those above. If you wish to allow use of your version of this file only
31 * under the terms of either the GPL or the LGPL, and not to allow others to
32 * use your version of this file under the terms of the MPL, indicate your
33 * decision by deleting the provisions above and replace them with the notice
34 * and other provisions required by the GPL or the LGPL. If you do not delete
35 * the provisions above, a recipient may use your version of this file under
36 * the terms of any one of the MPL, the GPL or the LGPL.
37 *
38 * ***** END LICENSE BLOCK ***** */
85 {
89 NS_DECL_ISUPPORTS
94 PopupControlState aPopupState,
95 PRUint32 aExecutionPolicy,
102 nsCString mScript;
103 nsCString mURL;
104 };
106 //
107 // nsISupports implementation...
108 //
113 {
114 }
117 {
118 }
121 {
124 // Get the script string to evaluate...
128 // Get the url.
133 }
135 static PRBool
137 {
143 }
145 }
147 static
149 {
150 // Get the global object owner from the channel
156 }
159 }
161 // So far so good: get the script context from its owner.
165 "Unable to get an nsIScriptGlobalObject from the "
168 }
171 PopupControlState aPopupState,
172 PRUint32 aExecutionPolicy,
174 {
176 // Nothing to do here.
178 }
182 // Get principal of code for execution
187 // No execution without a principal!
191 }
193 nsresult rv;
195 // CSP check: javascript: URIs disabled unless "inline" scripts are
196 // allowed.
201 PRBool allowsInline;
202 // this call will send violation reports as warranted (and return true if
203 // reportOnly is set).
207 // TODO: log that we're blocking this javascript: uri
210 }
212 // Get the global object we should be running on.
216 }
220 // Push our popup control state
223 // Make sure we still have the same inner window as we used to.
228 }
237 }
239 // So far so good: get the script context from its owner.
245 // Unescape the script
254 PRBool useSandbox =
258 //-- Don't outside a sandbox unless the script principal subsumes the
259 // principal of the context.
263 globalJSObject,
268 PRBool subsumes;
274 }
276 nsString result;
277 PRBool isUndefined;
279 // Finally, we have everything needed to evaluate the expression.
282 // We were asked to use a sandbox, or the channel owner isn't allowed
283 // to execute in this context. Evaluate the javascript URL in a
284 // sandbox to prevent it from accessing data it doesn't have
285 // permissions to access.
287 // First check to make sure it's OK to evaluate this script to
288 // start with. For example, script could be disabled.
292 PRBool ok;
296 }
299 // Treat this as returning undefined from the script. That's what
300 // nsJSContext does.
302 }
314 }
316 // Push our JSContext on the context stack so the JS_ValueToString call (and
317 // JS_ReportPendingException, if relevant) will use the principal of cx.
318 // Note that we do this as late as possible to make popping simpler.
323 }
326 }
331 // Propagate and report exceptions that happened in the
332 // sandbox.
338 }
343 }
347 // No need to use the sandbox, evaluate the script directly in
348 // the given scope.
351 principal,
354 nsnull,
358 // If there's an error on cx as a result of that call, report
359 // it now -- either we're just running under the event loop,
360 // so we shouldn't propagate JS exceptions out of here, or we
361 // can't be sure that our caller is JS (and if it's not we'll
362 // lose the error), or it might be JS that then proceeds to
363 // cause an error of its own (which will also make us lose
364 // this error).
368 }
372 }
375 }
378 PRUint32 bytesLen;
383 // For compatibility, if the result is ISO-8859-1, we use
384 // ISO-8859-1, so that people can compatibly create images
385 // using javascript: URLs.
389 }
393 }
398 NS_ASSIGNMENT_ADOPT);
399 else
401 }
404 }
406 ////////////////////////////////////////////////////////////////////////////////
411 public nsIPropertyBag2
412 {
416 NS_DECL_ISUPPORTS
417 NS_DECL_NSIREQUEST
418 NS_DECL_NSICHANNEL
419 NS_DECL_NSIREQUESTOBSERVER
420 NS_DECL_NSISTREAMLISTENER
421 NS_DECL_NSISCRIPTCHANNEL
427 // Actually evaluate the script.
445 // started against.
446 // If we blocked onload on a document in AsyncOpen, this is the document we
447 // did it on.
452 nsLoadFlags mLoadFlags;
456 PopupControlState mPopupState;
457 PRUint32 mExecutionPolicy;
458 PRPackedBool mIsAsync;
459 PRPackedBool mIsActive;
460 PRPackedBool mOpenedStreamChannel;
461 };
472 {
473 }
476 {
477 }
480 {
488 }
491 }
494 {
500 // Create the nsIStreamIO layer used by the nsIStreamIOChannel.
505 // Create a stock input stream channel...
506 // Remember, until AsyncOpen is called, the script will not be evaluated
507 // and the underlying Input Stream will not be created...
510 // If the resultant script evaluation actually does return a value, we
511 // treat it as html.
525 }
526 }
529 }
531 //
532 // nsISupports implementation...
533 //
537 nsIPropertyBag2)
539 //
540 // nsIRequest implementation...
541 //
543 NS_IMETHODIMP
545 {
547 }
549 NS_IMETHODIMP
551 {
554 }
556 NS_IMETHODIMP
558 {
561 }
566 }
568 NS_IMETHODIMP
570 {
575 }
578 }
580 NS_IMETHODIMP
582 {
584 }
586 NS_IMETHODIMP
588 {
590 }
592 //
593 // nsIChannel implementation
594 //
596 NS_IMETHODIMP
598 {
600 }
602 NS_IMETHODIMP
604 {
606 }
608 NS_IMETHODIMP
610 {
612 }
614 NS_IMETHODIMP
616 {
618 mExecutionPolicy,
619 mOriginalInnerWindow);
623 }
625 NS_IMETHODIMP
627 {
630 // First make sure that we have a usable inner window; we'll want to make
631 // sure that we execute against that inner and no other.
635 }
640 // Make sure we create a new inner window if one doesn't already exist (see
641 // bug 306630).
645 }
652 // Temporarily set the LOAD_BACKGROUND flag to suppress load group observer
653 // notifications (and hence nsIWebProgressListener notifications) from
654 // being dispatched. This is required since we suppress LOAD_DOCUMENT_URI,
655 // which means that the DocLoader would not generate document start and
656 // stop notifications (see bug 257875).
660 // Add the javascript channel to its loadgroup so that we know if
661 // network loads were canceled or not...
670 }
671 }
673 mDocumentOnloadBlockedOn =
676 // If we're a document channel, we need to actually block onload on our
677 // _parent_ document. This is because we don't actually set our
678 // LOAD_DOCUMENT_URI flag, so a docloader we're loading in as the
679 // document channel will claim to not be busy, and our parent's onload
680 // could fire too early.
681 nsLoadFlags loadFlags;
684 mDocumentOnloadBlockedOn =
686 }
687 }
690 }
697 // post an event to do the rest
702 // That will handle notifying things
704 }
708 // mStatus is going to be NS_ERROR_DOM_RETVAL_UNDEFINED if we didn't
709 // have any content resulting from the execution and NS_BINDING_ABORTED
710 // if something we did causes our own load to be stopped. Return
711 // success in those cases, and error out in all others.
714 // Note that calling EvaluateScript() handled removing us from the
715 // loadgroup and marking us as not active anymore.
718 }
720 // We're returning success from asyncOpen(), but we didn't open a
721 // stream channel. We'll have to notify ourselves, but make sure to do
722 // it asynchronously.
724 }
733 }
735 }
737 void
739 {
740 // Synchronously execute the script...
741 // mIsActive is used to indicate the the request is 'busy' during the
742 // the script evaluation phase. This means that IsPending() will
743 // indicate the the request is busy while the script is executing...
745 // Note that we want to be in the loadgroup and pending while we evaluate
746 // the script, so that we find out if the loadgroup gets canceled by the
747 // script execution (in which case we shouldn't pump out data even if the
748 // script returns it).
752 mExecutionPolicy,
753 mOriginalInnerWindow);
755 // Note that evaluation may have canceled us, so recheck mStatus again
758 }
759 }
761 // Remove the javascript channel from its loadgroup...
766 }
768 // Reset load flags to their original value...
771 // We're no longer active, it's now up to the stream channel to do
772 // the loading, if needed.
778 }
780 }
782 // EvaluateScript() succeeded, and we were not canceled, that
783 // means there's data to parse as a result of evaluating the
784 // script.
786 // Get the stream channels load flags (!= mLoadFlags).
787 nsLoadFlags loadFlags;
791 // We're loaded as the document channel. If we go on,
792 // we'll blow away the current document. Make sure that's
793 // ok. If so, stop all pending network loads.
802 PRBool okToUnload;
806 // The user didn't want to unload the current
807 // page, translate this into an undefined
808 // return from the javascript: URL...
810 }
811 }
812 }
816 }
817 }
822 }
824 }
828 // mStreamChannel will call OnStartRequest and OnStopRequest on
829 // us, so we'll be sure to call them on our listener.
832 // Now readd ourselves to the loadgroup so we can receive
833 // cancellation notifications.
838 // If AddRequest failed, that's OK. The key is to make sure we get
839 // cancelled if needed, and that call just canceled us if it
840 // failed. We'll still get notified by the stream channel when it
841 // finishes.
842 }
846 }
849 }
851 void
853 {
858 }
860 void
862 {
869 }
870 }
872 NS_IMETHODIMP
874 {
878 }
880 NS_IMETHODIMP
882 {
883 // Figure out whether the LOAD_BACKGROUND bit in aLoadFlags is
884 // actually right.
888 // We're getting a LOAD_BACKGROUND, but it's probably just our own fake
889 // flag being mirrored to us. The one exception is if our loadgroup is
890 // LOAD_BACKGROUND.
895 nsLoadFlags loadGroupFlags;
898 }
900 }
902 // Since the javascript channel is never the actual channel that
903 // any data is loaded through, don't ever set the
904 // LOAD_DOCUMENT_URI flag on it, since that could lead to two
905 // 'document channels' in the loadgroup if a javascript: URL is
906 // loaded while a document is being loaded in the same window.
908 // XXXbz this, and a whole lot of other hackery, could go away if we'd just
909 // cancel the current document load on javascript: load start like IE does.
915 }
919 // ... but the underlying stream channel should get this bit, if
920 // set, since that'll be the real document channel if the
921 // javascript: URL generated data.
924 }
926 NS_IMETHODIMP
928 {
930 }
932 NS_IMETHODIMP
934 {
936 PRBool streamPending;
945 // Move the stream channel to our new loadgroup. Make sure to
946 // add it before removing it, so that we don't trigger onload
947 // by accident.
951 NS_BINDING_RETARGETED);
952 }
953 }
954 }
955 }
958 }
960 NS_IMETHODIMP
962 {
964 }
966 NS_IMETHODIMP
968 {
970 }
972 NS_IMETHODIMP
974 {
976 }
978 NS_IMETHODIMP
980 {
982 }
984 NS_IMETHODIMP
986 {
988 }
990 NS_IMETHODIMP
992 {
994 }
996 NS_IMETHODIMP
998 {
1000 }
1002 NS_IMETHODIMP
1004 {
1006 }
1008 NS_IMETHODIMP
1010 {
1012 }
1014 NS_IMETHODIMP
1016 {
1018 }
1020 NS_IMETHODIMP
1022 {
1024 }
1026 NS_IMETHODIMP
1029 {
1033 }
1035 NS_IMETHODIMP
1039 PRUint32 aOffset,
1040 PRUint32 aCount)
1041 {
1045 aCount);
1046 }
1048 NS_IMETHODIMP
1051 nsresult aStatus)
1052 {
1059 // Make sure aStatus matches what GetStatus() returns
1062 }
1070 }
1075 }
1077 NS_IMETHODIMP
1079 {
1084 }
1086 NS_IMETHODIMP
1088 {
1091 }
1093 NS_IMETHODIMP
1095 {
1098 }
1099 // else ignore this call
1103 }
1105 NS_IMETHODIMP
1107 {
1110 }
1112 ////////////////////////////////////////////////////////////////////////////////
1115 {
1116 }
1118 nsresult
1120 {
1122 }
1125 {
1126 }
1130 nsresult
1132 {
1143 }
1146 }
1148 nsresult
1151 {
1154 nsresult rv;
1159 }
1160 nsAutoString uStr;
1168 }
1170 ////////////////////////////////////////////////////////////////////////////////
1171 // nsIProtocolHandler methods:
1173 NS_IMETHODIMP
1175 {
1178 }
1180 NS_IMETHODIMP
1182 {
1185 }
1187 NS_IMETHODIMP
1189 {
1193 }
1195 NS_IMETHODIMP
1200 {
1201 nsresult rv;
1203 // javascript: URLs (currently) have no additional structure beyond that
1204 // provided by standard URLs, so there is no "outer" object given to
1205 // CreateInstance.
1215 nsCAutoString utf8Spec;
1220 else
1222 }
1223 }
1227 }
1234 }
1236 NS_IMETHODIMP
1238 {
1239 nsresult rv;
1247 }
1254 }
1257 }
1259 NS_IMETHODIMP
1261 {
1262 // don't override anything.
1265 }
1267 ////////////////////////////////////////////////////////////
1268 // nsJSURI implementation
1281 else
1282 NS_INTERFACE_MAP_END
1284 // nsISerializable methods:
1286 NS_IMETHODIMP
1288 {
1289 nsresult rv;
1297 PRBool haveBase;
1304 }
1307 }
1309 NS_IMETHODIMP
1311 {
1312 nsresult rv;
1323 }
1326 }
1328 // nsIURI methods:
1330 NS_IMETHODIMP
1332 {
1341 }
1348 }
1350 NS_IMETHODIMP
1352 {
1356 }
1363 }
1366 }
1368 // nsIClassInfo methods:
1369 NS_IMETHODIMP
1371 {
1375 }
1377 NS_IMETHODIMP
1379 {
1382 }
1384 NS_IMETHODIMP
1386 {
1387 // Make sure to modify any subclasses as needed if this ever
1388 // changes.
1391 }
1393 NS_IMETHODIMP
1395 {
1398 }
1400 NS_IMETHODIMP
1402 {
1403 // Make sure to modify any subclasses as needed if this ever
1404 // changes to not call the virtual GetClassIDNoAlloc.
1409 }
1411 NS_IMETHODIMP
1413 {
1416 }
1418 NS_IMETHODIMP
1420 {
1423 }
1425 NS_IMETHODIMP
1427 {
1430 }