summaryrefslogtreecommitdiff
path: root/components/htmlfive/nsHtml5TreeOpExecutor.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'components/htmlfive/nsHtml5TreeOpExecutor.cpp')
-rw-r--r--components/htmlfive/nsHtml5TreeOpExecutor.cpp56
1 files changed, 55 insertions, 1 deletions
diff --git a/components/htmlfive/nsHtml5TreeOpExecutor.cpp b/components/htmlfive/nsHtml5TreeOpExecutor.cpp
index 8cf22d804..c79af5321 100644
--- a/components/htmlfive/nsHtml5TreeOpExecutor.cpp
+++ b/components/htmlfive/nsHtml5TreeOpExecutor.cpp
@@ -1019,9 +1019,63 @@ nsHtml5TreeOpExecutor::SetSpeculationBase(const nsAString& aURL)
return;
}
const nsCString& charset = mDocument->GetDocumentCharacterSet();
- DebugOnly<nsresult> rv = NS_NewURI(getter_AddRefs(mSpeculationBaseURI), aURL,
+ nsCOMPtr<nsIURI> newBaseURI;
+ nsresult rv = NS_NewURI(getter_AddRefs(newBaseURI), aURL,
charset.get(), mDocument->GetDocumentURI());
NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Failed to create a URI");
+ if (!newBaseURI) {
+ return;
+ }
+
+ if (!CSPService::sCSPEnabled) {
+ // If CSP is not enabled, just pass back the URI
+ mSpeculationBaseURI = newBaseURI;
+ return;
+ }
+
+ NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
+
+ nsCOMPtr<nsIPrincipal> principal = mDocument->NodePrincipal();
+ nsCOMPtr<nsIDOMDocument> domDoc = do_QueryInterface(mDocument);
+
+ // Check the document's CSP usually delivered via the CSP header.
+ nsCOMPtr<nsIContentSecurityPolicy> documentCsp;
+ rv = principal->EnsureCSP(domDoc, getter_AddRefs(documentCsp));
+ NS_ENSURE_SUCCESS_VOID(rv);
+ if (documentCsp) {
+ // base-uri should not fallback to the default-src and preloads should not
+ // trigger violation reports.
+ bool cspPermitsBaseURI = true;
+ rv = documentCsp->Permits(
+ newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE,
+ true /* aSpecific */,
+ false /* aSendViolationReports */,
+ &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+
+ // Also check the CSP discovered from the <meta> tag during speculative
+ // parsing.
+ nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
+ rv = principal->EnsurePreloadCSP(domDoc, getter_AddRefs(preloadCsp));
+ NS_ENSURE_SUCCESS_VOID(rv);
+ if (preloadCsp) {
+ bool cspPermitsBaseURI = true;
+ rv = preloadCsp->Permits(
+ newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE,
+ true /* aSpecific */,
+ false /* aSendViolationReports */,
+ &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+
+ mSpeculationBaseURI = newBaseURI;
}
void