From f62eee7c510238bf93b6ad43acd8b8a79a44417c Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 1 Nov 2018 20:35:06 +0100 Subject: Bug 1460538 --- modules/libjar/nsJARChannel.cpp | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'modules') diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index ee60602dae..2f721fa3f5 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -995,6 +995,25 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx) mRequest = req; nsresult rv = mListener->OnStartRequest(this, mListenerContext); mRequest = nullptr; + NS_ENSURE_SUCCESS(rv, rv); + + // Restrict loadable content types. + nsAutoCString contentType; + GetContentType(contentType); + auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType(); + if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) && + contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT && + contentPolicyType != nsIContentPolicy::TYPE_FETCH) { + return NS_ERROR_CORRUPTED_CONTENT; + } + if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET && + !contentType.EqualsLiteral(TEXT_CSS)) { + return NS_ERROR_CORRUPTED_CONTENT; + } + if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT && + !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) { + return NS_ERROR_CORRUPTED_CONTENT; + } return rv; } -- cgit v1.2.3