diff --git a/dom/ipc/ProcessIsolation.cpp b/dom/ipc/ProcessIsolation.cpp --- a/dom/ipc/ProcessIsolation.cpp +++ b/dom/ipc/ProcessIsolation.cpp @@ -23,16 +23,17 @@ #include "mozilla/NullPrincipal.h" #include "mozilla/PermissionManager.h" #include "mozilla/Preferences.h" #include "mozilla/RefPtr.h" #include "mozilla/StaticPrefs_browser.h" #include "mozilla/StaticPrefs_fission.h" #include "mozilla/StaticPtr.h" #include "nsAboutProtocolUtils.h" +#include "nsContentSecurityManager.h" #include "nsDocShell.h" #include "nsError.h" #include "nsIChromeRegistry.h" #include "nsIHttpChannel.h" #include "nsIHttpChannelInternal.h" #include "nsIProtocolHandler.h" #include "nsIXULRuntime.h" #include "nsNetUtil.h" @@ -688,17 +689,18 @@ ResultGetHasLoadedNonInitialDocument() && (aLoadStateLoadType == LOAD_NORMAL || aLoadStateLoadType == LOAD_HISTORY || aLoadStateLoadType == LOAD_LINK || aLoadStateLoadType == LOAD_STOP_CONTENT || aLoadStateLoadType == LOAD_STOP_CONTENT_AND_REPLACE) && (!aTopBC->GetActiveSessionHistoryEntry() || - aTopBC->GetActiveSessionHistoryEntry()->GetSaveLayoutStateFlag())) { + aTopBC->GetActiveSessionHistoryEntry()->GetSaveLayoutStateFlag()) && + nsContentSecurityManager::AllowTopLevelNavigationToDataURI(aChannel)) { if (nsCOMPtr uri = aTopBC->GetCurrentURI()) { MOZ_LOG(gProcessIsolationLog, LogLevel::Verbose, ("current uri: %s", uri->GetSpecOrDefault().get())); } options.mTryUseBFCache = aTopBC->AllowedInBFCache(aChannelId, aChannelCreationURI); if (options.mTryUseBFCache) { options.mReplaceBrowsingContext = true; diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -65,17 +65,17 @@ mozilla::LazyLogModule sCSMLog("CSMLog") Atomic sJSHacksChecked(false); Atomic sJSHacksPresent(false); Atomic sCSSHacksChecked(false); Atomic sCSSHacksPresent(false); Atomic sTelemetryEventEnabled(false); /* static */ bool nsContentSecurityManager::AllowTopLevelNavigationToDataURI( - nsIChannel* aChannel) { + nsIChannel* aChannel, bool aWarn) { // Let's block all toplevel document navigations to a data: URI. // In all cases where the toplevel document is navigated to a // data: URI the triggeringPrincipal is a contentPrincipal, or // a NullPrincipal. In other cases, e.g. typing a data: URL into // the URL-Bar, the triggeringPrincipal is a SystemPrincipal; // we don't want to block those loads. Only exception, loads coming // from an external applicaton (e.g. Thunderbird) don't load // using a contentPrincipal, but we want to block those loads. @@ -121,16 +121,21 @@ bool nsContentSecurityManager::AllowTopL } // Redirecting to a toplevel data: URI is not allowed, hence we make // sure the RedirectChain is empty. if (!loadInfo->GetLoadTriggeredFromExternal() && loadInfo->TriggeringPrincipal()->IsSystemPrincipal() && loadInfo->RedirectChain().IsEmpty()) { return true; } + + if (!aWarn) { + return false; + } + nsAutoCString dataSpec; uri->GetSpec(dataSpec); if (dataSpec.Length() > 50) { dataSpec.Truncate(50); dataSpec.AppendLiteral("..."); } nsCOMPtr context = loadInfo->ContextForTopLevelLoad(); nsCOMPtr browserChild = do_QueryInterface(context); diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h --- a/dom/security/nsContentSecurityManager.h +++ b/dom/security/nsContentSecurityManager.h @@ -31,17 +31,18 @@ class nsContentSecurityManager : public NS_DECL_NSICONTENTSECURITYMANAGER NS_DECL_NSICHANNELEVENTSINK nsContentSecurityManager() = default; static nsresult doContentSecurityCheck( nsIChannel* aChannel, nsCOMPtr& aInAndOutListener); - static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel); + static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel, + bool aWarn = true); static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel); static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo, nsIURI* aFinalURI, const nsACString& aRemoteType); private: static nsresult CheckChannel(nsIChannel* aChannel); static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);