1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=78: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "nsChromeRegistry.h"
8 #include "nsChromeRegistryChrome.h"
9 #include "nsChromeRegistryContent.h"
10
11 #include "nsCOMPtr.h"
12 #include "nsComponentManagerUtils.h"
13 #include "nsError.h"
14 #include "nsEscape.h"
15 #include "nsNetUtil.h"
16 #include "nsString.h"
17 #include "nsQueryObject.h"
18
19 #include "mozilla/dom/URL.h"
20 #include "nsIConsoleService.h"
21 #include "mozilla/dom/Document.h"
22 #include "nsIObserverService.h"
23 #include "nsIScriptError.h"
24 #include "mozilla/Preferences.h"
25 #include "mozilla/PresShell.h"
26 #include "mozilla/Printf.h"
27 #include "mozilla/StyleSheet.h"
28 #include "mozilla/StyleSheetInlines.h"
29 #include "mozilla/dom/Location.h"
30
31 nsChromeRegistry* nsChromeRegistry::gChromeRegistry;
32
33 // DO NOT use namespace mozilla; it'll break due to a naming conflict between
34 // mozilla::TextRange and a TextRange in OSX headers.
35 using mozilla::PresShell;
36 using mozilla::StyleSheet;
37 using mozilla::dom::Document;
38 using mozilla::dom::Location;
39
40 ////////////////////////////////////////////////////////////////////////////////
41
LogMessage(const char * aMsg,...)42 void nsChromeRegistry::LogMessage(const char* aMsg, ...) {
43 nsCOMPtr<nsIConsoleService> console(
44 do_GetService(NS_CONSOLESERVICE_CONTRACTID));
45 if (!console) return;
46
47 va_list args;
48 va_start(args, aMsg);
49 mozilla::SmprintfPointer formatted = mozilla::Vsmprintf(aMsg, args);
50 va_end(args);
51 if (!formatted) return;
52
53 console->LogStringMessage(NS_ConvertUTF8toUTF16(formatted.get()).get());
54 }
55
LogMessageWithContext(nsIURI * aURL,uint32_t aLineNumber,uint32_t flags,const char * aMsg,...)56 void nsChromeRegistry::LogMessageWithContext(nsIURI* aURL, uint32_t aLineNumber,
57 uint32_t flags, const char* aMsg,
58 ...) {
59 nsresult rv;
60
61 nsCOMPtr<nsIConsoleService> console(
62 do_GetService(NS_CONSOLESERVICE_CONTRACTID));
63
64 nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
65 if (!console || !error) return;
66
67 va_list args;
68 va_start(args, aMsg);
69 mozilla::SmprintfPointer formatted = mozilla::Vsmprintf(aMsg, args);
70 va_end(args);
71 if (!formatted) return;
72
73 nsCString spec;
74 if (aURL) aURL->GetSpec(spec);
75
76 rv = error->Init(NS_ConvertUTF8toUTF16(formatted.get()),
77 NS_ConvertUTF8toUTF16(spec), u""_ns, aLineNumber, 0, flags,
78 "chrome registration", false /* from private window */,
79 true /* from chrome context */);
80
81 if (NS_FAILED(rv)) return;
82
83 console->LogMessage(error);
84 }
85
~nsChromeRegistry()86 nsChromeRegistry::~nsChromeRegistry() { gChromeRegistry = nullptr; }
87
88 NS_INTERFACE_MAP_BEGIN(nsChromeRegistry)
NS_INTERFACE_MAP_ENTRY(nsIChromeRegistry)89 NS_INTERFACE_MAP_ENTRY(nsIChromeRegistry)
90 NS_INTERFACE_MAP_ENTRY(nsIXULChromeRegistry)
91 NS_INTERFACE_MAP_ENTRY(nsIToolkitChromeRegistry)
92 NS_INTERFACE_MAP_ENTRY(nsIObserver)
93 NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
94 NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIChromeRegistry)
95 NS_INTERFACE_MAP_END
96
97 NS_IMPL_ADDREF(nsChromeRegistry)
98 NS_IMPL_RELEASE(nsChromeRegistry)
99
100 ////////////////////////////////////////////////////////////////////////////////
101 // nsIChromeRegistry methods:
102
103 already_AddRefed<nsIChromeRegistry> nsChromeRegistry::GetService() {
104 if (!gChromeRegistry) {
105 // We don't actually want this ref, we just want the service to
106 // initialize if it hasn't already.
107 nsCOMPtr<nsIChromeRegistry> reg(
108 do_GetService(NS_CHROMEREGISTRY_CONTRACTID));
109 if (!gChromeRegistry) return nullptr;
110 }
111 nsCOMPtr<nsIChromeRegistry> registry = gChromeRegistry;
112 return registry.forget();
113 }
114
Init()115 nsresult nsChromeRegistry::Init() {
116 // This initialization process is fairly complicated and may cause reentrant
117 // getservice calls to resolve chrome URIs (especially locale files). We
118 // don't want that, so we inform the protocol handler about our existence
119 // before we are actually fully initialized.
120 gChromeRegistry = this;
121
122 mInitialized = true;
123
124 return NS_OK;
125 }
126
GetProviderAndPath(nsIURI * aChromeURL,nsACString & aProvider,nsACString & aPath)127 nsresult nsChromeRegistry::GetProviderAndPath(nsIURI* aChromeURL,
128 nsACString& aProvider,
129 nsACString& aPath) {
130 nsresult rv;
131
132 NS_ASSERTION(aChromeURL->SchemeIs("chrome"), "Non-chrome URI?");
133
134 nsAutoCString path;
135 rv = aChromeURL->GetPathQueryRef(path);
136 NS_ENSURE_SUCCESS(rv, rv);
137
138 if (path.Length() < 3) {
139 #ifdef DEBUG
140 LogMessage("Invalid chrome URI (need path): %s",
141 aChromeURL->GetSpecOrDefault().get());
142 #endif
143 return NS_ERROR_FAILURE;
144 }
145
146 path.SetLength(nsUnescapeCount(path.BeginWriting()));
147 NS_ASSERTION(path.First() == '/', "Path should always begin with a slash!");
148
149 int32_t slash = path.FindChar('/', 1);
150 if (slash == 1) {
151 #ifdef DEBUG
152 LogMessage("Invalid chrome URI (path cannot start with another slash): %s",
153 aChromeURL->GetSpecOrDefault().get());
154 #endif
155 return NS_ERROR_FAILURE;
156 }
157
158 if (slash == -1) {
159 aPath.Truncate();
160 } else {
161 if (slash == (int32_t)path.Length() - 1)
162 aPath.Truncate();
163 else
164 aPath.Assign(path.get() + slash + 1, path.Length() - slash - 1);
165
166 --slash;
167 }
168
169 aProvider.Assign(path.get() + 1, slash);
170 return NS_OK;
171 }
172
Canonify(nsCOMPtr<nsIURI> & aChromeURL)173 nsresult nsChromeRegistry::Canonify(nsCOMPtr<nsIURI>& aChromeURL) {
174 constexpr auto kSlash = "/"_ns;
175
176 nsresult rv;
177
178 nsAutoCString provider, path;
179 rv = GetProviderAndPath(aChromeURL, provider, path);
180 NS_ENSURE_SUCCESS(rv, rv);
181
182 if (path.IsEmpty()) {
183 nsAutoCString package;
184 rv = aChromeURL->GetHost(package);
185 NS_ENSURE_SUCCESS(rv, rv);
186
187 // we re-use the "path" local string to build a new URL path
188 path.Assign(kSlash + provider + kSlash + package);
189 if (provider.EqualsLiteral("content")) {
190 path.AppendLiteral(".xul");
191 } else if (provider.EqualsLiteral("locale")) {
192 path.AppendLiteral(".dtd");
193 } else if (provider.EqualsLiteral("skin")) {
194 path.AppendLiteral(".css");
195 } else {
196 return NS_ERROR_INVALID_ARG;
197 }
198 return NS_MutateURI(aChromeURL).SetPathQueryRef(path).Finalize(aChromeURL);
199 }
200
201 // prevent directory traversals ("..")
202 // path is already unescaped once, but uris can get unescaped twice
203 const char* pos = path.BeginReading();
204 const char* end = path.EndReading();
205 // Must start with [a-zA-Z0-9].
206 if (!('a' <= *pos && *pos <= 'z') && !('A' <= *pos && *pos <= 'Z') &&
207 !('0' <= *pos && *pos <= '9')) {
208 return NS_ERROR_DOM_BAD_URI;
209 }
210 while (pos < end) {
211 switch (*pos) {
212 case ':':
213 return NS_ERROR_DOM_BAD_URI;
214 case '.':
215 if (pos[1] == '.') {
216 return NS_ERROR_DOM_BAD_URI;
217 }
218 break;
219 case '%':
220 // chrome: URIs with double-escapes are trying to trick us.
221 // watch for %2e, and %25 in case someone triple unescapes
222 if (pos[1] == '2' &&
223 (pos[2] == 'e' || pos[2] == 'E' || pos[2] == '5')) {
224 return NS_ERROR_DOM_BAD_URI;
225 }
226 break;
227 case '?':
228 case '#':
229 pos = end;
230 continue;
231 }
232 ++pos;
233 }
234
235 return NS_OK;
236 }
237
238 NS_IMETHODIMP
ConvertChromeURL(nsIURI * aChromeURI,nsIURI ** aResult)239 nsChromeRegistry::ConvertChromeURL(nsIURI* aChromeURI, nsIURI** aResult) {
240 nsresult rv;
241 if (NS_WARN_IF(!aChromeURI)) {
242 return NS_ERROR_INVALID_ARG;
243 }
244
245 if (mOverrideTable.Get(aChromeURI, aResult)) return NS_OK;
246
247 nsCOMPtr<nsIURL> chromeURL(do_QueryInterface(aChromeURI));
248 NS_ENSURE_TRUE(chromeURL, NS_NOINTERFACE);
249
250 nsAutoCString package, provider, path;
251 rv = chromeURL->GetHostPort(package);
252 NS_ENSURE_SUCCESS(rv, rv);
253
254 rv = GetProviderAndPath(chromeURL, provider, path);
255 NS_ENSURE_SUCCESS(rv, rv);
256
257 nsIURI* baseURI = GetBaseURIFromPackage(package, provider, path);
258
259 uint32_t flags;
260 rv = GetFlagsFromPackage(package, &flags);
261 if (NS_FAILED(rv)) return rv;
262
263 if (!baseURI) {
264 LogMessage("No chrome package registered for chrome://%s/%s/%s",
265 package.get(), provider.get(), path.get());
266 return NS_ERROR_FILE_NOT_FOUND;
267 }
268
269 return NS_NewURI(aResult, path, nullptr, baseURI);
270 }
271
272 ////////////////////////////////////////////////////////////////////////
273
FlushAllCaches()274 void nsChromeRegistry::FlushAllCaches() {
275 nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
276 NS_ASSERTION(obsSvc, "Couldn't get observer service.");
277
278 obsSvc->NotifyObservers((nsIChromeRegistry*)this, NS_CHROME_FLUSH_TOPIC,
279 nullptr);
280 }
281
282 NS_IMETHODIMP
AllowScriptsForPackage(nsIURI * aChromeURI,bool * aResult)283 nsChromeRegistry::AllowScriptsForPackage(nsIURI* aChromeURI, bool* aResult) {
284 nsresult rv;
285 *aResult = false;
286
287 NS_ASSERTION(aChromeURI->SchemeIs("chrome"),
288 "Non-chrome URI passed to AllowScriptsForPackage!");
289
290 nsCOMPtr<nsIURL> url(do_QueryInterface(aChromeURI));
291 NS_ENSURE_TRUE(url, NS_NOINTERFACE);
292
293 nsAutoCString provider, file;
294 rv = GetProviderAndPath(url, provider, file);
295 NS_ENSURE_SUCCESS(rv, rv);
296
297 if (!provider.EqualsLiteral("skin")) *aResult = true;
298
299 return NS_OK;
300 }
301
302 NS_IMETHODIMP
AllowContentToAccess(nsIURI * aURI,bool * aResult)303 nsChromeRegistry::AllowContentToAccess(nsIURI* aURI, bool* aResult) {
304 nsresult rv;
305
306 *aResult = false;
307
308 NS_ASSERTION(aURI->SchemeIs("chrome"),
309 "Non-chrome URI passed to AllowContentToAccess!");
310
311 nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
312 if (!url) {
313 NS_ERROR("Chrome URL doesn't implement nsIURL.");
314 return NS_ERROR_UNEXPECTED;
315 }
316
317 nsAutoCString package;
318 rv = url->GetHostPort(package);
319 NS_ENSURE_SUCCESS(rv, rv);
320
321 uint32_t flags;
322 rv = GetFlagsFromPackage(package, &flags);
323
324 if (NS_SUCCEEDED(rv)) {
325 *aResult = !!(flags & CONTENT_ACCESSIBLE);
326 }
327 return NS_OK;
328 }
329
330 NS_IMETHODIMP
CanLoadURLRemotely(nsIURI * aURI,bool * aResult)331 nsChromeRegistry::CanLoadURLRemotely(nsIURI* aURI, bool* aResult) {
332 nsresult rv;
333
334 *aResult = false;
335
336 NS_ASSERTION(aURI->SchemeIs("chrome"),
337 "Non-chrome URI passed to CanLoadURLRemotely!");
338
339 nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
340 if (!url) {
341 NS_ERROR("Chrome URL doesn't implement nsIURL.");
342 return NS_ERROR_UNEXPECTED;
343 }
344
345 nsAutoCString package;
346 rv = url->GetHostPort(package);
347 NS_ENSURE_SUCCESS(rv, rv);
348
349 uint32_t flags;
350 rv = GetFlagsFromPackage(package, &flags);
351
352 if (NS_SUCCEEDED(rv)) {
353 *aResult = !!(flags & REMOTE_ALLOWED);
354 }
355 return NS_OK;
356 }
357
358 NS_IMETHODIMP
MustLoadURLRemotely(nsIURI * aURI,bool * aResult)359 nsChromeRegistry::MustLoadURLRemotely(nsIURI* aURI, bool* aResult) {
360 nsresult rv;
361
362 *aResult = false;
363
364 NS_ASSERTION(aURI->SchemeIs("chrome"),
365 "Non-chrome URI passed to MustLoadURLRemotely!");
366
367 nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
368 if (!url) {
369 NS_ERROR("Chrome URL doesn't implement nsIURL.");
370 return NS_ERROR_UNEXPECTED;
371 }
372
373 nsAutoCString package;
374 rv = url->GetHostPort(package);
375 NS_ENSURE_SUCCESS(rv, rv);
376
377 uint32_t flags;
378 rv = GetFlagsFromPackage(package, &flags);
379
380 if (NS_SUCCEEDED(rv)) {
381 *aResult = !!(flags & REMOTE_REQUIRED);
382 }
383 return NS_OK;
384 }
385
GetSingleton()386 already_AddRefed<nsChromeRegistry> nsChromeRegistry::GetSingleton() {
387 if (gChromeRegistry) {
388 RefPtr<nsChromeRegistry> registry = gChromeRegistry;
389 return registry.forget();
390 }
391
392 RefPtr<nsChromeRegistry> cr;
393 if (GeckoProcessType_Content == XRE_GetProcessType())
394 cr = new nsChromeRegistryContent();
395 else
396 cr = new nsChromeRegistryChrome();
397
398 if (NS_FAILED(cr->Init())) return nullptr;
399
400 return cr.forget();
401 }
402