tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsNoDataProtocolContentPolicy.cpp (2487B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 /*
      8 * Content policy implementation that prevents all loads of images,
      9 * subframes, etc from protocols that don't return data but rather open
     10 * applications (such as mailto).
     11 */
     12 
     13 #include "nsNoDataProtocolContentPolicy.h"
     14 
     15 #include "nsContentUtils.h"
     16 #include "nsIProtocolHandler.h"
     17 #include "nsIURI.h"
     18 #include "nsNetUtil.h"
     19 #include "nsString.h"
     20 
     21 NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)
     22 
     23 NS_IMETHODIMP
     24 nsNoDataProtocolContentPolicy::ShouldLoad(nsIURI* aContentLocation,
     25                                          nsILoadInfo* aLoadInfo,
     26                                          int16_t* aDecision) {
     27  ExtContentPolicyType contentType = aLoadInfo->GetExternalContentPolicyType();
     28 
     29  *aDecision = nsIContentPolicy::ACCEPT;
     30 
     31  // Don't block for TYPE_OBJECT since such URIs are sometimes loaded by the
     32  // plugin, so they don't necessarily open external apps
     33  // TYPE_WEBSOCKET loads can only go to ws:// or wss://, so we don't need to
     34  // concern ourselves with them.
     35  if (contentType != ExtContentPolicy::TYPE_DOCUMENT &&
     36      contentType != ExtContentPolicy::TYPE_SUBDOCUMENT &&
     37      contentType != ExtContentPolicy::TYPE_OBJECT &&
     38      contentType != ExtContentPolicy::TYPE_WEBSOCKET) {
     39    // The following are just quick-escapes for the most common cases
     40    // where we would allow the content to be loaded anyway.
     41    nsAutoCString scheme;
     42    aContentLocation->GetScheme(scheme);
     43    if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("https") ||
     44        scheme.EqualsLiteral("file") || scheme.EqualsLiteral("chrome")) {
     45      return NS_OK;
     46    }
     47 
     48    if (nsContentUtils::IsExternalProtocol(aContentLocation)) {
     49      NS_SetRequestBlockingReason(
     50          aLoadInfo,
     51          nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_NO_DATA_PROTOCOL);
     52      *aDecision = nsIContentPolicy::REJECT_REQUEST;
     53    }
     54  }
     55 
     56  return NS_OK;
     57 }
     58 
     59 NS_IMETHODIMP
     60 nsNoDataProtocolContentPolicy::ShouldProcess(nsIURI* aContentLocation,
     61                                             nsILoadInfo* aLoadInfo,
     62                                             int16_t* aDecision) {
     63  return ShouldLoad(aContentLocation, aLoadInfo, aDecision);
     64 }