[places] Prevent some abuse of smart queries.

2019-06-12 13:44:05 +03:00 · 2019-06-12 13:44:05 +03:00 · 96e20cdf0e
parent 8cb7a2af2e
commit 96e20cdf0e
2 changed files with 14 additions and 4 deletions
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@ -39,6 +39,7 @@
 #include "mozilla/dom/OSFileSystem.h"
 #include "mozilla/dom/Promise.h"
 #include "nsNetUtil.h"
+#include "nsReadableUtils.h"

 namespace mozilla {
 namespace dom {
@ -644,6 +645,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
      NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
      return false;
    }
+    
+    // Disallow content from creating x-moz-place flavors, so that it cannot
+    // create fake Places smart queries exposing user data.
+    if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+      NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+      return false;
+    }
  }
  return true;
 }
--- a/toolkit/components/places/PlacesUtils.jsm
+++ b/toolkit/components/places/PlacesUtils.jsm
@ -908,6 +908,7 @@ this.PlacesUtils = {
   * @param   type
   *          The content type of the blob.
   * @returns An array of objects representing each item contained by the source.
+   * @throws if the blob contains invalid data.
   */
  unwrapNodes: function PU_unwrapNodes(blob, type) {
    // We split on "\n"  because the transferable system converts "\r\n" to "\n"
@ -939,7 +940,7 @@ this.PlacesUtils = {
            catch (e) {}
          }
          // note:  this._uri() will throw if uriString is not a valid URI
-          if (this._uri(uriString)) {
+          if (this._uri(uriString) && this._uri(uriString).scheme != "place") {
            nodes.push({ uri: uriString,
                         title: titleString ? titleString : uriString,
                         type: this.TYPE_X_MOZ_URL });
@ -952,11 +953,12 @@ this.PlacesUtils = {
        for (let i = 0; i < parts.length; i++) {
          let uriString = parts[i];
          // text/uri-list is converted to TYPE_UNICODE but it could contain
-          // comments line prepended by #, we should skip them
-          if (uriString.substr(0, 1) == '\x23')
+          // comments line prepended by #, we should skip them, as well as
+          // empty URIs
+          if (uriString.substr(0, 1) == '\x23' || uriString == "")
            continue;
          // note: this._uri() will throw if uriString is not a valid URI
-          if (uriString != "" && this._uri(uriString))
+          if (this._uri(uriString).scheme != "place")
            nodes.push({ uri: uriString,
                         title: uriString,
                         type: this.TYPE_X_MOZ_URL });