© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
(In reply to Ms2ger from comment #27)
> Comment on attachment 578799 [diff] [details] [review]
> WIP - experimental prototype
Again, thanks very much for jumping on this patch and giving me feedback, it's greatly appreciated :)
> >--- a/content/
> >+++ b/content/
> > /**
> >+ * Set the sandbox flags for this document. This should only happen at
> >+ * at document load, the flags are immutable after being set at load time.
> >+ * @ see nsDocShell.idl for the possible flags
>
> nsDocShell.idl doesn't exist. (Three times or so.)
oops, sorry, will fix.
> >--- a/content/
> >+++ b/content/
> >+ nsCOMPtr<
>
> 'nsCOMPtr<
> do_QueryInterfa
thanks, will fix.
> >+ // is this an <iframe> with a sandbox attribute or a frame whose parent
> >+ // is sandboxed ?
> >+ if (mOwnerContent-
> >+ (parentSandboxFlags || mOwnerContent-
>
> Instead of this, add a nsHTMLIFrameEle
> nsHTMLIFrameEle
> nsHTMLIFrameElement that returns the flags, and move the code you added to
> nsContentUtils there. Also use it in nsHTMLIFrameEle
ok, i took a look at an example FromContent() on another element and I think I understand
what you'd like me to do here. I put the code to parse the flags etc in nsContentUtils so it could be used by CSP Sandbox (bug 671389) - does that change your opinion at all on how to rework this ? (that's why i didn't put the flag parsing in the iframe element originally). We also discussed support @sandbox on <frame>, which it seemed like there was interest in (just as an fyi).
> >+ PRUint32 sandboxFlags = 0;
> >+
> >+ nsCOMPtr<
> >+
> >+ if (iframe) {
> >+ nsCOMPtr<
> >+
> >+ nsresult result = iframe-
> >+ // TODO : what to do if this fails ? (see below also)
> >+
> >+ sandboxFlags = nsContentUtils:
> >+ // TODO: what to do if this fails ? the content was intended to be sandboxed
> >+ // and it may not be - maybe fail closed (all restrictions) ???
> >+ }
> >+
> >+ if (parentSandboxF
> >+ // do the intersection with the current flags in the docshell!
>
> Doesn't sandboxFlags &= parentSandboxFlags do the right thing, and if not,
> why not?
yeah. as i mentioned above, i think &= is the right thing here. i will fix this.
> >+ }
> >+
> >+ else {
>
> } else {
>
> >--- a/content/
> >+++ b/content/
> >+ virtual nsresult AfterSetAttr(
> >+ const nsAString* aValue,
> >+ bool aNotify);
>
> Indentation
will fix, sorry.
> >--- a/docshell/
> >+++ b/docshell/
> >+ // If the content is sandboxed, force the passed in owner (which should be
> >+ // a null principal) to be set on the channel, UNLESS the sandbox allow-same-domain flag is also
> >+ // set. In that case, allow the content to asssume its "natural domain" as it
> >+ // normally would.
> >+ if ((mSandboxFlags & SANDBOX_
> >+ (mSandboxFlags & SANDBOX_
> >+ nsContentUtils:
> >+ }
> >+ else {
> >+ nsContentUtils:
> >+ }
>
> nsContentUtils:
> (mSandboxFlags & SANDBOX_
> &&
> (mSandboxFlags &
> SANDBOX_
thanks, much cleaner, will fix.
> >--- a/dom/interface
> >+++ b/dom/interface
> >-
> >+
> >+ // HTML5 sandbox attribute
>
> This interface is specified in HTML, so no need for the comment. Also, leave
> the two empty lines between the HTML-specified members and the Mozilla
> extensions.
Thanks, will fix.
> Also check the entire patch for tabs and trailing whitespace, and make sure
> the comments you add are full sentences (including capital letters and full
> stops).
Will do - sorry, this patch wasn't totally cleaned up, thanks for the sanity check on the code, i will clean it all up ! :)