commit 74169fbecb372ad779cae276185606af28e0ed5e Author: Mike Perry mikeperry-git@fscked.org Date: Wed Oct 17 01:34:53 2012 -0700
Bug 7128: Prevent crash on certain links.
NoScript was using the canvas (for ClearClick) without any context.. --- ...d-mozIThirdPartyUtil.getFirstPartyURI-API.patch | 29 ++++++++++++------- .../0021-Add-canvas-image-extraction-prompt.patch | 2 +- ...nt-window-coordinates-for-mouse-event-scr.patch | 2 +- ...se-physical-screen-info.-via-window-and-w.patch | 2 +- ...not-expose-system-colors-to-CSS-or-canvas.patch | 2 +- 5 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/src/current-patches/firefox/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch b/src/current-patches/firefox/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch index 700a795..114301d 100644 --- a/src/current-patches/firefox/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch +++ b/src/current-patches/firefox/0020-Add-mozIThirdPartyUtil.getFirstPartyURI-API.patch @@ -1,17 +1,17 @@ -From 24f62d79a6179598ed633481e2bbeac1b2ccd9bc Mon Sep 17 00:00:00 2001 +From 36d57455893bcf6dc08e91a2784970f285c5e84b Mon Sep 17 00:00:00 2001 From: Mike Perry mikeperry-git@torproject.org Date: Tue, 28 Aug 2012 18:35:33 -0700 Subject: [PATCH 20/24] Add mozIThirdPartyUtil.getFirstPartyURI API
API allows you to get the url bar URI for a channel or nsIDocument. --- - content/base/src/ThirdPartyUtil.cpp | 52 ++++++++++++++++++++++++++++ + content/base/src/ThirdPartyUtil.cpp | 59 ++++++++++++++++++++++++++++ content/base/src/ThirdPartyUtil.h | 2 + - netwerk/base/public/mozIThirdPartyUtil.idl | 21 +++++++++++ - 3 files changed, 75 insertions(+), 0 deletions(-) + netwerk/base/public/mozIThirdPartyUtil.idl | 21 ++++++++++ + 3 files changed, 82 insertions(+), 0 deletions(-)
diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp -index 6a415e9..62333f3 100644 +index 6a415e9..52b3dab 100644 --- a/content/base/src/ThirdPartyUtil.cpp +++ b/content/base/src/ThirdPartyUtil.cpp @@ -40,6 +40,9 @@ @@ -32,7 +32,7 @@ index 6a415e9..62333f3 100644 return rv; }
-@@ -315,3 +319,51 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI, +@@ -315,3 +319,58 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
return NS_OK; } @@ -62,12 +62,19 @@ index 6a415e9..62333f3 100644 + if (NS_FAILED(rv) && aDoc) { + nsCOMPtr<nsIDOMWindow> top; + nsCOMPtr<nsIDOMDocument> topDDoc; -+ -+ aDoc->GetWindow()->GetTop(getter_AddRefs(top)); -+ top->GetDocument(getter_AddRefs(topDDoc)); ++ ++ if (aDoc->GetWindow()) { ++ aDoc->GetWindow()->GetTop(getter_AddRefs(top)); ++ top->GetDocument(getter_AddRefs(topDDoc)); + -+ nsCOMPtr<nsIDocument> topDoc(do_QueryInterface(topDDoc)); -+ *aOutput = topDoc->GetOriginalURI(); ++ nsCOMPtr<nsIDocument> topDoc(do_QueryInterface(topDDoc)); ++ *aOutput = topDoc->GetOriginalURI(); ++ } else { ++ // XXX: Chrome callers (such as NoScript) can end up here ++ // through getImageData/canvas usage with no document state ++ // (no Window and a document URI of about:blank). Propogate ++ // rv fail (by doing nothing), and hope caller recovers. ++ } + + if (*aOutput) + rv = NS_OK; diff --git a/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch b/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch index f303683..cf5dd61 100644 --- a/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch +++ b/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch @@ -1,4 +1,4 @@ -From 3e8d778866d96e1ca82f2b08e7b8d948c1c3853d Mon Sep 17 00:00:00 2001 +From 29ce940434ebbb8e54c0d9b8f84ccf6ec6bd71bc Mon Sep 17 00:00:00 2001 From: Kathleen Brade brade@pearlcrescent.com Date: Tue, 9 Oct 2012 11:21:06 -0400 Subject: [PATCH 21/24] Add canvas image extraction prompt. diff --git a/src/current-patches/firefox/0022-Return-client-window-coordinates-for-mouse-event-scr.patch b/src/current-patches/firefox/0022-Return-client-window-coordinates-for-mouse-event-scr.patch index 2532e5f..6da9c72 100644 --- a/src/current-patches/firefox/0022-Return-client-window-coordinates-for-mouse-event-scr.patch +++ b/src/current-patches/firefox/0022-Return-client-window-coordinates-for-mouse-event-scr.patch @@ -1,4 +1,4 @@ -From eb9cc23d7b04d9c441f69e98834561622533f6ba Mon Sep 17 00:00:00 2001 +From 74215e38ba60b74df59216122c4f2cc068e33216 Mon Sep 17 00:00:00 2001 From: Kathleen Brade brade@pearlcrescent.com Date: Tue, 9 Oct 2012 11:13:45 -0400 Subject: [PATCH 22/24] Return client window coordinates for mouse event diff --git a/src/current-patches/firefox/0023-Do-not-expose-physical-screen-info.-via-window-and-w.patch b/src/current-patches/firefox/0023-Do-not-expose-physical-screen-info.-via-window-and-w.patch index 1907906..1b925e0 100644 --- a/src/current-patches/firefox/0023-Do-not-expose-physical-screen-info.-via-window-and-w.patch +++ b/src/current-patches/firefox/0023-Do-not-expose-physical-screen-info.-via-window-and-w.patch @@ -1,4 +1,4 @@ -From f842f612d98477ad36014338a72f812cf4183e2f Mon Sep 17 00:00:00 2001 +From d944531b020848e09ac280af11d039d992ab6461 Mon Sep 17 00:00:00 2001 From: Kathleen Brade brade@pearlcrescent.com Date: Wed, 3 Oct 2012 17:06:48 -0400 Subject: [PATCH 23/24] Do not expose physical screen info. via window and diff --git a/src/current-patches/firefox/0024-Do-not-expose-system-colors-to-CSS-or-canvas.patch b/src/current-patches/firefox/0024-Do-not-expose-system-colors-to-CSS-or-canvas.patch index 5b808ad..629a759 100644 --- a/src/current-patches/firefox/0024-Do-not-expose-system-colors-to-CSS-or-canvas.patch +++ b/src/current-patches/firefox/0024-Do-not-expose-system-colors-to-CSS-or-canvas.patch @@ -1,4 +1,4 @@ -From a3a36dbaebcacdcf6b4343a587ea673e6245102d Mon Sep 17 00:00:00 2001 +From 38a469e05779315cb2990be60c13fb167812e54d Mon Sep 17 00:00:00 2001 From: Kathleen Brade brade@pearlcrescent.com Date: Thu, 4 Oct 2012 14:53:13 -0400 Subject: [PATCH 24/24] Do not expose system colors to CSS or canvas.