1754672 - Permanent comm/mail/test/browser/content-policy/browser_jsContentPolicy.js | JS should be turned on in content. - "undefined" == true | noscript display should be 'none' - "inline" == "none"

Status: RESOLVED FIXED

(Thunderbird :: Security, defect, P5)

Description

[Treeherder Bug Filer]

Filed by: geoff [at] darktrojan.net
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=367345716&repo=comm-central
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Orj9lLrJT3uLBkvrYvNg0Q/runs/0/artifacts/public/logs/live_backing.log

---

Comment 1

[Geoff Lankow (:darktrojan)]

It's not failing on debug because the content policy tests don't run on debug.

Comment 2

[Magnus Melin [:mkmelin] (away, back June 30)]

Something from https://hg.mozilla.org/mozilla-central/pushloghtml?changeset=ddc6b48554dc442c7eaf9b87e13e58ecc9485b16
Bug 1744352 looks like a prime suspect - https://hg.mozilla.org/mozilla-central/rev/b3a8f99f0044f5a4c7c44878d67c3de880b68340

Comment 3

[Magnus Melin [:mkmelin] (away, back June 30)]

Something we need to change around here? https://searchfox.org/comm-central/rev/fd6043fc9c553cd603b9044cbfb9bcc051db040f/mailnews/base/src/nsMsgContentPolicy.cpp#873

Comment 4

[Nika Layzell [:nika] (ni? for response)]

I'm not super familiar with the thunderbird code, so I'll be guessing a bit here. It appears that in bug 1643986 you made thunderbird set sandboxing flags on the BrowsingContext from the nsMsgContentPolicy.cpp code whenever a message is loaded. This will, in turn, cause all loads in that BrowsingContext to be sandboxed. Before the changes I landed last week, we were incorrectly dropping those sandboxing flags after some types of navigations, so it didn't come up in testing that after the flags were set, they were never cleared.

You probably need to make the else branch in that function also configure the sandbox flags on the BrowsingContext to be more relaxed in order to get things working more consistently.

Comment 5

[Magnus Melin [:mkmelin] (away, back June 30)]

I did try rv = browsingContext->SetSandboxFlags(SANDBOXED_NONE); in the else. But the test still fails.

Comment 6

[Geoff Lankow (:darktrojan)]

The flags are things to enable, so it should be SANDBOX_ALL_FLAGS, not SANDBOXED_NONE. I think. I'll see what the Try server thinks.

Comment 7

[Geoff Lankow (:darktrojan)]

Okay. That didn't work.

Comment 8

[Intermittent Failures Robot]

21 failures in 697 pushes (0.03 failures/push) were associated with this bug yesterday.

Repository breakdown:

• comm-central: 21

Platform and build breakdown:

• macosx1015-64-qr: 3
  • opt: 3
• linux1804-64-qr: 3
  • opt: 3
• linux1804-64-shippable-qr: 3
  • opt: 3
• macosx1015-64-shippable-qr: 4
  • opt: 4
• windows10-64-2004-qr: 2
  • opt: 2
• windows10-32-2004-qr: 2
  • opt: 2
• windows10-32-2004-shippable-qr: 2
  • opt: 2
• windows10-64-2004-shippable-qr: 2
  • opt: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1754672&startday=2022-02-10&endday=2022-02-10&tree=all

Comment 9

[Magnus Melin [:mkmelin] (away, back June 30)]

Tried also clearing explicitly the SANDBOXED_SCRIPTS, but no changes to the flags take effect.
It's this line causing it - https://hg.mozilla.org/mozilla-central/rev/b3a8f99f0044f5a4c7c44878d67c3de880b68340#l2.15
Would setting the initial sandboxflags (on the next line) be enough?

Comment 10

[Intermittent Failures Robot]

25 failures in 3711 pushes (0.007 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• comm-central: 25

Platform and build breakdown:

• macosx1015-64-qr: 4
  • opt: 4
• linux1804-64-qr: 5
  • opt: 5
• linux1804-64-shippable-qr: 4
  • opt: 4
• macosx1015-64-shippable-qr: 4
  • opt: 4
• windows10-64-2004-qr: 2
  • opt: 2
• windows10-32-2004-qr: 2
  • opt: 2
• windows10-32-2004-shippable-qr: 2
  • opt: 2
• windows10-64-2004-shippable-qr: 2
  • opt: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1754672&startday=2022-02-07&endday=2022-02-13&tree=all

Comment 11

[Magnus Melin [:mkmelin] (away, back June 30)]

Attachment: Bug 1754672 - fix browser_jsContentPolicy.js after bug 1754785. r=benc

Before the changes in bug 1754785, sandboxing flags were dropped after some types of navigations => we started off from unsandboxed here.
This patch sets that unsandboxed state explicitely on the browsing context so when the code bails out early (for data: url) the we do not get the sandboxing of what used to be loaded in the context.

Comment 12

[Pulsebot]

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/e9cce01454a0
fix browser_jsContentPolicy.js after bug 1754785. r=benc

Comment 13

[Intermittent Failures Robot]

10 failures in 3281 pushes (0.003 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• comm-central: 10

Platform and build breakdown:

• macosx1015-64-qr: 2
  • opt: 2
• linux1804-64-shippable-qr: 2
  • opt: 2
• linux1804-64-qr: 2
  • opt: 2
• macosx1015-64-shippable-qr: 2
  • opt: 2
• windows10-64-2004-qr: 1
  • opt: 1
• windows10-32-2004-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1754672&startday=2022-02-14&endday=2022-02-20&tree=all

Comment 14

[Rob Lemley [:rjl]]

Comment on attachment 9263732 [details]
Bug 1754672 - fix browser_jsContentPolicy.js after bug 1754785. r=benc

[Triage Comment]
Fix for browser_jsContentPolicy.js failures caused by uplift of bug 1744352 to m-beta. Not sure why bug 1754785 is mentioned; it doesn't seem to affect the outcome of the tests.

Comment 15

[Rob Lemley [:rjl]]

Thunderbird 98.0b3:
https://hg.mozilla.org/releases/comm-beta/rev/ca168ac5a203

Comment 16

[Magnus Melin [:mkmelin] (away, back June 30)]

The commit comment should have said "after bug 1744352".
Bug 1754785 is also caused by that bug.

Comment 17

[Rob Lemley [:rjl]]

Comment on attachment 9263732 [details]
Bug 1754672 - fix browser_jsContentPolicy.js after bug 1754785. r=benc

[Approval Request Comment]
Per comment 16, bug 1744352 caused this bug. Bug 1744352 was uplifted to m-esr91 necessitating uplift.

Comment 18

[Wayne Mery (:wsmwk)]

Comment on attachment 9263732 [details]
Bug 1754672 - fix browser_jsContentPolicy.js after bug 1754785. r=benc

[Triage Comment]
approved for esr91

Comment 19

[Rob Lemley [:rjl]]

Thunderbird 91.7.0:
https://hg.mozilla.org/releases/comm-esr91/rev/37ce5243da5f