Implement Trusted Types support for the "pre-navigation check"
Categories
(Core :: DOM: Security, task, P3)
Tracking
()
People
(Reporter: mbrodesser-Igalia, Assigned: mbrodesser-Igalia)
References
(Depends on 3 open bugs, Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog])
Attachments
(4 files)
https://w3c.github.io/trusted-types/dist/spec/#require-trusted-types-for-pre-navigation-check
Depends on https://bugzilla.mozilla.org/show_bug.cgi?id=1913339, because relevant default-policy code is added there.
Assignee | ||
Updated•26 days ago
|
Updated•25 days ago
|
Assignee | ||
Comment 1•25 days ago
|
||
Code in Gecko for another pre-navigation check (https://w3c.github.io/webappsec-csp/#form-action-pre-navigate) uses nsIContentSecurityPolicy::permits
(https://searchfox.org/mozilla-central/rev/aee7c3a0dbf33af0c4f6648f391db62b35895e50/dom/html/HTMLFormSubmission.cpp#820-823).
Assignee | ||
Comment 2•25 days ago
|
||
An arbitrary directive's pre-navigation check (https://w3c.github.io/webappsec-csp/#directive-pre-navigation-check) has only the following call sequence:
Assignee | ||
Comment 3•25 days ago
•
|
||
Turned out the HTML spec calls 1. of above comment from:
https://html.spec.whatwg.org/multipage/browsing-the-web.html#create-navigation-params-by-fetching, step 19.3
and
https://html.spec.whatwg.org/multipage/browsing-the-web.html#the-javascript:-url-special-case, step 5.
Assignee | ||
Comment 4•25 days ago
|
||
https://html.spec.whatwg.org/multipage/browsing-the-web.html#the-javascript:-url-special-case, step 5.
https://searchfox.org/mozilla-central/search?path=&q=AllowedByCSP is triggered via
nsJSChannel::AsyncOpen
(https://searchfox.org/mozilla-central/rev/aee7c3a0dbf33af0c4f6648f391db62b35895e50/dom/jsurl/nsJSProtocolHandler.cpp#679), from the following call stack:
#0 nsJSChannel::AsyncOpen (this=0x7c3807495280, aListener=<optimized out>) at /home/mirko/work/code/gecko/dom/jsurl/nsJSProtocolHandler.cpp:687
#1 0x00007c3812df5e31 in nsURILoader::OpenURI (this=0x7c380aeaf580, channel=0x7c3807495280, aFlags=<optimized out>, aWindowContext=<optimized out>)
at /home/mirko/work/code/gecko/uriloader/base/nsURILoader.cpp:754
#2 0x00007c3817ff9de6 in nsDocShell::OpenInitializedChannel (this=this@entry=0x7c3807424400, aChannel=0x7c3807495280, aURILoader=0x7c380aeaf580, aOpenFlags=<optimized out>)
at /home/mirko/work/code/gecko/docshell/base/nsDocShell.cpp:10596
#3 0x00007c3817ff43e8 in nsDocShell::DoURILoad (this=this@entry=0x7c3807424400, aLoadState=aLoadState@entry=0x7c38074b60c0, aCacheKey=..., aRequest=0x7fff4a69dc60)
at /home/mirko/work/code/gecko/docshell/base/nsDocShell.cpp:10457
#4 0x00007c3817f94f72 in nsDocShell::InternalLoad (this=this@entry=0x7c3807424400, aLoadState=aLoadState@entry=0x7c38074b60c0, aCacheKey=...) at /home/mirko/work/code/gecko/docshell/base/nsDocShell.cpp:9499
#5 0x00007c3818003b7b in nsDocShell::OnLinkClickSync (this=0x7c3807424400, aContent=0x7c3809a16030, aLoadState=0x7c38074b60c0, aNoOpenerImplied=<optimized out>, aTriggeringPrincipal=<optimized out>)
at /home/mirko/work/code/gecko/docshell/base/nsDocShell.cpp:13029
#6 0x00007c3815a6a687 in mozilla::dom::HTMLFormElement::SubmitSubmission (this=this@entry=0x7c3809a16030, aFormSubmission=<optimized out>) at /home/mirko/work/code/gecko/dom/html/HTMLFormElement.cpp:884
#7 0x00007c3815a68b14 in mozilla::dom::HTMLFormElement::DoSubmit (this=0x7c3809a16030, aEvent=aEvent@entry=0x0) at /home/mirko/work/code/gecko/dom/html/HTMLFormElement.cpp:742
#8 0x00007c3815a687e0 in mozilla::dom::HTMLFormElement::Submit (this=0x10, aRv=...) at /home/mirko/work/code/gecko/dom/html/HTMLFormElement.cpp:333
#9 0x00007c38151bf8dd in mozilla::dom::HTMLFormElement_Binding::submit (cx=0x7c380c136200, obj=..., void_self=0x7c3809a16030, args=...) at ./HTMLFormElementBinding.cpp:1002
#10 0x00007c3815260578 in mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> (cx=cx@entry=0x7c380c136200,
Comment 5•25 days ago
|
||
Tom, could you assist with finding the right place where the spec parts mentioned in comment 2 are implemented?
Assignee | ||
Comment 6•25 days ago
|
||
Assignee | ||
Comment 7•25 days ago
|
||
Btw., "Thunk" from nsJSThunk
(contained in nsJSProtocolHandler) is defined at https://en.wikipedia.org/wiki/Thunk.
Assignee | ||
Comment 8•25 days ago
|
||
Related code refers to a non-existing part of the spec (https://searchfox.org/mozilla-central/rev/aee7c3a0dbf33af0c4f6648f391db62b35895e50/dom/jsurl/nsJSProtocolHandler.cpp#171,292-293).
Comment 9•24 days ago
|
||
(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #6)
https://searchfox.org/mozilla-central/rev/aee7c3a0dbf33af0c4f6648f391db62b35895e50/dom/jsurl/nsJSProtocolHandler.cpp#140 could be the right place.
Yes, I think that is the correct place.
Assignee | ||
Comment 10•24 days ago
|
||
It's an ancient term likely unknown to many developers.
Assignee | ||
Comment 11•24 days ago
|
||
Spidermonkey currently doesn't use MOZ_CAN_RUN_SCRIPT
hence not
annotating the called code.
Depends on D221036
Assignee | ||
Comment 12•17 days ago
|
||
onclick="javascript:alert('x')"
doesn't execute nsJSThunk::EvaluateScript
, see https://jsfiddle.net/e2r8aqhw/.
I wonder if that's intended.
Typing javascript:alert('x');
in the address bar calls nsJSThunk::EvaluateScript
though; it blocks execution though.
Comment 13•17 days ago
|
||
(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #12)
onclick="javascript:alert('x')"
doesn't executensJSThunk::EvaluateScript
, see https://jsfiddle.net/e2r8aqhw/.I wonder if that's intended.
onclick
is not a navigation at all, you are adding an inline event handler for the click
event. In this case javascript:
is a label and not the protocol of an URL. What you are doing is roughly equivalent to:
onclick = function () {
javascript: alert('x');
};
Assignee | ||
Comment 14•16 days ago
|
||
Assignee | ||
Comment 15•16 days ago
|
||
Depends on D221929
Updated•16 days ago
|
Assignee | ||
Updated•12 days ago
|
Assignee | ||
Updated•12 days ago
|
Assignee | ||
Updated•10 days ago
|
Assignee | ||
Updated•10 days ago
|
Description
•