ReportingUtils.cpp

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this file,

 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "mozilla/dom/ReportingUtils.h"

#include "mozilla/dom/CSPViolationReportBody.h"

#include "mozilla/dom/Report.h"

#include "mozilla/dom/ReportBody.h"

#include "mozilla/dom/ReportDeliver.h"

#include "mozilla/dom/SecurityPolicyViolationEvent.h"

#include "mozilla/dom/WorkerPrivate.h"

#include "nsAtom.h"

#include "nsIGlobalObject.h"

#include "nsIURIMutator.h"

#include "nsNetUtil.h"

namespace mozilla::dom {

// https://w3c.github.io/reporting/#strip-url-for-use-in-reports-heading

/* static*/

void ReportingUtils::StripURL(nsIURI* aURI, nsACString& outStrippedURL) {

  // 1. If url’s scheme is not an HTTP(S) scheme, then return url’s scheme.

  if (!net::SchemeIsHttpOrHttps(aURI)) {

    aURI->GetScheme(outStrippedURL);

    return;

  // 2. Set url’s fragment to the empty string.

  // 3. Set url’s username to the empty string.

  // 4. Set url’s password to the empty string.

  nsCOMPtr<nsIURI> stripped;

  if (NS_FAILED(NS_MutateURI(aURI).SetRef(""_ns).SetUserPass(""_ns).Finalize(

          stripped))) {

    // Mutating the URI failed for some reason, just return the scheme.

    aURI->GetScheme(outStrippedURL);

    return;

  // 4. Return the result of executing the URL serializer on url.

  stripped->GetSpec(outStrippedURL);

// static

void ReportingUtils::Report(nsIGlobalObject* aGlobal, nsAtom* aType,

                            const nsAString& aGroupName, const nsAString& aURL,

                            ReportBody* aBody) {

  MOZ_RELEASE_ASSERT(aGlobal && aBody);

  nsDependentAtomString type(aType);

  RefPtr<mozilla::dom::Report> report =

      new mozilla::dom::Report(aGlobal, type, aURL, aBody);

  aGlobal->BroadcastReport(report);

  // No endpoint to send them to.

  if (aGroupName.IsEmpty() || aGroupName.IsVoid()) {

    return;

  uint64_t associatedBrowsingContextId = 0;

  // Try to get browsing context from window (for main thread)

  if (nsPIDOMWindowInner* window = aGlobal->GetAsInnerWindow()) {

    if (BrowsingContext* bc = window->GetBrowsingContext()) {

      associatedBrowsingContextId = bc->Id();

  } else if (WorkerPrivate* workerPrivate = GetCurrentThreadWorkerPrivate()) {

    // For workers, get the associated browsing context

    associatedBrowsingContextId = workerPrivate->AssociatedBrowsingContextID();

  ReportDeliver::AttemptDelivery(aGlobal, type, aGroupName, aURL, aBody,

                                 associatedBrowsingContextId);

/* static */

void ReportingUtils::DeserializeSecurityViolationEventAndReport(

    mozilla::dom::EventTarget* aTarget, nsIGlobalObject* aGlobal,

    const nsAString& aSecurityPolicyViolationInitJSON,

    const nsAString& aReportGroupName) {

  SecurityPolicyViolationEventInit violationEventInit;

  if (NS_WARN_IF(!violationEventInit.Init(aSecurityPolicyViolationInitJSON))) {

    return;

  RefPtr<mozilla::dom::Event> event =

      mozilla::dom::SecurityPolicyViolationEvent::Constructor(

          aTarget, u"securitypolicyviolation"_ns, violationEventInit);

  event->SetTrusted(true);

  aTarget->DispatchEvent(*event, IgnoreErrors());

  RefPtr<CSPViolationReportBody> body =

      new CSPViolationReportBody(aGlobal, violationEventInit);

  ReportingUtils::Report(aGlobal, nsGkAtoms::cspViolation, aReportGroupName,

                         violationEventInit.mDocumentURI, body);

}  // namespace mozilla::dom