mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1381282 - Change nsScriptErrorBase::InitWithWindowID so that it does not call GetSensitiveInfoHiddenSpec as much as now. r=bz r=valentin

This commit is contained in:
Dragana Damjanovic dd.mozilla@gmail.com 2017-08-07 15:56:30 +02:00
Родитель 0e6944b975
Коммит 23c8b30d23
12 изменённых файлов: 235 добавлений и 75 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
dom/base/nsContentUtils.cpp
Просмотреть файл

@ -4105,20 +4105,26 @@ nsContentUtils::ReportToConsoleByWindowID(const nsAString& aErrorText,
nsJSUtils::GetCallingLocation(cx, spec, &aLineNumber, &aColumnNumber);
}
}
if (spec.IsEmpty() && aURI) {
spec = aURI->GetSpecOrDefault();
}
nsCOMPtr<nsIScriptError> errorObject =
do_CreateInstance(NS_SCRIPTERROR_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = errorObject->InitWithWindowID(aErrorText,
NS_ConvertUTF8toUTF16(spec), // file name
aSourceLine,
aLineNumber, aColumnNumber,
aErrorFlags, aCategory,
aInnerWindowID);
if (!spec.IsEmpty()) {
rv = errorObject->InitWithWindowID(aErrorText,
NS_ConvertUTF8toUTF16(spec), // file name
aSourceLine,
aLineNumber, aColumnNumber,
aErrorFlags, aCategory,
aInnerWindowID);
} else {
rv = errorObject->InitWithSourceURI(aErrorText,
aURI,
aSourceLine,
aLineNumber, aColumnNumber,
aErrorFlags, aCategory,
aInnerWindowID);
}
NS_ENSURE_SUCCESS(rv, rv);
return sConsoleService->LogMessage(errorObject);

73
dom/bindings/nsIScriptError.idl
Просмотреть файл

@ -11,6 +11,7 @@
#include "nsISupports.idl"
#include "nsIArray.idl"
#include "nsIConsoleMessage.idl"
interface nsIURI;
%{C++
#include "nsStringGlue.h" // for nsDependentCString
@ -97,8 +98,17 @@ interface nsIScriptError : nsIConsoleMessage
in string category);
/* This should be called instead of nsIScriptError.init to
initialize with a window id. The window id should be for the
inner window associated with this error. */
* initialize with a window id. The window id should be for the
* inner window associated with this error.
*
* This function will check whether sourceName is a uri and sanitize it if
* needed. If you know the source name is sanitized already, use
* initWithSanitizedSource.
* A "sanitized" source name means that passwords are not shown. It will
* use the sensitiveInfoHiddenSpec function of nsIURI interface, that is
* replacing paswords with ***
* (e.g. https://USERNAME:****@example.com/some/path).
*/
void initWithWindowID(in AString message,
in AString sourceName,
in AString sourceLine,
@ -107,8 +117,33 @@ interface nsIScriptError : nsIConsoleMessage
in uint32_t flags,
in ACString category,
in unsigned long long innerWindowID);
/* This is the same function as initWithWindowID, but it expects an already
* sanitized sourceName.
* Please use it only if sourceName string is already sanitized.
*/
void initWithSanitizedSource(in AString message,
in AString sourceName,
in AString sourceLine,
in uint32_t lineNumber,
in uint32_t columnNumber,
in uint32_t flags,
in ACString category,
in unsigned long long innerWindowID);
/* This is the same function as initWithWindowID with an uri as a source parameter.
*/
void initWithSourceURI(in AString message,
in nsIURI sourceURI,
in AString sourceLine,
in uint32_t lineNumber,
in uint32_t columnNumber,
in uint32_t flags,
in ACString category,
in unsigned long long innerWindowID);
%{C++
// This overload allows passing a literal string for category.
// These overloads allow passing a literal string for category.
template<uint32_t N>
nsresult InitWithWindowID(const nsAString& message,
const nsAString& sourceName,
@ -123,6 +158,38 @@ interface nsIScriptError : nsIConsoleMessage
return InitWithWindowID(message, sourceName, sourceLine, lineNumber,
columnNumber, flags, category, aInnerWindowID);
}
template<uint32_t N>
nsresult InitWithSanitizedSource(const nsAString& message,
const nsAString& sourceName,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const char (&c)[N],
uint64_t aInnerWindowID)
{
nsDependentCString category(c, N - 1);
return InitWithSanitizedSource(message, sourceName, sourceLine,
lineNumber, columnNumber, flags,
category, aInnerWindowID);
}
template<uint32_t N>
nsresult InitWithSourceURI(const nsAString& message,
nsIURI* sourceURI,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const char (&c)[N],
uint64_t aInnerWindowID)
{
nsDependentCString category(c, N - 1);
return InitWithSourceURI(message, sourceURI, sourceLine,
lineNumber, columnNumber, flags,
category, aInnerWindowID);
}
%}
};

87
dom/bindings/nsScriptError.cpp
Просмотреть файл

@ -210,14 +210,41 @@ AssignSourceNameHelper(nsString& aSourceNameDest, const nsAString& aSourceNameSr
NS_SUCCEEDED(uri->GetPassword(pass)) &&
!pass.IsEmpty())
{
nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(uri);
nsAutoCString loc;
if (safeUri && NS_SUCCEEDED(safeUri->GetSensitiveInfoHiddenSpec(loc)))
aSourceNameDest.Assign(NS_ConvertUTF8toUTF16(loc));
NS_GetSanitizedURIStringFromURI(uri, aSourceNameDest);
}
}
static void
AssignSourceNameHelper(nsIURI* aSourceURI, nsString& aSourceNameDest)
{
if (!aSourceURI)
return;
if (NS_FAILED(NS_GetSanitizedURIStringFromURI(aSourceURI,
aSourceNameDest))) {
aSourceNameDest.AssignLiteral("[nsIURI::GetSpec failed]");
}
}
void
nsScriptErrorBase::InitializationHelper(const nsAString& message,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
mMessage.Assign(message);
mLineNumber = lineNumber;
mSourceLine.Assign(sourceLine);
mColumnNumber = columnNumber;
mFlags = flags;
mCategory = category;
mTimeStamp = JS_Now() / 1000;
mInnerWindowID = aInnerWindowID;
}
NS_IMETHODIMP
nsScriptErrorBase::InitWithWindowID(const nsAString& message,
const nsAString& sourceName,
@ -228,15 +255,49 @@ nsScriptErrorBase::InitWithWindowID(const nsAString& message,
const nsACString& category,
uint64_t aInnerWindowID)
{
mMessage.Assign(message);
InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
AssignSourceNameHelper(mSourceName, sourceName);
mLineNumber = lineNumber;
mSourceLine.Assign(sourceLine);
mColumnNumber = columnNumber;
mFlags = flags;
mCategory = category;
mTimeStamp = JS_Now() / 1000;
mInnerWindowID = aInnerWindowID;
if (aInnerWindowID && NS_IsMainThread())
InitializeOnMainThread();
return NS_OK;
}
NS_IMETHODIMP
nsScriptErrorBase::InitWithSanitizedSource(const nsAString& message,
const nsAString& sourceName,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
mSourceName = sourceName;
if (aInnerWindowID && NS_IsMainThread())
InitializeOnMainThread();
return NS_OK;
}
NS_IMETHODIMP
nsScriptErrorBase::InitWithSourceURI(const nsAString& message,
nsIURI *sourceURI,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
AssignSourceNameHelper(sourceURI, mSourceName);
if (aInnerWindowID && NS_IsMainThread())
InitializeOnMainThread();

6
dom/bindings/nsScriptError.h
Просмотреть файл

@ -53,6 +53,12 @@ protected:
void
InitializeOnMainThread();
void InitializationHelper(const nsAString& message,
const nsAString& sourceLine, uint32_t lineNumber,
uint32_t columnNumber, uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID);
nsCOMArray<nsIScriptErrorNote> mNotes;
nsString mMessage;
nsString mMessageName;

10
dom/security/FramingChecker.cpp
Просмотреть файл

@ -330,10 +330,12 @@ FramingChecker::ReportXFOViolation(nsIDocShellTreeItem* aTopDocShellItem,
break;
}
rv = errorObject->InitWithWindowID(msg, EmptyString(), EmptyString(), 0, 0,
nsIScriptError::errorFlag,
"X-Frame-Options",
topInnerWindow->WindowID());
// It is ok to use InitWithSanitizedSource, because the source string is
// empty.
rv = errorObject->InitWithSanitizedSource(msg, EmptyString(), EmptyString(),
0, 0, nsIScriptError::errorFlag,
"X-Frame-Options",
topInnerWindow->WindowID());
if (NS_FAILED(rv)) {
return;
}

20
dom/xml/XMLDocument.cpp
Просмотреть файл

@ -339,9 +339,6 @@ XMLDocument::Load(const nsAString& aUrl, CallerType aCallerType,
bool isChrome = false;
if (NS_FAILED(uri->SchemeIs("chrome", &isChrome)) || !isChrome) {
nsAutoCString spec;
if (mDocumentURI)
mDocumentURI->GetSpec(spec);
nsAutoString error;
error.AssignLiteral("Cross site loading using document.load is no "
@ -353,14 +350,15 @@ XMLDocument::Load(const nsAString& aUrl, CallerType aCallerType,
return false;
}
rv = errorObject->InitWithWindowID(error,
NS_ConvertUTF8toUTF16(spec),
EmptyString(),
0, 0, nsIScriptError::warningFlag,
"DOM",
callingDoc ?
callingDoc->InnerWindowID() :
this->InnerWindowID());
rv = errorObject->InitWithSourceURI(error,
mDocumentURI,
EmptyString(),
0, 0,
nsIScriptError::warningFlag,
"DOM",
callingDoc ?
callingDoc->InnerWindowID() :
this->InnerWindowID());
if (NS_FAILED(rv)) {
aRv.Throw(rv);

27
layout/style/ErrorReporter.cpp
Просмотреть файл

@ -17,10 +17,12 @@
#include "nsIDocument.h"
#include "nsIFactory.h"
#include "nsIScriptError.h"
#include "nsISensitiveInfoHiddenURI.h"
#include "nsIStringBundle.h"
#include "nsServiceManagerUtils.h"
#include "nsStyleUtil.h"
#include "nsThreadUtils.h"
#include "nsNetUtil.h"
#ifdef CSS_REPORT_PARSE_ERRORS
@ -37,12 +39,9 @@ public:
if (mURI != aURI) {
mURI = aURI;
nsAutoCString cSpec;
nsresult rv = mURI->GetSpec(cSpec);
if (NS_FAILED(rv)) {
cSpec.AssignLiteral("[nsIURI::GetSpec failed]");
if (NS_FAILED(NS_GetSanitizedURIStringFromURI(mURI, mSpec))) {
mSpec.AssignLiteral("[nsIURI::GetSpec failed]");
}
CopyUTF8toUTF16(cSpec, mSpec);
}
return mSpec;
}
@ -219,14 +218,16 @@ ErrorReporter::OutputError()
do_CreateInstance(sScriptErrorFactory, &rv);
if (NS_SUCCEEDED(rv)) {
rv = errorObject->InitWithWindowID(mError,
mFileName,
mErrorLine,
mErrorLineNumber,
mErrorColNumber,
nsIScriptError::warningFlag,
"CSS Parser",
mInnerWindowID);
// It is safe to used InitWithSanitizedSource because mFileName is
// an already anonymized uri spec.
rv = errorObject->InitWithSanitizedSource(mError,
mFileName,
mErrorLine,
mErrorLineNumber,
mErrorColNumber,
nsIScriptError::warningFlag,
"CSS Parser",
mInnerWindowID);
if (NS_SUCCEEDED(rv)) {
sConsoleService->LogMessage(errorObject);
}

21
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -47,6 +47,7 @@
#include "nsIRedirectChannelRegistrar.h"
#include "nsIRequestObserverProxy.h"
#include "nsIScriptSecurityManager.h"
#include "nsISensitiveInfoHiddenURI.h"
#include "nsISimpleStreamListener.h"
#include "nsISocketProvider.h"
#include "nsISocketProviderService.h"
@ -1578,6 +1579,26 @@ NS_NewURI(nsIURI **result,
return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI, ioService);
}
nsresult
NS_GetSanitizedURIStringFromURI(nsIURI *aUri, nsAString &aSanitizedSpec)
{
aSanitizedSpec.Truncate();
nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
nsAutoCString cSpec;
nsresult rv;
if (safeUri) {
rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
} else {
rv = aUri->GetSpec(cSpec);
}
if (NS_SUCCEEDED(rv)) {
aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec));
}
return rv;
}
nsresult
NS_LoadPersistentPropertiesFromURISpec(nsIPersistentProperties **outResult,
const nsACString &aSpec)

3
netwerk/base/nsNetUtil.h
Просмотреть файл

@ -100,6 +100,9 @@ nsresult NS_NewFileURI(nsIURI **result,
nsIFile *spec,
nsIIOService *ioService = nullptr); // pass in nsIIOService to optimize callers
nsresult NS_GetSanitizedURIStringFromURI(nsIURI *aUri,
nsAString &aSanitizedSpec);
/*
* How to create a new Channel, using NS_NewChannel,
* NS_NewChannelWithTriggeringPrincipal,

15
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -2494,16 +2494,13 @@ HttpBaseChannel::AddSecurityMessage(const nsAString &aMessageTag,
errorText);
NS_ENSURE_SUCCESS(rv, rv);
nsAutoCString spec;
if (mURI) {
spec = mURI->GetSpecOrDefault();
}
nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
error->InitWithWindowID(errorText, NS_ConvertUTF8toUTF16(spec),
EmptyString(), 0, 0, nsIScriptError::warningFlag,
NS_ConvertUTF16toUTF8(aMessageCategory),
innerWindowID);
error->InitWithSourceURI(errorText, mURI,
EmptyString(), 0, 0,
nsIScriptError::warningFlag,
NS_ConvertUTF16toUTF8(aMessageCategory),
innerWindowID);
console->LogMessage(error);
return NS_OK;

16
netwerk/protocol/http/nsCORSListenerProxy.cpp
Просмотреть файл

@ -1580,14 +1580,14 @@ nsCORSListenerProxy::LogBlockedCORSRequest(uint64_t aInnerWindowID,
// query innerWindowID and log to web console, otherwise log to
// the error to the browser console.
if (aInnerWindowID > 0) {
rv = scriptError->InitWithWindowID(aMessage,
EmptyString(), // sourceName
EmptyString(), // sourceLine
0, // lineNumber
0, // columnNumber
nsIScriptError::warningFlag,
"CORS",
aInnerWindowID);
rv = scriptError->InitWithSanitizedSource(aMessage,
EmptyString(), // sourceName
EmptyString(), // sourceLine
0, // lineNumber
0, // columnNumber
nsIScriptError::warningFlag,
"CORS",
aInnerWindowID);
}
else {
rv = scriptError->Init(aMessage,

8
toolkit/mozapps/extensions/AddonContentPolicy.cpp
Просмотреть файл

@ -72,15 +72,13 @@ LogMessage(const nsAString &aMessage, nsIURI* aSourceURI, const nsAString &aSour
nsCOMPtr<nsIScriptError> error = do_CreateInstance(NS_SCRIPTERROR_CONTRACTID);
NS_ENSURE_TRUE(error, NS_ERROR_OUT_OF_MEMORY);
nsCString sourceName = aSourceURI->GetSpecOrDefault();
uint64_t windowID = 0;
GetWindowIDFromContext(aContext, &windowID);
nsresult rv =
error->InitWithWindowID(aMessage, NS_ConvertUTF8toUTF16(sourceName),
aSourceSample, 0, 0, nsIScriptError::errorFlag,
"JavaScript", windowID);
error->InitWithSourceURI(aMessage, aSourceURI,
aSourceSample, 0, 0, nsIScriptError::errorFlag,
"JavaScript", windowID);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIConsoleService> console = do_GetService(NS_CONSOLESERVICE_CONTRACTID);