mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1381282 - Change nsScriptErrorBase::InitWithWindowID so that it does not call GetSensitiveInfoHiddenSpec as much as now. r=bz r=valentin

This commit is contained in:
Dragana Damjanovic dd.mozilla@gmail.com 2017-08-07 15:56:30 +02:00
Родитель 0e6944b975
Коммит 23c8b30d23
12 изменённых файлов: 235 добавлений и 75 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
dom/base/nsContentUtils.cpp
Просмотреть файл

@ -4105,20 +4105,26 @@ nsContentUtils::ReportToConsoleByWindowID(const nsAString& aErrorText,
nsJSUtils::GetCallingLocation(cx, spec, &aLineNumber, &aColumnNumber); nsJSUtils::GetCallingLocation(cx, spec, &aLineNumber, &aColumnNumber);
} }
} }
if (spec.IsEmpty() && aURI) {
spec = aURI->GetSpecOrDefault();
}
nsCOMPtr<nsIScriptError> errorObject = nsCOMPtr<nsIScriptError> errorObject =
do_CreateInstance(NS_SCRIPTERROR_CONTRACTID, &rv); do_CreateInstance(NS_SCRIPTERROR_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
rv = errorObject->InitWithWindowID(aErrorText, if (!spec.IsEmpty()) {
NS_ConvertUTF8toUTF16(spec), // file name rv = errorObject->InitWithWindowID(aErrorText,
aSourceLine, NS_ConvertUTF8toUTF16(spec), // file name
aLineNumber, aColumnNumber, aSourceLine,
aErrorFlags, aCategory, aLineNumber, aColumnNumber,
aInnerWindowID); aErrorFlags, aCategory,
aInnerWindowID);
} else {
rv = errorObject->InitWithSourceURI(aErrorText,
aURI,
aSourceLine,
aLineNumber, aColumnNumber,
aErrorFlags, aCategory,
aInnerWindowID);
}
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
return sConsoleService->LogMessage(errorObject); return sConsoleService->LogMessage(errorObject);

73
dom/bindings/nsIScriptError.idl
Просмотреть файл

@ -11,6 +11,7 @@
#include "nsISupports.idl" #include "nsISupports.idl"
#include "nsIArray.idl" #include "nsIArray.idl"
#include "nsIConsoleMessage.idl" #include "nsIConsoleMessage.idl"
interface nsIURI;
%{C++ %{C++
#include "nsStringGlue.h" // for nsDependentCString #include "nsStringGlue.h" // for nsDependentCString
@ -97,8 +98,17 @@ interface nsIScriptError : nsIConsoleMessage
in string category); in string category);
/* This should be called instead of nsIScriptError.init to /* This should be called instead of nsIScriptError.init to
initialize with a window id. The window id should be for the * initialize with a window id. The window id should be for the
inner window associated with this error. */ * inner window associated with this error.
*
* This function will check whether sourceName is a uri and sanitize it if
* needed. If you know the source name is sanitized already, use
* initWithSanitizedSource.
* A "sanitized" source name means that passwords are not shown. It will
* use the sensitiveInfoHiddenSpec function of nsIURI interface, that is
* replacing paswords with ***
* (e.g. https://USERNAME:****@example.com/some/path).
*/
void initWithWindowID(in AString message, void initWithWindowID(in AString message,
in AString sourceName, in AString sourceName,
in AString sourceLine, in AString sourceLine,
@ -107,8 +117,33 @@ interface nsIScriptError : nsIConsoleMessage
in uint32_t flags, in uint32_t flags,
in ACString category, in ACString category,
in unsigned long long innerWindowID); in unsigned long long innerWindowID);
/* This is the same function as initWithWindowID, but it expects an already
* sanitized sourceName.
* Please use it only if sourceName string is already sanitized.
*/
void initWithSanitizedSource(in AString message,
in AString sourceName,
in AString sourceLine,
in uint32_t lineNumber,
in uint32_t columnNumber,
in uint32_t flags,
in ACString category,
in unsigned long long innerWindowID);
/* This is the same function as initWithWindowID with an uri as a source parameter.
*/
void initWithSourceURI(in AString message,
in nsIURI sourceURI,
in AString sourceLine,
in uint32_t lineNumber,
in uint32_t columnNumber,
in uint32_t flags,
in ACString category,
in unsigned long long innerWindowID);
%{C++ %{C++
// This overload allows passing a literal string for category. // These overloads allow passing a literal string for category.
template<uint32_t N> template<uint32_t N>
nsresult InitWithWindowID(const nsAString& message, nsresult InitWithWindowID(const nsAString& message,
const nsAString& sourceName, const nsAString& sourceName,
@ -123,6 +158,38 @@ interface nsIScriptError : nsIConsoleMessage
return InitWithWindowID(message, sourceName, sourceLine, lineNumber, return InitWithWindowID(message, sourceName, sourceLine, lineNumber,
columnNumber, flags, category, aInnerWindowID); columnNumber, flags, category, aInnerWindowID);
} }
template<uint32_t N>
nsresult InitWithSanitizedSource(const nsAString& message,
const nsAString& sourceName,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const char (&c)[N],
uint64_t aInnerWindowID)
{
nsDependentCString category(c, N - 1);
return InitWithSanitizedSource(message, sourceName, sourceLine,
lineNumber, columnNumber, flags,
category, aInnerWindowID);
}
template<uint32_t N>
nsresult InitWithSourceURI(const nsAString& message,
nsIURI* sourceURI,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const char (&c)[N],
uint64_t aInnerWindowID)
{
nsDependentCString category(c, N - 1);
return InitWithSourceURI(message, sourceURI, sourceLine,
lineNumber, columnNumber, flags,
category, aInnerWindowID);
}
%} %}
}; };

87
dom/bindings/nsScriptError.cpp
Просмотреть файл

@ -210,14 +210,41 @@ AssignSourceNameHelper(nsString& aSourceNameDest, const nsAString& aSourceNameSr
NS_SUCCEEDED(uri->GetPassword(pass)) && NS_SUCCEEDED(uri->GetPassword(pass)) &&
!pass.IsEmpty()) !pass.IsEmpty())
{ {
nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(uri); NS_GetSanitizedURIStringFromURI(uri, aSourceNameDest);
nsAutoCString loc;
if (safeUri && NS_SUCCEEDED(safeUri->GetSensitiveInfoHiddenSpec(loc)))
aSourceNameDest.Assign(NS_ConvertUTF8toUTF16(loc));
} }
} }
static void
AssignSourceNameHelper(nsIURI* aSourceURI, nsString& aSourceNameDest)
{
if (!aSourceURI)
return;
if (NS_FAILED(NS_GetSanitizedURIStringFromURI(aSourceURI,
aSourceNameDest))) {
aSourceNameDest.AssignLiteral("[nsIURI::GetSpec failed]");
}
}
void
nsScriptErrorBase::InitializationHelper(const nsAString& message,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
mMessage.Assign(message);
mLineNumber = lineNumber;
mSourceLine.Assign(sourceLine);
mColumnNumber = columnNumber;
mFlags = flags;
mCategory = category;
mTimeStamp = JS_Now() / 1000;
mInnerWindowID = aInnerWindowID;
}
NS_IMETHODIMP NS_IMETHODIMP
nsScriptErrorBase::InitWithWindowID(const nsAString& message, nsScriptErrorBase::InitWithWindowID(const nsAString& message,
const nsAString& sourceName, const nsAString& sourceName,
@ -228,15 +255,49 @@ nsScriptErrorBase::InitWithWindowID(const nsAString& message,
const nsACString& category, const nsACString& category,
uint64_t aInnerWindowID) uint64_t aInnerWindowID)
{ {
mMessage.Assign(message); InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
AssignSourceNameHelper(mSourceName, sourceName); AssignSourceNameHelper(mSourceName, sourceName);
mLineNumber = lineNumber;
mSourceLine.Assign(sourceLine); if (aInnerWindowID && NS_IsMainThread())
mColumnNumber = columnNumber; InitializeOnMainThread();
mFlags = flags;
mCategory = category; return NS_OK;
mTimeStamp = JS_Now() / 1000; }
mInnerWindowID = aInnerWindowID;
NS_IMETHODIMP
nsScriptErrorBase::InitWithSanitizedSource(const nsAString& message,
const nsAString& sourceName,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
mSourceName = sourceName;
if (aInnerWindowID && NS_IsMainThread())
InitializeOnMainThread();
return NS_OK;
}
NS_IMETHODIMP
nsScriptErrorBase::InitWithSourceURI(const nsAString& message,
nsIURI *sourceURI,
const nsAString& sourceLine,
uint32_t lineNumber,
uint32_t columnNumber,
uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID)
{
InitializationHelper(message, sourceLine, lineNumber, columnNumber, flags,
category, aInnerWindowID);
AssignSourceNameHelper(sourceURI, mSourceName);
if (aInnerWindowID && NS_IsMainThread()) if (aInnerWindowID && NS_IsMainThread())
InitializeOnMainThread(); InitializeOnMainThread();

6
dom/bindings/nsScriptError.h
Просмотреть файл

@ -53,6 +53,12 @@ protected:
void void
InitializeOnMainThread(); InitializeOnMainThread();
void InitializationHelper(const nsAString& message,
const nsAString& sourceLine, uint32_t lineNumber,
uint32_t columnNumber, uint32_t flags,
const nsACString& category,
uint64_t aInnerWindowID);
nsCOMArray<nsIScriptErrorNote> mNotes; nsCOMArray<nsIScriptErrorNote> mNotes;
nsString mMessage; nsString mMessage;
nsString mMessageName; nsString mMessageName;

10
dom/security/FramingChecker.cpp
Просмотреть файл

@ -330,10 +330,12 @@ FramingChecker::ReportXFOViolation(nsIDocShellTreeItem* aTopDocShellItem,
break; break;
} }
rv = errorObject->InitWithWindowID(msg, EmptyString(), EmptyString(), 0, 0, // It is ok to use InitWithSanitizedSource, because the source string is
nsIScriptError::errorFlag, // empty.
"X-Frame-Options", rv = errorObject->InitWithSanitizedSource(msg, EmptyString(), EmptyString(),
topInnerWindow->WindowID()); 0, 0, nsIScriptError::errorFlag,
"X-Frame-Options",
topInnerWindow->WindowID());
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
return; return;
} }

20
dom/xml/XMLDocument.cpp
Просмотреть файл

@ -339,9 +339,6 @@ XMLDocument::Load(const nsAString& aUrl, CallerType aCallerType,
bool isChrome = false; bool isChrome = false;
if (NS_FAILED(uri->SchemeIs("chrome", &isChrome)) || !isChrome) { if (NS_FAILED(uri->SchemeIs("chrome", &isChrome)) || !isChrome) {
nsAutoCString spec;
if (mDocumentURI)
mDocumentURI->GetSpec(spec);
nsAutoString error; nsAutoString error;
error.AssignLiteral("Cross site loading using document.load is no " error.AssignLiteral("Cross site loading using document.load is no "
@ -353,14 +350,15 @@ XMLDocument::Load(const nsAString& aUrl, CallerType aCallerType,
return false; return false;
} }
rv = errorObject->InitWithWindowID(error, rv = errorObject->InitWithSourceURI(error,
NS_ConvertUTF8toUTF16(spec), mDocumentURI,
EmptyString(), EmptyString(),
0, 0, nsIScriptError::warningFlag, 0, 0,
"DOM", nsIScriptError::warningFlag,
callingDoc ? "DOM",
callingDoc->InnerWindowID() : callingDoc ?
this->InnerWindowID()); callingDoc->InnerWindowID() :
this->InnerWindowID());
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
aRv.Throw(rv); aRv.Throw(rv);

27
layout/style/ErrorReporter.cpp
Просмотреть файл

@ -17,10 +17,12 @@
#include "nsIDocument.h" #include "nsIDocument.h"
#include "nsIFactory.h" #include "nsIFactory.h"
#include "nsIScriptError.h" #include "nsIScriptError.h"
#include "nsISensitiveInfoHiddenURI.h"
#include "nsIStringBundle.h" #include "nsIStringBundle.h"
#include "nsServiceManagerUtils.h" #include "nsServiceManagerUtils.h"
#include "nsStyleUtil.h" #include "nsStyleUtil.h"
#include "nsThreadUtils.h" #include "nsThreadUtils.h"
#include "nsNetUtil.h"
#ifdef CSS_REPORT_PARSE_ERRORS #ifdef CSS_REPORT_PARSE_ERRORS
@ -37,12 +39,9 @@ public:
if (mURI != aURI) { if (mURI != aURI) {
mURI = aURI; mURI = aURI;
nsAutoCString cSpec; if (NS_FAILED(NS_GetSanitizedURIStringFromURI(mURI, mSpec))) {
nsresult rv = mURI->GetSpec(cSpec); mSpec.AssignLiteral("[nsIURI::GetSpec failed]");
if (NS_FAILED(rv)) {
cSpec.AssignLiteral("[nsIURI::GetSpec failed]");
} }
CopyUTF8toUTF16(cSpec, mSpec);
} }
return mSpec; return mSpec;
} }
@ -219,14 +218,16 @@ ErrorReporter::OutputError()
do_CreateInstance(sScriptErrorFactory, &rv); do_CreateInstance(sScriptErrorFactory, &rv);
if (NS_SUCCEEDED(rv)) { if (NS_SUCCEEDED(rv)) {
rv = errorObject->InitWithWindowID(mError, // It is safe to used InitWithSanitizedSource because mFileName is
mFileName, // an already anonymized uri spec.
mErrorLine, rv = errorObject->InitWithSanitizedSource(mError,
mErrorLineNumber, mFileName,
mErrorColNumber, mErrorLine,
nsIScriptError::warningFlag, mErrorLineNumber,
"CSS Parser", mErrorColNumber,
mInnerWindowID); nsIScriptError::warningFlag,
"CSS Parser",
mInnerWindowID);
if (NS_SUCCEEDED(rv)) { if (NS_SUCCEEDED(rv)) {
sConsoleService->LogMessage(errorObject); sConsoleService->LogMessage(errorObject);
} }

21
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -47,6 +47,7 @@
#include "nsIRedirectChannelRegistrar.h" #include "nsIRedirectChannelRegistrar.h"
#include "nsIRequestObserverProxy.h" #include "nsIRequestObserverProxy.h"
#include "nsIScriptSecurityManager.h" #include "nsIScriptSecurityManager.h"
#include "nsISensitiveInfoHiddenURI.h"
#include "nsISimpleStreamListener.h" #include "nsISimpleStreamListener.h"
#include "nsISocketProvider.h" #include "nsISocketProvider.h"
#include "nsISocketProviderService.h" #include "nsISocketProviderService.h"
@ -1578,6 +1579,26 @@ NS_NewURI(nsIURI **result,
return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI, ioService); return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI, ioService);
} }
nsresult
NS_GetSanitizedURIStringFromURI(nsIURI *aUri, nsAString &aSanitizedSpec)
{
aSanitizedSpec.Truncate();
nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
nsAutoCString cSpec;
nsresult rv;
if (safeUri) {
rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
} else {
rv = aUri->GetSpec(cSpec);
}
if (NS_SUCCEEDED(rv)) {
aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec));
}
return rv;
}
nsresult nsresult
NS_LoadPersistentPropertiesFromURISpec(nsIPersistentProperties **outResult, NS_LoadPersistentPropertiesFromURISpec(nsIPersistentProperties **outResult,
const nsACString &aSpec) const nsACString &aSpec)

3
netwerk/base/nsNetUtil.h
Просмотреть файл

@ -100,6 +100,9 @@ nsresult NS_NewFileURI(nsIURI **result,
nsIFile *spec, nsIFile *spec,
nsIIOService *ioService = nullptr); // pass in nsIIOService to optimize callers nsIIOService *ioService = nullptr); // pass in nsIIOService to optimize callers
nsresult NS_GetSanitizedURIStringFromURI(nsIURI *aUri,
nsAString &aSanitizedSpec);
/* /*
* How to create a new Channel, using NS_NewChannel, * How to create a new Channel, using NS_NewChannel,
* NS_NewChannelWithTriggeringPrincipal, * NS_NewChannelWithTriggeringPrincipal,

15
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -2494,16 +2494,13 @@ HttpBaseChannel::AddSecurityMessage(const nsAString &aMessageTag,
errorText); errorText);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
nsAutoCString spec;
if (mURI) {
spec = mURI->GetSpecOrDefault();
}
nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID)); nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
error->InitWithWindowID(errorText, NS_ConvertUTF8toUTF16(spec), error->InitWithSourceURI(errorText, mURI,
EmptyString(), 0, 0, nsIScriptError::warningFlag, EmptyString(), 0, 0,
NS_ConvertUTF16toUTF8(aMessageCategory), nsIScriptError::warningFlag,
innerWindowID); NS_ConvertUTF16toUTF8(aMessageCategory),
innerWindowID);
console->LogMessage(error); console->LogMessage(error);
return NS_OK; return NS_OK;

16
netwerk/protocol/http/nsCORSListenerProxy.cpp
Просмотреть файл

@ -1580,14 +1580,14 @@ nsCORSListenerProxy::LogBlockedCORSRequest(uint64_t aInnerWindowID,
// query innerWindowID and log to web console, otherwise log to // query innerWindowID and log to web console, otherwise log to
// the error to the browser console. // the error to the browser console.
if (aInnerWindowID > 0) { if (aInnerWindowID > 0) {
rv = scriptError->InitWithWindowID(aMessage, rv = scriptError->InitWithSanitizedSource(aMessage,
EmptyString(), // sourceName EmptyString(), // sourceName
EmptyString(), // sourceLine EmptyString(), // sourceLine
0, // lineNumber 0, // lineNumber
0, // columnNumber 0, // columnNumber
nsIScriptError::warningFlag, nsIScriptError::warningFlag,
"CORS", "CORS",
aInnerWindowID); aInnerWindowID);
} }
else { else {
rv = scriptError->Init(aMessage, rv = scriptError->Init(aMessage,

8
toolkit/mozapps/extensions/AddonContentPolicy.cpp
Просмотреть файл

@ -72,15 +72,13 @@ LogMessage(const nsAString &aMessage, nsIURI* aSourceURI, const nsAString &aSour
nsCOMPtr<nsIScriptError> error = do_CreateInstance(NS_SCRIPTERROR_CONTRACTID); nsCOMPtr<nsIScriptError> error = do_CreateInstance(NS_SCRIPTERROR_CONTRACTID);
NS_ENSURE_TRUE(error, NS_ERROR_OUT_OF_MEMORY); NS_ENSURE_TRUE(error, NS_ERROR_OUT_OF_MEMORY);
nsCString sourceName = aSourceURI->GetSpecOrDefault();
uint64_t windowID = 0; uint64_t windowID = 0;
GetWindowIDFromContext(aContext, &windowID); GetWindowIDFromContext(aContext, &windowID);
nsresult rv = nsresult rv =
error->InitWithWindowID(aMessage, NS_ConvertUTF8toUTF16(sourceName), error->InitWithSourceURI(aMessage, aSourceURI,
aSourceSample, 0, 0, nsIScriptError::errorFlag, aSourceSample, 0, 0, nsIScriptError::errorFlag,
"JavaScript", windowID); "JavaScript", windowID);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIConsoleService> console = do_GetService(NS_CONSOLESERVICE_CONTRACTID); nsCOMPtr<nsIConsoleService> console = do_GetService(NS_CONSOLESERVICE_CONTRACTID);