зеркало из https://github.com/mozilla/gecko-dev.git
Bug 624883 - Treat view-source as an unrecognised scheme if not top-level. r=bz
This commit is contained in:
Родитель
7d6d6b05b6
Коммит
2c77d04fcf
|
@ -5,7 +5,7 @@
|
|||
malformedURI=The URL is not valid and cannot be loaded.
|
||||
fileNotFound=Firefox can't find the file at %S.
|
||||
dnsNotFound=Firefox can't find the server at %S.
|
||||
protocolNotFound=Firefox doesn't know how to open this address, because the protocol (%S) isn't associated with any program.
|
||||
unknownProtocolFound=Firefox doesn't know how to open this address, because one of the following protocols (%S) isn't associated with any program or is not allowed in this context.
|
||||
connectionFailure=Firefox can't establish a connection to the server at %S.
|
||||
netInterrupt=The connection to %S was interrupted while the page was loading.
|
||||
netTimeout=The server at %S is taking too long to respond.
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
malformedURI=The URL is not valid and cannot be loaded.
|
||||
fileNotFound=Firefox can't find the file at %S.
|
||||
dnsNotFound=Firefox can't find the server at %S.
|
||||
protocolNotFound=Firefox doesn't know how to open this address, because the protocol (%S) isn't associated with any program.
|
||||
unknownProtocolFound=Firefox doesn't know how to open this address, because one of the following protocols (%S) isn't associated with any program or is not allowed in this context.
|
||||
connectionFailure=Firefox can't establish a connection to the server at %S.
|
||||
netInterrupt=The connection to %S was interrupted while the page was loading.
|
||||
netTimeout=The server at %S is taking too long to respond.
|
||||
|
|
|
@ -86,8 +86,8 @@
|
|||
<!ENTITY netTimeout.title "The connection has timed out">
|
||||
<!ENTITY netTimeout.longDesc "&sharedLongDesc;">
|
||||
|
||||
<!ENTITY protocolNotFound.title "The address wasn't understood">
|
||||
<!ENTITY protocolNotFound.longDesc "
|
||||
<!ENTITY unknownProtocolFound.title "The address wasn't understood">
|
||||
<!ENTITY unknownProtocolFound.longDesc "
|
||||
<ul>
|
||||
<li>You might need to install other software to open this address.</li>
|
||||
</ul>
|
||||
|
|
|
@ -275,7 +275,7 @@
|
|||
<h1 id="et_dnsNotFound">&dnsNotFound.title;</h1>
|
||||
<h1 id="et_fileNotFound">&fileNotFound.title;</h1>
|
||||
<h1 id="et_malformedURI">&malformedURI.title;</h1>
|
||||
<h1 id="et_protocolNotFound">&protocolNotFound.title;</h1>
|
||||
<h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1>
|
||||
<h1 id="et_connectionFailure">&connectionFailure.title;</h1>
|
||||
<h1 id="et_netTimeout">&netTimeout.title;</h1>
|
||||
<h1 id="et_redirectLoop">&redirectLoop.title;</h1>
|
||||
|
@ -300,7 +300,7 @@
|
|||
<div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div>
|
||||
<div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
|
||||
<div id="ed_malformedURI">&malformedURI.longDesc;</div>
|
||||
<div id="ed_protocolNotFound">&protocolNotFound.longDesc;</div>
|
||||
<div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div>
|
||||
<div id="ed_connectionFailure">&connectionFailure.longDesc;</div>
|
||||
<div id="ed_netTimeout">&netTimeout.longDesc;</div>
|
||||
<div id="ed_redirectLoop">&redirectLoop.longDesc;</div>
|
||||
|
|
|
@ -4386,12 +4386,25 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
|||
// Turn the error code into a human readable error message.
|
||||
if (NS_ERROR_UNKNOWN_PROTOCOL == aError) {
|
||||
NS_ENSURE_ARG_POINTER(aURI);
|
||||
// extract the scheme
|
||||
|
||||
// Extract the schemes into a comma delimited list.
|
||||
nsAutoCString scheme;
|
||||
aURI->GetScheme(scheme);
|
||||
CopyASCIItoUTF16(scheme, formatStrs[0]);
|
||||
nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(aURI);
|
||||
while (nestedURI) {
|
||||
nsCOMPtr<nsIURI> tempURI;
|
||||
nsresult rv2;
|
||||
rv2 = nestedURI->GetInnerURI(getter_AddRefs(tempURI));
|
||||
if (NS_SUCCEEDED(rv2) && tempURI) {
|
||||
tempURI->GetScheme(scheme);
|
||||
formatStrs[0].Append(NS_LITERAL_STRING(", "));
|
||||
AppendASCIItoUTF16(scheme, formatStrs[0]);
|
||||
}
|
||||
nestedURI = do_QueryInterface(tempURI);
|
||||
}
|
||||
formatStrCount = 1;
|
||||
error.AssignLiteral("protocolNotFound");
|
||||
error.AssignLiteral("unknownProtocolFound");
|
||||
}
|
||||
else if (NS_ERROR_FILE_NOT_FOUND == aError) {
|
||||
NS_ENSURE_ARG_POINTER(aURI);
|
||||
|
@ -9682,6 +9695,25 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
|||
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT);
|
||||
}
|
||||
}
|
||||
|
||||
// Only allow view-source scheme in top-level docshells. view-source is
|
||||
// the only scheme to which this applies at the moment due to potential
|
||||
// timing attacks to read data from cross-origin iframes. If this widens
|
||||
// we should add a protocol flag for whether the scheme is allowed in
|
||||
// frames and use something like nsNetUtil::NS_URIChainHasFlags.
|
||||
nsCOMPtr<nsIURI> tempURI = aURI;
|
||||
nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(tempURI);
|
||||
while (nestedURI) {
|
||||
// view-source should always be an nsINestedURI, loop and check the
|
||||
// scheme on this and all inner URIs that are also nested URIs.
|
||||
bool isViewSource = false;
|
||||
rv = tempURI->SchemeIs("view-source", &isViewSource);
|
||||
if (NS_FAILED(rv) || isViewSource) {
|
||||
return NS_ERROR_UNKNOWN_PROTOCOL;
|
||||
}
|
||||
nestedURI->GetInnerURI(getter_AddRefs(tempURI));
|
||||
nestedURI = do_QueryInterface(tempURI);
|
||||
}
|
||||
}
|
||||
|
||||
// open a channel for the url
|
||||
|
|
|
@ -274,7 +274,7 @@
|
|||
<h1 id="et_dnsNotFound">&dnsNotFound.title;</h1>
|
||||
<h1 id="et_fileNotFound">&fileNotFound.title;</h1>
|
||||
<h1 id="et_malformedURI">&malformedURI.title;</h1>
|
||||
<h1 id="et_protocolNotFound">&protocolNotFound.title;</h1>
|
||||
<h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1>
|
||||
<h1 id="et_connectionFailure">&connectionFailure.title;</h1>
|
||||
<h1 id="et_netTimeout">&netTimeout.title;</h1>
|
||||
<h1 id="et_redirectLoop">&redirectLoop.title;</h1>
|
||||
|
@ -300,7 +300,7 @@
|
|||
<div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div>
|
||||
<div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
|
||||
<div id="ed_malformedURI">&malformedURI.longDesc;</div>
|
||||
<div id="ed_protocolNotFound">&protocolNotFound.longDesc;</div>
|
||||
<div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div>
|
||||
<div id="ed_connectionFailure">&connectionFailure.longDesc;</div>
|
||||
<div id="ed_netTimeout">&netTimeout.longDesc;</div>
|
||||
<div id="ed_redirectLoop">&redirectLoop.longDesc;</div>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
malformedURI=The URL is not valid and cannot be loaded.
|
||||
fileNotFound=The file %S cannot be found. Please check the location and try again.
|
||||
dnsNotFound=%S could not be found. Please check the name and try again.
|
||||
protocolNotFound=%S is not a registered protocol.
|
||||
unknownProtocolFound=One of the following %S is not a registered protocol or is not allowed in this context.
|
||||
connectionFailure=The connection was refused when attempting to contact %S.
|
||||
netInterrupt=The connection to %S has terminated unexpectedly. Some data may have been transferred.
|
||||
netTimeout=The operation timed out when attempting to contact %S.
|
||||
|
|
|
@ -50,8 +50,8 @@
|
|||
<!ENTITY netTimeout.title "Network Timeout">
|
||||
<!ENTITY netTimeout.longDesc "<p>The requested site did not respond to a connection request and the browser has stopped waiting for a reply.</p><ul><li>Could the server be experiencing high demand or a temporary outage? Try again later.</li><li>Are you unable to browse other sites? Check the computer's network connection.</li><li>Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.</li><li>Still having trouble? Consult your network administrator or Internet provider for assistance.</li></ul>">
|
||||
|
||||
<!ENTITY protocolNotFound.title "Unknown Protocol">
|
||||
<!ENTITY protocolNotFound.longDesc "<p>The address specifies a protocol (e.g. <q>wxyz://</q>) the browser does not recognize, so the browser cannot properly connect to the site.</p><ul><li>Are you trying to access multimedia or other non-text services? Check the site for extra requirements.</li><li>Some protocols may require third-party software or plugins before the browser can recognize them.</li></ul>">
|
||||
<!ENTITY unknownProtocolFound.title "Unknown Protocol">
|
||||
<!ENTITY unknownProtocolFound.longDesc "<p>The address specifies a protocol (e.g. <q>wxyz://</q>) the browser does not recognize, so the browser cannot properly connect to the site.</p><ul><li>Are you trying to access multimedia or other non-text services? Check the site for extra requirements.</li><li>Some protocols may require third-party software or plugins before the browser can recognize them.</li></ul>">
|
||||
|
||||
<!ENTITY proxyConnectFailure.title "Proxy Server Refused Connection">
|
||||
<!ENTITY proxyConnectFailure.longDesc "<p>The browser is configured to use a proxy server, but the proxy refused a connection.</p><ul><li>Is the browser's proxy configuration correct? Check the settings and try again.</li><li>Does the proxy service allow connections from this network?</li><li>Still having trouble? Consult your network administrator or Internet provider for assistance.</li></ul>">
|
||||
|
|
|
@ -275,7 +275,7 @@
|
|||
<h1 id="et_dnsNotFound">&dnsNotFound.title;</h1>
|
||||
<h1 id="et_fileNotFound">&fileNotFound.title;</h1>
|
||||
<h1 id="et_malformedURI">&malformedURI.title;</h1>
|
||||
<h1 id="et_protocolNotFound">&protocolNotFound.title;</h1>
|
||||
<h1 id="et_unknownProtocolFound">&unknownProtocolFound.title;</h1>
|
||||
<h1 id="et_connectionFailure">&connectionFailure.title;</h1>
|
||||
<h1 id="et_netTimeout">&netTimeout.title;</h1>
|
||||
<h1 id="et_redirectLoop">&redirectLoop.title;</h1>
|
||||
|
@ -304,7 +304,7 @@
|
|||
<div id="ed_dnsNotFound">&dnsNotFound.longDesc2;</div>
|
||||
<div id="ed_fileNotFound">&fileNotFound.longDesc;</div>
|
||||
<div id="ed_malformedURI">&malformedURI.longDesc;</div>
|
||||
<div id="ed_protocolNotFound">&protocolNotFound.longDesc;</div>
|
||||
<div id="ed_unknownProtocolFound">&unknownProtocolFound.longDesc;</div>
|
||||
<div id="ed_connectionFailure">&connectionFailure.longDesc;</div>
|
||||
<div id="ed_netTimeout">&netTimeout.longDesc;</div>
|
||||
<div id="ed_redirectLoop">&redirectLoop.longDesc;</div>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
malformedURI=The URL is not valid and cannot be loaded.
|
||||
fileNotFound=Firefox can't find the file at %S.
|
||||
dnsNotFound=Firefox can't find the server at %S.
|
||||
protocolNotFound=Firefox doesn't know how to open this address, because the protocol (%S) isn't associated with any program.
|
||||
unknownProtocolFound=Firefox doesn't know how to open this address, because one of the following protocols (%S) isn't associated with any program or is not allowed in this context.
|
||||
connectionFailure=Firefox can't establish a connection to the server at %S.
|
||||
netInterrupt=The connection to %S was interrupted while the page was loading.
|
||||
netTimeout=The server at %S is taking too long to respond.
|
||||
|
|
|
@ -83,8 +83,8 @@
|
|||
<!ENTITY netTimeout.title "The connection has timed out">
|
||||
<!ENTITY netTimeout.longDesc "&sharedLongDesc2;">
|
||||
|
||||
<!ENTITY protocolNotFound.title "The address wasn't understood">
|
||||
<!ENTITY protocolNotFound.longDesc "
|
||||
<!ENTITY unknownProtocolFound.title "The address wasn't understood">
|
||||
<!ENTITY unknownProtocolFound.longDesc "
|
||||
<ul>
|
||||
<li>You might need to install other software to open this address.</li>
|
||||
</ul>
|
||||
|
|
Загрузка…
Ссылка в новой задаче