Bug 392322 - "XMLHttpRequest crashes on local file retrieval [@ nsCrossSiteListenerProxy::OnStartRequest]". r+sr=sicking, a=blocking1.9+.

This commit is contained in:
bent.mozilla@gmail.com 2008-02-12 20:54:08 -08:00
Родитель 0ea0a5fc4e
Коммит 534ea8ce3e
4 изменённых файлов: 243 добавлений и 15 удалений

Просмотреть файл

@ -37,10 +37,13 @@
#include "nsISupports.idl"
interface nsIChannel;
interface nsIDOMDocument;
interface nsIDOMEventListener;
interface nsIChannel;
interface nsIPrincipal;
interface nsIScriptContext;
interface nsIVariant;
interface nsPIDOMWindow;
/**
* Mozilla's XMLHttpRequest is modelled after Microsoft's IXMLHttpRequest
@ -297,6 +300,20 @@ interface nsIXMLHttpRequest : nsISupports
* will be called as each part of the response is received.
*/
attribute boolean multipart;
/**
* Initialize the object for use from C++ code with the principal, script
* context, and owner window that should be used.
*
* @param principal The principal to use for the request. This must not be
* null.
* @param scriptContext The script context to use for the request. May be
* null.
* @param ownerWindow The associated window for the request. May be null.
*/
[noscript] void init(in nsIPrincipal principal,
in nsIScriptContext scriptContext,
in nsPIDOMWindow ownerWindow);
};
[scriptable, uuid(261676b4-d508-43bf-b099-74635a0ee2e9)]

Просмотреть файл

@ -579,6 +579,9 @@ nsXMLHttpRequest::~nsXMLHttpRequest()
nsLayoutStatics::Release();
}
/**
* This Init method is called from the factory constructor.
*/
nsresult
nsXMLHttpRequest::Init()
{
@ -618,7 +621,35 @@ nsXMLHttpRequest::Init()
return NS_OK;
}
/**
* This Init method should only be called by C++ consumers.
*/
NS_IMETHODIMP
nsXMLHttpRequest::Init(nsIPrincipal* aPrincipal,
nsIScriptContext* aScriptContext,
nsPIDOMWindow* aOwnerWindow)
{
NS_ENSURE_ARG_POINTER(aPrincipal);
// This object may have already been initialized in the other Init call above
// if JS was on the stack. Clear the old values for mScriptContext and mOwner
// if new ones are not supplied here.
mPrincipal = aPrincipal;
mScriptContext = aScriptContext;
if (aOwnerWindow) {
mOwner = aOwnerWindow->GetCurrentInnerWindow();
}
else {
mOwner = nsnull;
}
return NS_OK;
}
/**
* This Initialize method is called from XPConnect via nsIJSNativeInitializer.
*/
NS_IMETHODIMP
nsXMLHttpRequest::Initialize(nsISupports* aOwner, JSContext* cx, JSObject* obj,
PRUint32 argc, jsval *argv)
@ -1363,19 +1394,26 @@ nsXMLHttpRequest::GetCurrentHttpChannel()
return httpChannel;
}
inline PRBool
IsSystemPrincipal(nsIPrincipal* aPrincipal)
{
PRBool isSystem = PR_FALSE;
nsContentUtils::GetSecurityManager()->IsSystemPrincipal(aPrincipal,
&isSystem);
return isSystem;
}
static PRBool
IsSameOrigin(nsIPrincipal* aPrincipal, nsIChannel* aChannel)
{
if (!aPrincipal) {
// XXX Until we got our principal story straight we have to do this to
// support C++ callers.
return PR_TRUE;
}
NS_ASSERTION(!IsSystemPrincipal(aPrincipal), "Shouldn't get here!");
nsCOMPtr<nsIURI> codebase;
nsresult rv = aPrincipal->GetURI(getter_AddRefs(codebase));
NS_ENSURE_SUCCESS(rv, PR_FALSE);
NS_ASSERTION(codebase, "Must have a URI on aPrincipal!");
nsCOMPtr<nsIURI> channelURI;
rv = aChannel->GetURI(getter_AddRefs(channelURI));
NS_ENSURE_SUCCESS(rv, PR_FALSE);
@ -1434,6 +1472,8 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
NS_ENSURE_ARG(!method.IsEmpty());
NS_ENSURE_ARG(!url.IsEmpty());
NS_ENSURE_TRUE(mPrincipal, NS_ERROR_NOT_INITIALIZED);
// Disallow HTTP/1.1 TRACE method (see bug 302489)
// and MS IIS equivalent TRACK (see bug 381264)
if (method.LowerCaseEqualsLiteral("trace") ||
@ -1534,13 +1574,15 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
if (NS_FAILED(rv)) return rv;
// Check if we're doing a cross-origin request.
if (!(mState & XML_HTTP_REQUEST_XSITEENABLED) &&
if (IsSystemPrincipal(mPrincipal)) {
// Chrome callers are always allowed to read from different origins.
mState |= XML_HTTP_REQUEST_XSITEENABLED;
}
else if (!(mState & XML_HTTP_REQUEST_XSITEENABLED) &&
!IsSameOrigin(mPrincipal, mChannel)) {
mState |= XML_HTTP_REQUEST_USE_XSITE_AC;
}
//mChannel->SetAuthTriedWithPrehost(authp);
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
if (httpChannel) {
rv = httpChannel->SetRequestMethod(method);
@ -2062,6 +2104,8 @@ nsXMLHttpRequest::SendAsBinary(const nsAString &aBody)
NS_IMETHODIMP
nsXMLHttpRequest::Send(nsIVariant *aBody)
{
NS_ENSURE_TRUE(mPrincipal, NS_ERROR_NOT_INITIALIZED);
nsresult rv = CheckInnerWindowCorrectness();
NS_ENSURE_SUCCESS(rv, rv);
@ -2087,13 +2131,11 @@ nsXMLHttpRequest::Send(nsIVariant *aBody)
if (httpChannel) {
httpChannel->GetRequestMethod(method); // If GET, method name will be uppercase
if (mPrincipal) {
nsCOMPtr<nsIURI> codebase;
mPrincipal->GetURI(getter_AddRefs(codebase));
httpChannel->SetReferrer(codebase);
}
}
if (aBody && httpChannel && !method.EqualsLiteral("GET")) {
nsXPIDLString serial;

Просмотреть файл

@ -42,6 +42,26 @@ VPATH = @srcdir@
relativesrcdir = content/base/test
include $(DEPTH)/config/autoconf.mk
CPP_UNIT_TESTS = TestNativeXMLHttpRequest.cpp
LOCAL_INCLUDES += -I$(topsrcdir)/xpcom/tests
REQUIRES += \
caps \
content \
dom \
js \
netwerk \
string \
xpcom \
xpconnect \
$(NULL)
CPPSRCS += $(CPP_UNIT_TESTS)
SIMPLE_PROGRAMS += $(CPP_UNIT_TESTS:.cpp=$(BIN_SUFFIX))
LIBS += $(XPCOM_GLUE_LDOPTS) $(NSPR_LIBS)
include $(topsrcdir)/config/rules.mk
_TEST_FILES = test_bug5141.html \
@ -147,3 +167,9 @@ _TEST_FILES = test_bug5141.html \
libs:: $(_TEST_FILES)
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
check::
@$(EXIT_ON_ERROR) \
for f in $(subst .cpp,,$(CPP_UNIT_TESTS)); do \
XPCOM_DEBUG_BREAK=stack-and-abort $(RUN_TEST_PROGRAM) $(DIST)/bin/$$f; \
done

Просмотреть файл

@ -0,0 +1,143 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla XMLHttpRequest Tests.
*
* The Initial Developer of the Original Code is
* Ben Turner <bent.mozilla@gmail.com>.
* Portions created by the Initial Developer are Copyright (C) 2008
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "TestHarness.h"
#include "nsIDOMDocument.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsIXMLHttpRequest.h"
#include "nsServiceManagerUtils.h"
#include "nsStringGlue.h"
#define REPORT_ERROR(_msg) \
printf("FAIL " _msg "\n")
#define TEST_FAIL(_msg) \
PR_BEGIN_MACRO \
REPORT_ERROR(_msg); \
return NS_ERROR_FAILURE; \
PR_END_MACRO
#define TEST_ENSURE_BASE(_test, _msg) \
PR_BEGIN_MACRO \
if (_test) { \
TEST_FAIL(_msg); \
} \
PR_END_MACRO
#define TEST_ENSURE_SUCCESS(_rv, _msg) \
TEST_ENSURE_BASE(NS_FAILED(_rv), _msg)
#define TEST_ENSURE_FAILED(_rv, _msg) \
TEST_ENSURE_BASE(NS_SUCCEEDED(_rv), _msg)
#define TEST_URL_PREFIX \
"data:text/xml,"
#define TEST_URL_CONTENT \
"<foo><bar></bar></foo>"
#define TEST_URL \
TEST_URL_PREFIX TEST_URL_CONTENT
nsresult TestNativeXMLHttpRequest()
{
nsresult rv;
nsCOMPtr<nsIXMLHttpRequest> xhr =
do_CreateInstance(NS_XMLHTTPREQUEST_CONTRACTID, &rv);
TEST_ENSURE_SUCCESS(rv, "Couldn't create nsIXMLHttpRequest instance!");
NS_NAMED_LITERAL_CSTRING(getString, "GET");
NS_NAMED_LITERAL_CSTRING(testURL, TEST_URL);
const nsAString& empty = EmptyString();
printf("*** About to see an expected warning about mPrincipal:\n");
rv = xhr->OpenRequest(getString, testURL, PR_FALSE, empty, empty);
printf("*** End of expected warning output.\n");
TEST_ENSURE_FAILED(rv, "OpenRequest should have failed!");
nsCOMPtr<nsIScriptSecurityManager> secman =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
TEST_ENSURE_SUCCESS(rv, "Couldn't get script security manager!");
nsCOMPtr<nsIPrincipal> systemPrincipal;
rv = secman->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
TEST_ENSURE_SUCCESS(rv, "Couldn't get system principal!");
rv = xhr->Init(systemPrincipal, nsnull, nsnull);
TEST_ENSURE_SUCCESS(rv, "Couldn't initialize the XHR!");
rv = xhr->OpenRequest(getString, testURL, PR_FALSE, empty, empty);
TEST_ENSURE_SUCCESS(rv, "OpenRequest failed!");
rv = xhr->Send(nsnull);
TEST_ENSURE_SUCCESS(rv, "Send failed!");
nsAutoString response;
rv = xhr->GetResponseText(response);
TEST_ENSURE_SUCCESS(rv, "GetResponse failed!");
if (!response.EqualsLiteral(TEST_URL_CONTENT)) {
TEST_FAIL("Response text does not match!");
}
nsCOMPtr<nsIDOMDocument> dom;
rv = xhr->GetResponseXML(getter_AddRefs(dom));
TEST_ENSURE_SUCCESS(rv, "GetResponseXML failed!");
if (!dom) {
TEST_FAIL("No DOM document constructed!");
}
printf("Native XMLHttpRequest PASSED!\n");
return NS_OK;
}
int main(int argc, char** argv)
{
ScopedXPCOM xpcom("XMLHttpRequest");
if (xpcom.failed())
return 1;
int retval = 0;
if (NS_FAILED(TestNativeXMLHttpRequest())) {
retval = 1;
}
return retval;
}