зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1173171 - Disable external jar: via preference. r=jduell
This commit is contained in:
Jeff Gibat
Родитель
f7ba5d71aa
Коммит
89ea66504c
|
|
@ -204,10 +204,13 @@ nsJARChannel::nsJARChannel()
|
|||
, mOpeningRemote(false)
|
||||
, mSynthesizedStreamLength(0)
|
||||
, mForceNoIntercept(false)
|
||||
, mBlockRemoteFiles(false)
|
||||
{
|
||||
if (!gJarProtocolLog)
|
||||
gJarProtocolLog = PR_NewLogModule("nsJarProtocol");
|
||||
|
||||
mBlockRemoteFiles = Preferences::GetBool("network.jar.block-remote-files", false);
|
||||
|
||||
// hold an owning reference to the jar handler
|
||||
NS_ADDREF(gJarHandler);
|
||||
}
|
||||
|
|
@ -1006,6 +1009,13 @@ nsJARChannel::ContinueAsyncOpen()
|
|||
|
||||
if (!mJarFile) {
|
||||
// Not a local file...
|
||||
|
||||
// Check preferences to see if all remote jar support should be disabled
|
||||
if (mBlockRemoteFiles) {
|
||||
mIsUnsafe = true;
|
||||
return NS_ERROR_UNSAFE_CONTENT_TYPE;
|
||||
}
|
||||
|
||||
// kick off an async download of the base URI...
|
||||
nsCOMPtr<nsIStreamListener> downloader = new MemoryDownloader(this);
|
||||
uint32_t loadFlags =
|
||||
|
|
@ -1185,6 +1195,10 @@ nsJARChannel::OnDownloadComplete(MemoryDownloader* aDownloader,
|
|||
mContentDisposition = NS_GetContentDispositionFromHeader(mContentDispositionHeader, this);
|
||||
}
|
||||
|
||||
// This is a defense-in-depth check for the preferences to see if all remote jar
|
||||
// support should be disabled. This check may not be needed.
|
||||
MOZ_RELEASE_ASSERT(!mBlockRemoteFiles);
|
||||
|
||||
if (NS_SUCCEEDED(status) && mIsUnsafe &&
|
||||
!Preferences::GetBool("network.jar.open-unsafe-types", false)) {
|
||||
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
|
||||
|
|
|
|||
|
|
@ -139,6 +139,8 @@ private:
|
|||
// True if this channel should skip any interception checks.
|
||||
bool mForceNoIntercept;
|
||||
|
||||
// True if this channel should not download any remote files.
|
||||
bool mBlockRemoteFiles;
|
||||
friend class mozilla::net::InterceptedJARChannel;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -8,3 +8,4 @@ support-files =
|
|||
[test_bug403331.html]
|
||||
[test_bug1034143_mapped.html]
|
||||
run-if = os == 'linux'
|
||||
[test_bug1173171.html]
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
|
||||
-->
|
||||
<head>
|
||||
<title>Test for Bug 1173171</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<iframe id="testFrame"></iframe>
|
||||
|
||||
<pre id="test">
|
||||
<script class="testbody" type="application/javascript;version=1.7">
|
||||
|
||||
/** Test for Bug 1173171 **/
|
||||
|
||||
// __setPref(key, value)__.
|
||||
// Set a pref value asynchronously, returning a prmoise that resolves
|
||||
// when it succeeds.
|
||||
let pushPref = function (key, value) {
|
||||
return new Promise(function(resolve, reject) {
|
||||
SpecialPowers.pushPrefEnv({"set": [[key, value]]}, resolve);
|
||||
});
|
||||
};
|
||||
|
||||
// __xhr(method, url, responseType__.
|
||||
// A simple async XMLHttpRequest call.
|
||||
// Returns a promise with the response.
|
||||
let xhr = function (method, url, responseType) {
|
||||
return new Promise(function (resolve, reject) {
|
||||
let xhr = new XMLHttpRequest();
|
||||
xhr.open(method, url, true);
|
||||
xhr.onload = function () {
|
||||
resolve(xhr.response);
|
||||
};
|
||||
xhr.responseType = responseType;
|
||||
xhr.send();
|
||||
});
|
||||
};
|
||||
|
||||
let jarURL = "jar:http://mochi.test:8888/tests/modules/libjar/test/mochitest/bug403331.zip!/test.html";
|
||||
|
||||
// Test behavior when blocking is deactivated and activated.
|
||||
add_task(function* () {
|
||||
for (let shouldBlock of [false, true]) {
|
||||
yield pushPref("network.jar.block-remote-files", shouldBlock);
|
||||
try {
|
||||
let response = yield xhr("GET", jarURL, "document");
|
||||
didBlock = false;
|
||||
} catch (e) {
|
||||
didBlock = true;
|
||||
}
|
||||
ok(didBlock === shouldBlock,
|
||||
"Remote jars should be blocked if and only if the 'network.jar.block-remote-files' pref is active.");
|
||||
}
|
||||
});
|
||||
|
||||
</script>
|
||||
</pre>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1506,6 +1506,8 @@ pref("dom.server-events.default-reconnection-time", 5000); // in milliseconds
|
|||
// application/java-archive or application/x-jar will not be opened
|
||||
// by the jar channel.
|
||||
pref("network.jar.open-unsafe-types", false);
|
||||
// If true, loading remote JAR files using the jar: protocol will be prevented.
|
||||
pref("network.jar.block-remote-files", false);
|
||||
|
||||
// This preference, if true, causes all UTF-8 domain names to be normalized to
|
||||
// punycode. The intention is to allow UTF-8 domain names as input, but never
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче