Bug 397937 - Handle view-source on malware and error pages more gracefully, r=mconnor

This commit is contained in:
Blair McBride 2009-12-23 22:03:37 -05:00
Родитель 713e07c03a
Коммит ca68af6299
2 изменённых файлов: 73 добавлений и 6 удалений

Просмотреть файл

@ -78,23 +78,32 @@
function getURL() function getURL()
{ {
var url = document.documentURI; var url = document.documentURI;
var index = url.search(/u\=/); var match = url.match(/&u=([^&]+)&/);
// index == -1 if not found; if so, return an empty string // match == null if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI // instead of what would turn out to be portions of the URI
if (index == -1) if (!match)
return ""; return "";
return decodeURIComponent(url.slice(index + 2)); url = decodeURIComponent(match[1]);
// If this is a view-source page, then get then real URI of the page
if (/^view-source\:/.test(url))
url = url.slice(12);
return url;
} }
/** /**
* Attempt to parse the result of getURL and extract a hostname. Fail back * Attempt to get the hostname via document.location. Fail back
* to getURL so that we always return something meaningful. * to getURL so that we always return something meaningful.
*/ */
function getHostString() function getHostString()
{ {
return document.location.hostname; try {
return document.location.hostname;
} catch (e) {
return getURL();
}
} }
function initPage() function initPage()

Просмотреть файл

@ -122,6 +122,7 @@ function viewSource(url)
gBrowser.addEventListener("pagehide", onUnloadContent, true); gBrowser.addEventListener("pagehide", onUnloadContent, true);
gBrowser.addEventListener("pageshow", onLoadContent, true); gBrowser.addEventListener("pageshow", onLoadContent, true);
gBrowser.addEventListener("command", onCommandContent, false);
var loadFromURL = true; var loadFromURL = true;
@ -271,6 +272,63 @@ function onUnloadContent()
} }
} }
/**
* Handle command events bubbling up from error page content
*/
function onCommandContent(event) {
// Don't trust synthetic events
if (!event.isTrusted)
return;
var target = event.originalTarget;
var errorDoc = target.ownerDocument;
var formatter = Cc["@mozilla.org/toolkit/URLFormatterService;1"]
.getService(Ci.nsIURLFormatter);
if (/^about:blocked/.test(errorDoc.documentURI)) {
// The event came from a button on a malware/phishing block page
// First check whether it's malware or phishing, so that we can
// use the right strings/links
var isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
if (target == errorDoc.getElementById('getMeOutButton')) {
// Instead of loading some safe page, just close the window
window.close();
} else if (target == errorDoc.getElementById('reportButton')) {
// This is the "Why is this site blocked" button. For malware,
// we can fetch a site-specific report, for phishing, we redirect
// to the generic page describing phishing protection.
if (isMalware) {
// Get the stop badware "why is this blocked" report url,
// append the current url, and go there.
try {
let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL", true);
reportURL += errorDoc.location.href.slice(12);
openURL(reportURL);
} catch (e) {
Components.utils.reportError("Couldn't get malware report URL: " + e);
}
} else { // It's a phishing site, not malware
try {
var infoURL = formatter.formatURLPref("browser.safebrowsing.warning.infoURL", true);
openURL(infoURL);
} catch (e) {
Components.utils.reportError("Couldn't get phishing info URL: " + e);
}
}
} else if (target == errorDoc.getElementById('ignoreWarningButton')) {
// Allow users to override and continue through to the site,
// but add a notify bar as a reminder, so that they don't lose
// track after, e.g., tab switching.
gBrowser.loadURIWithFlags(content.location.href,
Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER,
null, null, null);
}
}
}
function HandleAppCommandEvent(evt) function HandleAppCommandEvent(evt)
{ {
evt.stopPropagation(); evt.stopPropagation();