Bug 1525429 - Port function for stripping unsafe protocols when pasting to QuantumBar. r=dao

Depends on D18751 Differential Revision: https://phabricator.services.mozilla.com/D18840 --HG-- rename : browser/components/urlbar/tests/legacy/browser_removeUnsafeProtocolsFromURLBarPaste.js => browser/components/urlbar/tests/browser/browser_removeUnsafeProtocolsFromURLBarPaste.js extra : moz-landing-system : lando
2019-02-06 17:29:23 +00:00 · 2019-02-06 17:29:23 +00:00 · ce5822c6c9
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -6186,7 +6186,7 @@ function middleMousePaste(event) {
  // bar's behavior (stripsurroundingwhitespace)
  clipboard = clipboard.replace(/\s*\n\s*/g, "");

-  clipboard = stripUnsafeProtocolOnPaste(clipboard);
+  clipboard = UrlbarUtils.stripUnsafeProtocolOnPaste(clipboard);

  // if it's not the current tab, we don't need to do anything because the
  // browser doesn't exist.
@ -6227,23 +6227,6 @@ function middleMousePaste(event) {
  }
 }

-function stripUnsafeProtocolOnPaste(pasteData) {
-  // Don't allow pasting javascript URIs since we don't support
-  // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
-  while (true) {
-    let scheme = "";
-    try {
-      scheme = Services.io.extractScheme(pasteData);
-    } catch (ex) { }
-    if (scheme != "javascript") {
-      break;
-    }
-
-    pasteData = pasteData.substring(pasteData.indexOf(":") + 1);
-  }
-  return pasteData;
-}
-
 // handleDroppedLink has the following 2 overloads:
 //   handleDroppedLink(event, url, name, triggeringPrincipal)
 //   handleDroppedLink(event, links, triggeringPrincipal)
--- a/browser/base/content/urlbarBindings.xml
+++ b/browser/base/content/urlbarBindings.xml
@ -1000,7 +1000,7 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
            let triggeringPrincipal = browserDragAndDrop.getTriggeringPrincipal(aEvent);
            aEvent.preventDefault();
            let url = links[0].url;
-            let strippedURL = stripUnsafeProtocolOnPaste(url);
+            let strippedURL = UrlbarUtils.stripUnsafeProtocolOnPaste(url);
            if (strippedURL != url) {
              aEvent.stopImmediatePropagation();
              return null;
@ -1275,7 +1275,7 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
              }
              let oldEnd = oldValue.substring(this.inputField.selectionEnd);

-              let pasteData = stripUnsafeProtocolOnPaste(originalPasteData);
+              let pasteData = UrlbarUtils.stripUnsafeProtocolOnPaste(originalPasteData);
              if (originalPasteData != pasteData) {
                // Unfortunately we're not allowed to set the bits being pasted
                // so cancel this event:
--- a/browser/components/urlbar/UrlbarInput.jsm
+++ b/browser/components/urlbar/UrlbarInput.jsm
@ -109,6 +109,7 @@ class UrlbarInput {
    this.inputField.addEventListener("mouseover", this);
    this.inputField.addEventListener("overflow", this);
    this.inputField.addEventListener("underflow", this);
+    this.inputField.addEventListener("paste", this);
    this.inputField.addEventListener("scrollend", this);
    this.inputField.addEventListener("select", this);
    this.inputField.addEventListener("keydown", this);
@ -983,6 +984,37 @@ class UrlbarInput {
    this._updateUrlTooltip();
  }

+  _on_paste(event) {
+    let originalPasteData = event.clipboardData.getData("text/plain");
+    if (!originalPasteData) {
+      return;
+    }
+
+    let oldValue = this.inputField.value;
+    let oldStart = oldValue.substring(0, this.inputField.selectionStart);
+    // If there is already non-whitespace content in the URL bar
+    // preceding the pasted content, it's not necessary to check
+    // protocols used by the pasted content:
+    if (oldStart.trim()) {
+      return;
+    }
+    let oldEnd = oldValue.substring(this.inputField.selectionEnd);
+
+    let pasteData = UrlbarUtils.stripUnsafeProtocolOnPaste(originalPasteData);
+    if (originalPasteData != pasteData) {
+      // Unfortunately we're not allowed to set the bits being pasted
+      // so cancel this event:
+      event.preventDefault();
+      event.stopImmediatePropagation();
+
+      this.inputField.value = oldStart + pasteData + oldEnd;
+      // Fix up cursor/selection:
+      let newCursorPos = oldStart.length + pasteData.length;
+      this.inputField.selectionStart = newCursorPos;
+      this.inputField.selectionEnd = newCursorPos;
+    }
+  }
+
  _on_scrollend(event) {
    this._updateTextOverflow();
  }
--- a/browser/components/urlbar/UrlbarUtils.jsm
+++ b/browser/components/urlbar/UrlbarUtils.jsm
@ -295,6 +295,29 @@ var UrlbarUtils = {
      // Can't setup speculative connection for this url, just ignore it.
    }
  },
+
+  /**
+   * Used to filter out the javascript protocol from URIs, since we don't
+   * support LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
+   * @param {string} pasteData The data to check for javacript protocol.
+   * @returns {string} The modified paste data.
+   */
+  stripUnsafeProtocolOnPaste(pasteData) {
+    while (true) {
+      let scheme = "";
+      try {
+        scheme = Services.io.extractScheme(pasteData);
+      } catch (ex) {
+        // If it throws, this is not a javascript scheme.
+      }
+      if (scheme != "javascript") {
+        break;
+      }
+
+      pasteData = pasteData.substring(pasteData.indexOf(":") + 1);
+    }
+    return pasteData;
+  },
 };

 /**
--- a/browser/components/urlbar/tests/browser/browser.ini
+++ b/browser/components/urlbar/tests/browser/browser.ini
@ -24,6 +24,8 @@ skip-if = true # Bug 1524702 is implementing this for QuantumBar
 [browser_redirect_error.js]
 support-files = redirect_error.sjs
 [browser_remotetab.js]
+[browser_removeUnsafeProtocolsFromURLBarPaste.js]
+subsuite = clipboard
 [browser_switchToTabHavingURI_aOpenParams.js]
 [browser_tabMatchesInAwesomebar_perwindowpb.js]
 skip-if = os == 'linux' # Bug 1104755 (Intermittent failure)
--- a/browser/components/urlbar/tests/browser/browser_removeUnsafeProtocolsFromURLBarPaste.js
+++ b/browser/components/urlbar/tests/browser/browser_removeUnsafeProtocolsFromURLBarPaste.js
@ -1,7 +1,12 @@
-function test() {
-  waitForExplicitFinish();
-  testNext();
-}
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+/**
+ * Ensures that pasting unsafe protocols in the urlbar have the protocol
+ * correctly stripped.
+ */

 var pairs = [
  ["javascript:", ""],
@ -39,32 +44,27 @@ if (supportsReturnWithoutNewline) {

 var clipboardHelper = Cc["@mozilla.org/widget/clipboardhelper;1"].getService(Ci.nsIClipboardHelper);

-function paste(input, cb) {
-  waitForClipboard(input, function() {
-    clipboardHelper.copyString(input);
-  }, function() {
-    document.commandDispatcher.getControllerForCommand("cmd_paste").doCommand("cmd_paste");
-    cb();
-  }, function() {
-    ok(false, "Failed to copy string '" + input + "' to clipboard");
-    cb();
-  });
-}
-
-function testNext() {
-  gURLBar.value = "";
-  if (!pairs.length) {
-    finish();
-    return;
+async function paste(input) {
+  try {
+    await SimpleTest.promiseClipboardChange(input, () => {
+      clipboardHelper.copyString(input);
+    });
+  } catch (ex) {
+    Assert.ok(false, "Failed to copy string '" + input + "' to clipboard");
  }

-  let [inputValue, expectedURL] = pairs.shift();
-
-  gURLBar.focus();
-  paste(inputValue, function() {
-    is(gURLBar.textValue, expectedURL, "entering '" + inputValue + "' strips relevant bits.");
-
-    setTimeout(testNext, 0);
-  });
+  document.commandDispatcher.getControllerForCommand("cmd_paste").doCommand("cmd_paste");
 }

+add_task(async function test_stripUnsafeProtocolPaste() {
+  for (let [inputValue, expectedURL] of pairs) {
+    gURLBar.value = "";
+    gURLBar.focus();
+    await paste(inputValue);
+
+    Assert.equal(gURLBar.textValue, expectedURL,
+      `entering ${inputValue} strips relevant bits.`);
+
+    await new Promise(resolve => setTimeout(resolve, 0));
+  }
+});
--- a/browser/components/urlbar/tests/legacy/browser.ini
+++ b/browser/components/urlbar/tests/legacy/browser.ini
@ -30,8 +30,6 @@ skip-if = os != "mac" # Mac only feature
 [browser_keyword_select_and_type.js]
 [browser_pasteAndGo.js]
 subsuite = clipboard
-[browser_removeUnsafeProtocolsFromURLBarPaste.js]
-subsuite = clipboard
 [browser_search_favicon.js]
 [browser_switchtab_copy.js]
 subsuite = clipboard
@ -96,6 +94,8 @@ skip-if = (os == "linux" || os == "mac") && debug # bug 970052, bug 970053
 [../browser/browser_redirect_error.js]
 support-files = ../browser/redirect_error.sjs
 [../browser/browser_remotetab.js]
+[../browser/browser_removeUnsafeProtocolsFromURLBarPaste.js]
+subsuite = clipboard
 [../browser/browser_switchToTabHavingURI_aOpenParams.js]
 [../browser/browser_tabMatchesInAwesomebar_perwindowpb.js]
 skip-if = os == 'linux' # Bug 1104755