mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1427726 - remove support for remote JAR files, r=michal 

MozReview-Commit-ID: H7aaTmj3FI1

--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 30a8e937840bbfed5fe7e66202a5d2893b19c037
This commit is contained in:
Gijs Kruitbosch 2018-02-07 13:54:39 +00:00
Родитель e884bd3cad
Коммит f6a05ddbd5
23 изменённых файлов: 33 добавлений и 788 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
docshell/test/mochitest.ini
Просмотреть файл

@ -1,8 +1,6 @@
[DEFAULT]
support-files =
bug123696-subframe.html
bug369814.jar
bug369814.zip
bug404548-subframe.html
bug404548-subframe_window.html
bug413310-post.sjs
@ -16,7 +14,6 @@ support-files =
file_anchor_scroll_after_document_open.html
file_bfcache_plus_hash_1.html
file_bfcache_plus_hash_2.html
file_bug369814.html
file_bug385434_1.html
file_bug385434_2.html
file_bug385434_3.html
@ -57,7 +54,6 @@ support-files =
[test_anchor_scroll_after_document_open.html]
[test_bfcache_plus_hash.html]
[test_bug123696.html]
[test_bug369814.html]
[test_bug384014.html]
[test_bug385434.html]
[test_bug387979.html]

211
docshell/test/test_bug369814.html
Просмотреть файл

@ -1,211 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
-->
<head>
<title>Test for Bug 369814</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=384014">Mozilla Bug 369814</a>
<p>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Tests for Bug 369814 **/
SimpleTest.waitForExplicitFinish();
// Because child scripts won't be able to run to tell us they're done,
// we need to just wait for them. Wait this many event loop spins before
// checking the results.
const gLoadEventLoopCount = 100;
var gCurrentTest;
var gTargetWindow;
var gNumPokes;
var gTestFrame;
/**
* Called by documents loaded from jar files to indicate that they can access
* this document.
*/
function poke(description) {
ok(false, gCurrentTest['name'] + ": got unexpected poke: " + description);
gNumPokes++;
}
function loadEvent(window, callback)
{
var fn = function() {
window.removeEventListener("load", fn);
callback();
};
window.addEventListener("load", fn);
}
function loadTestTarget(callback)
{
gTargetWindow = window.open("http://mochi.test:8888", "bug369814target");
loadEvent(gTargetWindow, callback);
}
function closeTestTarget()
{
gTargetWindow.close();
gTargetWindow = null;
}
function loadErrorTest(test)
{
// Give the frame a chance to fail at loading.
// How do detect failure to load? Error pages don't fire load
// events. But we can load another page before the error page and
// then use its unload handler to know when the error page is just
// about loaded; at that point a single trip through the event loop
// should do the trick.
loadEvent(gTestFrame, function() {
gTestFrame.src = test['url'];
});
gTestFrame.unloading = function() {
gTestFrame.unloading = null;
// Go out to the event loop once so that unload processing finishes and
// the new document is set up.
setTimeout(function() {
// XXX: There doesn't seem to be a reliable check for "got an error,"
// but reaching in to an error document will throw an exception
var errorPage;
try {
var item = gTestFrame.contentDocument.getElementById(gCurrentTest['data-iframe']);
errorPage = false;
} catch (e) {
errorPage = true;
}
ok(errorPage, gCurrentTest["name"] + ": should block a suspicious JAR load.");
finishTest();
}, 0);
}
var unloadDetector = "file_bug369814.html";
gTestFrame.src = unloadDetector;
}
function iframeTest(test) {
gTestFrame.src = test['url'];
loadEvent(gTestFrame, function() {
finishTest();
});
}
function hitEventLoop(func, times) {
if (times > 0) {
SimpleTest.executeSoon(function() { hitEventLoop(func, times-1); });
} else {
SimpleTest.executeSoon(func);
}
}
function refreshTest(test) {
gTestFrame.src = test['url'];
loadEvent(gTestFrame, function() {
// Wait for the frame to try and refresh
// XXX: a "blocked redirect" signal would be needed to get rid of
// this timeout.
hitEventLoop(function() {
finishTest();
}, gLoadEventLoopCount);
});
}
function anchorTest(test) {
loadTestTarget(function() {
gTestFrame.src = test['url'];
loadEvent(gTestFrame, function() {
sendMouseEvent({type:'click'}, 'target', gTestFrame.contentWindow);
sendMouseEvent({type:'click'}, 'notarget', gTestFrame.contentWindow);
// Give the clicks a chance to load
hitEventLoop(function() {
closeTestTarget();
finishTest();
}, gLoadEventLoopCount);
});
});
}
var gTests = [
{ "name" : "iframes.html loaded from non-jar type, pref disabled",
"url" : "jar:http://mochi.test:8888/tests/docshell/test/bug369814.zip!/iframes.html",
"pref" : false,
"pokes" : { },
"func" : loadErrorTest,
},
{ "name" : "refresh.html loaded from non-jar type, pref enabled",
"url" : "jar:http://mochi.test:8888/tests/docshell/test/bug369814.zip!/refresh.html",
"pref" : true,
"pokes" : { },
"func" : refreshTest,
},
{ "name" : "iframes.html loaded from non-jar type, pref enabled",
"url" : "jar:http://mochi.test:8888/tests/docshell/test/bug369814.zip!/iframes.html",
"pref" : true,
"pokes" : { },
"func" : iframeTest,
},
{ "name" : "anchors.html loaded from non-jar type, pref enabled",
"url" : "jar:http://mochi.test:8888/tests/docshell/test/bug369814.zip!/anchors.html",
"pref" : true,
"pokes" : { },
"func" : anchorTest,
},
];
var gNextTest = 0;
function runNextTest()
{
if (gNextTest < gTests.length) {
gCurrentTest = gTests[gNextTest++];
gNumPokes = 0;
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false],
["network.jar.open-unsafe-types", gCurrentTest['pref']]]}, function() {
// Create a new frame each time, so our restictions on loads in a
// jar:-loaded iframe don't interfere with the test.
if (gTestFrame) {
document.body.removeChild(gTestFrame);
}
gTestFrame = document.createElement("iframe");
document.body.insertBefore(gTestFrame, $("test"));
gCurrentTest['func'](gCurrentTest);
});
} else {
SimpleTest.finish();
}
}
function finishTest()
{
SpecialPowers.pushPrefEnv({"set": [["network.jar.open-unsafe-types", false]]}, function() {
if (gNumPokes == 0) {
ok(true, gCurrentTest["name"] + ": no unexpected pokes");
}
runNextTest();
});
}
addLoadEvent(runNextTest);
</script>
</pre>
</body>
</html>

Двоичные данные
dom/base/test/file_bug804395.jar
Просмотреть файл

Двоичный файл не отображается.

2
dom/base/test/mochitest.ini
Просмотреть файл

@ -121,7 +121,6 @@ support-files =
file_bug769117.html
file_bug782342.txt
file_bug787778.sjs
file_bug804395.jar
file_bug869432.eventsource
file_bug869432.eventsource^headers^
file_bug907892.html
@ -545,7 +544,6 @@ skip-if = toolkit == 'android' #bug 687032
[test_bug787778.html]
[test_bug789315.html]
[test_bug789856.html]
[test_bug804395.html]
[test_bug809003.html]
[test_bug810494.html]
[test_bug811701.html]

74
dom/base/test/test_bug804395.html
Просмотреть файл

@ -1,74 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=804395
-->
<head>
<meta charset="utf-8">
<title>Test for Bug 804395</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=804395">Mozilla Bug 804395</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script type="application/javascript">
function test200() {
var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
xhr.open('GET', 'jar:http://example.org/tests/dom/base/test/file_bug804395.jar!/foo.bar', true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
ok(xhr.status == 200, "Existing file must have Status 200!");
runTests();
}
}
xhr.send(null);
}
function test404() {
var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
xhr.open('GET', 'jar:http://example.org/tests/dom/base/test/file_bug804395.jar!/foo.do_not_exist', true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
ok(xhr.status == 404, "Non existing file must have Status 404!");
runTests();
}
}
xhr.send(null);
}
function test0() {
var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
xhr.open('GET', 'jar:http://example.org/tests/dom/base/test/file_bug804395.jar!/foo.bar', true);
ok(xhr.status == 0, "Not Sent request must have status 0");
runTests();
}
var tests = [ test200, test404, test0 ];
function runTests() {
if (!tests.length) {
SimpleTest.finish();
return;
}
var test = tests.shift();
test();
}
/** Test for Bug 804395 **/
SimpleTest.waitForExplicitFinish();
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, function() {
SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], runTests);
});
});
</script>
</pre>
</body>
</html>

Двоичные данные
dom/html/test/bug392567.jar
Просмотреть файл

Двоичный файл не отображается.

3
dom/html/test/mochitest.ini
Просмотреть файл

@ -19,8 +19,6 @@ support-files =
bug340800_iframe.txt
bug369370-popup.png
bug372098-link-target.html
bug392567.jar
bug392567.jar^headers^
bug441930_iframe.html
bug445004-inner.html
bug445004-inner.js
@ -251,7 +249,6 @@ skip-if = toolkit == 'android' #TIMED_OUT
[test_bug389797.html]
[test_bug390975.html]
[test_bug391994.html]
[test_bug392567.html]
[test_bug394700.html]
[test_bug395107.html]
[test_bug401160.xhtml]

86
dom/html/test/test_bug392567.html
Просмотреть файл

@ -1,86 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=392567
-->
<head>
<title>Test for Bug 392567</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=392567">Mozilla Bug 392567</a>
<p id="display"><iframe name="testFrame" id="testFrame" style="visibility: hidden;"></iframe></p>
<div id="content" style="display: none">
<form name="testForm" target="testFrame">
<input type="text" name="key" />
</form>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 392567 **/
SimpleTest.waitForExplicitFinish();
function runTests()
{
if (window.location.search.match(/\?key=value/)) {
return;
}
var dataUrl = "http://mochi.test:8888/tests/dom/html/test/bug392567.jar";
var jarUrl = "jar:" + dataUrl + "!/index.html";
var httpUrl = location.href.replace(/\.html.*/, "_404");
var previousDir = location.href.replace(/test\/[^\/]*$/, "");
var documentURL = location.href.replace(/\.html.*/, "\.html");
var form = document.forms.testForm;
var frame = frames.testFrame;
document.getElementById("testFrame").onload = processTestResult;
// List of tests to run, each test consists of form action URL and expected result URL
var tests = [
[jarUrl, jarUrl + "?$PARAMS"],
[jarUrl + "?jarTest1=jarTest2", jarUrl + "?$PARAMS"],
[jarUrl + "?jarTest3=jarTest4#jarTest5", jarUrl + "?$PARAMS#jarTest5"],
[httpUrl, httpUrl + "?$PARAMS"],
[httpUrl + "?httpTest1=httpTest2", httpUrl + "?$PARAMS"],
[httpUrl + "?httpTest3=httpTest4#httpTest5", httpUrl + "?$PARAMS#httpTest5"],
["", documentURL + "?$PARAMS"],
[" ", documentURL + "?$PARAMS"],
["../", previousDir + "?$PARAMS"],
];
var currentTest = -1;
runNextTest();
function runNextTest() {
currentTest++;
if (currentTest >= tests.length) {
SimpleTest.finish();
return;
}
form.setAttribute("action", tests[currentTest][0]);
form.key.value = "value" + currentTest;
form.submit();
}
function processTestResult() {
var expected = tests[currentTest][1].replace(/\$PARAMS/, "key=value" + currentTest);
is(frame.location.href, expected, "Submitting to " + tests[currentTest][0]);
setTimeout(runNextTest, 0);
}
}
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, runTests);
});
</script>
</pre>
</body>
</html>

1
dom/security/test/cors/mochitest.ini
Просмотреть файл

@ -2,7 +2,6 @@
support-files =
file_CrossSiteXHR_cache_server.sjs
file_CrossSiteXHR_inner.html
file_CrossSiteXHR_inner.jar
file_CrossSiteXHR_inner_data.sjs
file_CrossSiteXHR_server.sjs

7
dom/security/test/cors/test_CrossSiteXHR_origin.html
Просмотреть файл

@ -39,9 +39,6 @@ var origins =
{ server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',
origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
},
{ origin: 'http://example.org',
file: 'jar:http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
},
{ origin: 'null',
file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs'
},
@ -162,9 +159,7 @@ function* runTest() {
}
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, function() {
gen.next();
});
gen.next();
});
</script>
</pre>

233
modules/libjar/nsJARChannel.cpp
Просмотреть файл

@ -194,7 +194,6 @@ nsJARInputThunk::IsNonBlocking(bool *nonBlocking)
nsJARChannel::nsJARChannel()
: mOpened(false)
, mContentDisposition(0)
, mContentLength(-1)
, mLoadFlags(LOAD_NORMAL)
, mStatus(NS_OK)
@ -202,11 +201,8 @@ nsJARChannel::nsJARChannel()
, mEnableOMT(true)
, mPendingEvent()
, mIsUnsafe(true)
, mBlockRemoteFiles(false)
{
LOG(("nsJARChannel::nsJARChannel [this=%p]\n", this));
mBlockRemoteFiles = Preferences::GetBool("network.jar.block-remote-files", false);
// hold an owning reference to the jar handler
mJarHandler = gJarHandler;
}
@ -268,7 +264,7 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
{
LOG(("nsJARChannel::CreateJarInput [this=%p]\n", this));
MOZ_ASSERT(resultInput);
MOZ_ASSERT(mJarFile || mTempMem);
MOZ_ASSERT(mJarFile);
// important to pass a clone of the file since the nsIFile impl is not
// necessarily MT-safe
@ -284,7 +280,6 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
if (mPreCachedJarReader) {
reader = mPreCachedJarReader;
} else if (jarCache) {
MOZ_ASSERT(mJarFile);
if (mInnerJarEntry.IsEmpty())
rv = jarCache->GetZip(clonedFile, getter_AddRefs(reader));
else
@ -296,12 +291,7 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
if (NS_FAILED(rv))
return rv;
if (mJarFile) {
rv = outerReader->Open(clonedFile);
} else {
rv = outerReader->OpenMemory(mTempMem->Elements(),
mTempMem->Length());
}
rv = outerReader->Open(clonedFile);
if (NS_FAILED(rv))
return rv;
@ -899,11 +889,7 @@ nsJARChannel::SetContentCharset(const nsACString &aContentCharset)
NS_IMETHODIMP
nsJARChannel::GetContentDisposition(uint32_t *aContentDisposition)
{
if (mContentDispositionHeader.IsEmpty())
return NS_ERROR_NOT_AVAILABLE;
*aContentDisposition = mContentDisposition;
return NS_OK;
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
@ -927,11 +913,7 @@ nsJARChannel::SetContentDispositionFilename(const nsAString &aContentDisposition
NS_IMETHODIMP
nsJARChannel::GetContentDispositionHeader(nsACString &aContentDispositionHeader)
{
if (mContentDispositionHeader.IsEmpty())
return NS_ERROR_NOT_AVAILABLE;
aContentDispositionHeader = mContentDispositionHeader;
return NS_OK;
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
@ -964,9 +946,9 @@ nsJARChannel::Open(nsIInputStream **stream)
if (NS_FAILED(rv))
return rv;
// If mJarInput was not set by LookupFile, the JAR is a remote jar.
// If mJarFile was not set by LookupFile, we can't open a channel.
if (!mJarFile) {
NS_NOTREACHED("need sync downloader");
NS_NOTREACHED("only file-backed jars are supported");
return NS_ERROR_NOT_IMPLEMENTED;
}
@ -1003,8 +985,6 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
nsContentUtils::IsSystemPrincipal(mLoadInfo->LoadingPrincipal())),
"security flags in loadInfo but asyncOpen2() not called");
LOG(("nsJARChannel::AsyncOpen [this=%p]\n", this));
NS_ENSURE_ARG_POINTER(listener);
NS_ENSURE_TRUE(!mOpened, NS_ERROR_IN_PROGRESS);
NS_ENSURE_TRUE(!mIsPending, NS_ERROR_IN_PROGRESS);
@ -1020,65 +1000,17 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
mIsPending = true;
nsresult rv = LookupFile();
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
nsCOMPtr<nsIChannel> channel;
if (!mJarFile) {
if (NS_FAILED(rv) || !mJarFile) {
// Not a local file...
// Check preferences to see if all remote jar support should be disabled
if (mBlockRemoteFiles) {
mIsUnsafe = true;
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return NS_ERROR_UNSAFE_CONTENT_TYPE;
}
// kick off an async download of the base URI...
nsCOMPtr<nsIStreamListener> downloader = new MemoryDownloader(this);
uint32_t loadFlags =
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS);
rv = NS_NewChannelInternal(getter_AddRefs(channel),
mJarBaseURI,
mLoadInfo,
nullptr, // PerformanceStorage
mLoadGroup,
mCallbacks,
loadFlags);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
rv = channel->AsyncOpen2(downloader);
}
else {
rv = channel->AsyncOpen(downloader, nullptr);
}
}
else {
rv = OpenLocalFile();
if (NS_SUCCEEDED(rv)) {
return NS_OK;
}
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return mJarFile ? rv : NS_ERROR_UNSAFE_CONTENT_TYPE;
}
rv = OpenLocalFile();
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
@ -1088,11 +1020,6 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
return rv;
}
if (mLoadGroup)
mLoadGroup->AddRequest(this, nullptr);
mOpened = true;
LOG(("nsJARChannel::AsyncOpen [this=%p] 8\n", this));
return NS_OK;
}
@ -1100,18 +1027,18 @@ NS_IMETHODIMP
nsJARChannel::AsyncOpen2(nsIStreamListener *aListener)
{
LOG(("nsJARChannel::AsyncOpen2 [this=%p]\n", this));
nsCOMPtr<nsIStreamListener> listener = aListener;
nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
nsCOMPtr<nsIStreamListener> listener = aListener;
nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
return AsyncOpen(listener, nullptr);
return AsyncOpen(listener, nullptr);
}
//-----------------------------------------------------------------------------
@ -1210,116 +1137,6 @@ nsJARChannel::GetZipEntry(nsIZipEntry **aZipEntry)
return reader->GetEntry(mJarEntry, aZipEntry);
}
//-----------------------------------------------------------------------------
// mozilla::net::MemoryDownloader::IObserver
//-----------------------------------------------------------------------------
void
nsJARChannel::OnDownloadComplete(MemoryDownloader* aDownloader,
nsIRequest *request,
nsISupports *context,
nsresult status,
MemoryDownloader::Data aData)
{
nsresult rv;
nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
if (channel) {
uint32_t loadFlags;
channel->GetLoadFlags(&loadFlags);
if (loadFlags & LOAD_REPLACE) {
// Update our URI to reflect any redirects that happen during
// the HTTP request.
if (!mOriginalURI) {
SetOriginalURI(mJarURI);
}
nsCOMPtr<nsIURI> innerURI;
rv = channel->GetURI(getter_AddRefs(innerURI));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIJARURI> newURI;
rv = mJarURI->CloneWithJARFile(innerURI,
getter_AddRefs(newURI));
if (NS_SUCCEEDED(rv)) {
mJarURI = newURI;
}
}
if (NS_SUCCEEDED(status)) {
status = rv;
}
}
}
if (NS_SUCCEEDED(status) && channel) {
// In case the load info object has changed during a redirect,
// grab it from the target channel.
channel->GetLoadInfo(getter_AddRefs(mLoadInfo));
// Grab the security info from our base channel
channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo));
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
if (httpChannel) {
// We only want to run scripts if the server really intended to
// send us a JAR file. Check the server-supplied content type for
// a JAR type.
nsAutoCString header;
Unused << httpChannel->GetResponseHeader(
NS_LITERAL_CSTRING("Content-Type"), header);
nsAutoCString contentType;
nsAutoCString charset;
NS_ParseResponseContentType(header, contentType, charset);
nsAutoCString channelContentType;
channel->GetContentType(channelContentType);
mIsUnsafe = !(contentType.Equals(channelContentType) &&
(contentType.EqualsLiteral("application/java-archive") ||
contentType.EqualsLiteral("application/x-jar")));
} else {
nsCOMPtr<nsIJARChannel> innerJARChannel(do_QueryInterface(channel));
if (innerJARChannel) {
mIsUnsafe = innerJARChannel->GetIsUnsafe();
}
}
channel->GetContentDispositionHeader(mContentDispositionHeader);
mContentDisposition = NS_GetContentDispositionFromHeader(mContentDispositionHeader, this);
}
// This is a defense-in-depth check for the preferences to see if all remote jar
// support should be disabled. This check may not be needed.
MOZ_RELEASE_ASSERT(!mBlockRemoteFiles);
if (NS_SUCCEEDED(status) && mIsUnsafe &&
!Preferences::GetBool("network.jar.open-unsafe-types", false)) {
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
}
if (NS_SUCCEEDED(status)) {
// Refuse to unpack view-source: jars even if open-unsafe-types is set.
nsCOMPtr<nsIViewSourceChannel> viewSource = do_QueryInterface(channel);
if (viewSource) {
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
}
}
if (NS_SUCCEEDED(status)) {
mTempMem = Move(aData);
RefPtr<nsJARInputThunk> input;
rv = CreateJarInput(nullptr, getter_AddRefs(input));
if (NS_SUCCEEDED(rv)) {
// create input stream pump
rv = NS_NewInputStreamPump(getter_AddRefs(mPump), input.forget());
if (NS_SUCCEEDED(rv))
rv = mPump->AsyncRead(this, nullptr);
}
status = rv;
}
if (NS_FAILED(status)) {
NotifyError(status);
}
}
//-----------------------------------------------------------------------------
// nsIStreamListener
//-----------------------------------------------------------------------------

15
modules/libjar/nsJARChannel.h
Просмотреть файл

@ -33,7 +33,6 @@ class nsInputStreamPump;
//-----------------------------------------------------------------------------
class nsJARChannel final : public nsIJARChannel
, public mozilla::net::MemoryDownloader::IObserver
, public nsIStreamListener
, public nsIThreadRetargetableRequest
, public nsIThreadRetargetableStreamListener
@ -66,12 +65,6 @@ private:
nsresult CheckPendingEvents();
void NotifyError(nsresult aError);
void FireOnProgress(uint64_t aProgress);
virtual void OnDownloadComplete(mozilla::net::MemoryDownloader* aDownloader,
nsIRequest* aRequest,
nsISupports* aCtxt,
nsresult aStatus,
mozilla::net::MemoryDownloader::Data aData)
override;
nsCString mSpec;
@ -90,10 +83,6 @@ private:
nsCOMPtr<nsISupports> mListenerContext;
nsCString mContentType;
nsCString mContentCharset;
nsCString mContentDispositionHeader;
/* mContentDisposition is uninitialized if mContentDispositionHeader is
* empty */
uint32_t mContentDisposition;
int64_t mContentLength;
uint32_t mLoadFlags;
nsresult mStatus;
@ -108,7 +97,6 @@ private:
bool mIsUnsafe;
mozilla::net::MemoryDownloader::Data mTempMem;
nsCOMPtr<nsIInputStreamPump> mPump;
// mRequest is only non-null during OnStartRequest, so we'll have a pointer
// to the request if we get called back via RetargetDeliveryTo.
@ -122,9 +110,6 @@ private:
// use StreamTransportService as background thread
nsCOMPtr<nsIEventTarget> mWorker;
// True if this channel should not download any remote files.
bool mBlockRemoteFiles;
};
#endif // nsJARChannel_h__

0
modules/libjar/test/mochitest/bug403331.zip → modules/libjar/test/mochitest/bug1173171.zip
Просмотреть файл

0
dom/html/test/bug392567.jar^headers^ → modules/libjar/test/mochitest/bug1173171.zip^headers^
Просмотреть файл

1
modules/libjar/test/mochitest/bug403331.zip^headers^
Просмотреть файл

@ -1 +0,0 @@
Content-Type: application/java-archive

14
modules/libjar/test/mochitest/mochitest.ini
Просмотреть файл

@ -1,11 +1,5 @@
[DEFAULT]
support-files =
bug403331.zip
bug403331.zip^headers^
openredirect.sjs
!/dom/base/test/file_bug945152.jar
[test_bug403331.html]
[test_bug1034143_mapped.html]
run-if = os == 'linux'
[test_bug1173171.html]
[test_bug1173171.html]
support-files =
bug1173171.zip
bug1173171.zip^headers^

5
modules/libjar/test/mochitest/openredirect.sjs
Просмотреть файл

@ -1,5 +0,0 @@
function handleRequest(request, response)
{
response.setStatusLine(request.httpVersion, 301, "Moved Permanently");
response.setHeader("Location", request.queryString, false);
}

53
modules/libjar/test/mochitest/test_bug1034143_mapped.html
Просмотреть файл

@ -1,53 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1034143
-->
<head>
<meta charset="utf-8">
<title>Test for Bug 945152</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1034143">Mozilla Bug 1034143</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script type="application/javascript">
// Ensure that XMLHttpRequest's memory-mapping code can handle a case
// where the nsIJARChannel's jarFile property is null, but which is
// otherwise eligible for bug 945152's memory-mapping optimization.
function runTest() {
const jarURL = "jar:http://example.org/tests/dom/base/test/file_bug945152.jar!/data_1.txt";
let xhr = new XMLHttpRequest({ mozAnon: true, mozSystem: true });
xhr.open("GET", jarURL);
xhr.onerror = function onerror(e) {
ok(false, "JAR XHR failed: " + e.status);
SimpleTest.finish();
};
xhr.onload = function onload(e) {
ok(xhr.status == 200, "Status is 200");
let ct = xhr.getResponseHeader("Content-Type");
ok(!ct.includes("mem-mapped"), "Data is not memory-mapped");
SimpleTest.finish();
};
xhr.responseType = 'arraybuffer';
xhr.send();
}
SimpleTest.waitForExplicitFinish();
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["dom.mapped_arraybuffer.enabled", true],
["network.jar.block-remote-files", false]]}, function() {
SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], runTest);
});
});
</script>
</pre>
</body>
</html>

18
modules/libjar/test/mochitest/test_bug1173171.html
Просмотреть файл

@ -18,15 +18,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
/** Test for Bug 1173171 **/
// __setPref(key, value)__.
// Set a pref value asynchronously, returning a prmoise that resolves
// when it succeeds.
let pushPref = function (key, value) {
return new Promise(function(resolve, reject) {
SpecialPowers.pushPrefEnv({"set": [[key, value]]}, resolve);
});
};
// __xhr(method, url, responseType__.
// A simple async XMLHttpRequest call.
// Returns a promise with the response.
@ -49,12 +40,9 @@ let jarURL = "jar:http://mochi.test:8888/tests/modules/libjar/test/mochitest/bug
// Test behavior when blocking is deactivated and activated.
add_task(async function() {
for (let shouldBlock of [false, true]) {
await pushPref("network.jar.block-remote-files", shouldBlock);
let response = await xhr("GET", jarURL, "document");
ok(shouldBlock === (response === null),
"Remote jars should be blocked if and only if the 'network.jar.block-remote-files' pref is active.");
}
let shouldBlock = true;
let response = await xhr("GET", jarURL, "document");
is(response, null, "Remote jars should be blocked.");
});
</script>

47
modules/libjar/test/mochitest/test_bug403331.html
Просмотреть файл

@ -1,47 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=403331
-->
<head>
<title>Test for Bug 403331</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe id="testFrame"></iframe>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 403331 **/
SimpleTest.waitForExplicitFinish();
function runTest() {
var testFrame = document.getElementById('testFrame');
// Try a redirected load from another domain to this one.
testFrame.onload = function() {
// If properly redirected, we'll be able to access elements in the loaded
// document.
var item = testFrame.contentDocument.getElementById('testitem');
is(item.textContent, "testcontents", "Should be able to access the child document");
SimpleTest.finish();
}
testFrame.src = "jar:http://example.org:80/tests/modules/libjar/test/mochitest/openredirect.sjs?http://mochi.test:8888/tests/modules/libjar/test/mochitest/bug403331.zip!/test.html";
}
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, runTest);
});
</script>
</pre>
</body>
</html>

39
modules/libjar/test/unit/test_bug407303.js
Просмотреть файл

@ -1,39 +0,0 @@
// Regression test for bug 407303 - A failed channel should not be checked
// for an unsafe content type.
ChromeUtils.import("resource://gre/modules/Services.jsm");
ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
// XXX: NS_ERROR_UNKNOWN_HOST is not in Components.results
const NS_ERROR_UNKNOWN_HOST = 0x804B001E;
var listener = {
QueryInterface: function(iid) {
if (iid.equals(Ci.nsISupports) ||
iid.equals(Ci.nsIRequestObserver))
return this;
throw Cr.NS_ERROR_NO_INTERFACE;
},
onStartRequest: function(request, context) {
},
onDataAvailable: function(request, context, stream, offset, count) {
do_throw("shouldn't get data!");
},
onStopRequest: function(request, context, status) {
Assert.equal(status, NS_ERROR_UNKNOWN_HOST);
do_test_finished();
}
};
function run_test() {
Services.prefs.setBoolPref("network.jar.block-remote-files", false);
var channel = NetUtil.newChannel({
uri: "jar:http://test.invalid/test.jar!/index.html",
loadUsingSystemPrincipal: true}
);
channel.asyncOpen2(listener);
do_test_pending();
}

1
modules/libjar/test/unit/xpcshell.ini
Просмотреть файл

@ -25,7 +25,6 @@ skip-if = os == "mac"
[test_bug336691.js]
[test_bug370103.js]
[test_bug379841.js]
[test_bug407303.js]
[test_bug453254.js]
[test_bug458158.js]
[test_bug589292.js]

7
modules/libpref/init/all.js
Просмотреть файл

@ -1892,13 +1892,6 @@ pref("network.websocket.delay-failed-reconnects", true);
// Equal to the DEFAULT_RECONNECTION_TIME_VALUE value in nsEventSource.cpp
pref("dom.server-events.default-reconnection-time", 5000); // in milliseconds
// If false, remote JAR files that are served with a content type other than
// application/java-archive or application/x-jar will not be opened
// by the jar channel.
pref("network.jar.open-unsafe-types", false);
// If true, loading remote JAR files using the jar: protocol will be prevented.
pref("network.jar.block-remote-files", true);
// This preference, if true, causes all UTF-8 domain names to be normalized to
// punycode. The intention is to allow UTF-8 domain names as input, but never
// generate them from punycode.