зеркало из https://github.com/mozilla/pjs.git
bug 255119 do not display http response body of 3xx with javascript: location header r=honzab
This commit is contained in:
Patrick McManus
Родитель
10449721d8
Коммит
1f6ae32da2
|
|
@ -67,6 +67,7 @@
|
||||||
#include "nsIRedirectResultListener.h"
|
#include "nsIRedirectResultListener.h"
|
||||||
#include "mozilla/TimeStamp.h"
|
#include "mozilla/TimeStamp.h"
|
||||||
#include "mozilla/Telemetry.h"
|
#include "mozilla/Telemetry.h"
|
||||||
|
#include "nsDOMError.h"
|
||||||
|
|
||||||
// True if the local cache should be bypassed when processing a request.
|
// True if the local cache should be bypassed when processing a request.
|
||||||
#define BYPASS_LOCAL_CACHE(loadFlags) \
|
#define BYPASS_LOCAL_CACHE(loadFlags) \
|
||||||
|
|
@ -1086,6 +1087,25 @@ nsHttpChannel::ProcessResponse()
|
||||||
nsresult
|
nsresult
|
||||||
nsHttpChannel::ContinueProcessResponse(nsresult rv)
|
nsHttpChannel::ContinueProcessResponse(nsresult rv)
|
||||||
{
|
{
|
||||||
|
if (rv == NS_ERROR_DOM_BAD_URI && mRedirectURI) {
|
||||||
|
|
||||||
|
PRBool isHTTP = PR_FALSE;
|
||||||
|
if (NS_FAILED(mRedirectURI->SchemeIs("http", &isHTTP)))
|
||||||
|
isHTTP = PR_FALSE;
|
||||||
|
if (!isHTTP && NS_FAILED(mRedirectURI->SchemeIs("https", &isHTTP)))
|
||||||
|
isHTTP = PR_FALSE;
|
||||||
|
|
||||||
|
if (!isHTTP) {
|
||||||
|
// This was a blocked attempt to redirect and subvert the system by
|
||||||
|
// redirecting to another protocol (perhaps javascript:)
|
||||||
|
// In that case we want to throw an error instead of displaying the
|
||||||
|
// non-redirected response body.
|
||||||
|
|
||||||
|
LOG(("ContinueProcessResponse detected rejected Non-HTTP Redirection"));
|
||||||
|
return NS_ERROR_CORRUPTED_CONTENT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_SUCCEEDED(rv)) {
|
if (NS_SUCCEEDED(rv)) {
|
||||||
InitCacheEntry();
|
InitCacheEntry();
|
||||||
CloseCacheEntry(PR_FALSE);
|
CloseCacheEntry(PR_FALSE);
|
||||||
|
|
|
||||||
|
|
@ -124,12 +124,12 @@ ChannelListener.prototype = {
|
||||||
|
|
||||||
onStopRequest: function(request, context, status) {
|
onStopRequest: function(request, context, status) {
|
||||||
try {
|
try {
|
||||||
if (!this._got_onstartrequest)
|
var success = Components.isSuccessCode(status);
|
||||||
|
if (!this._got_onstartrequest && success)
|
||||||
do_throw("onStopRequest without onStartRequest event!");
|
do_throw("onStopRequest without onStartRequest event!");
|
||||||
if (this._got_onstoprequest)
|
if (this._got_onstoprequest)
|
||||||
do_throw("Got second onStopRequest event!");
|
do_throw("Got second onStopRequest event!");
|
||||||
this._got_onstoprequest = true;
|
this._got_onstoprequest = true;
|
||||||
var success = Components.isSuccessCode(status);
|
|
||||||
if ((this._flags & CL_EXPECT_FAILURE) && success)
|
if ((this._flags & CL_EXPECT_FAILURE) && success)
|
||||||
do_throw("Should have failed to load URL (status is " + status.toString(16) + ")");
|
do_throw("Should have failed to load URL (status is " + status.toString(16) + ")");
|
||||||
else if (!(this._flags & CL_EXPECT_FAILURE) && !success)
|
else if (!(this._flags & CL_EXPECT_FAILURE) && !success)
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,61 @@
|
||||||
|
do_load_httpd_js();
|
||||||
|
|
||||||
|
var httpserver = new nsHttpServer();
|
||||||
|
var index = 0;
|
||||||
|
var tests = [
|
||||||
|
{url : "/test/test",
|
||||||
|
datalen : 16},
|
||||||
|
|
||||||
|
// Test that the http channel fails and the response body is suppressed
|
||||||
|
// bug 255119
|
||||||
|
{url: "/test/test",
|
||||||
|
responseheader: [ "Location: javascript:alert()"],
|
||||||
|
flags : CL_EXPECT_FAILURE,
|
||||||
|
datalen : 0},
|
||||||
|
];
|
||||||
|
|
||||||
|
function setupChannel(url) {
|
||||||
|
var ios = Components.classes["@mozilla.org/network/io-service;1"].
|
||||||
|
getService(Ci.nsIIOService);
|
||||||
|
var chan = ios.newChannel("http://localhost:4444" + url, "", null);
|
||||||
|
return chan;
|
||||||
|
}
|
||||||
|
|
||||||
|
function startIter() {
|
||||||
|
var channel = setupChannel(tests[index].url);
|
||||||
|
channel.asyncOpen(new ChannelListener(completeIter, channel, tests[index].flags), null);
|
||||||
|
}
|
||||||
|
|
||||||
|
function completeIter(request, data, ctx) {
|
||||||
|
do_check_true(data.length == tests[index].datalen);
|
||||||
|
if (++index < tests.length) {
|
||||||
|
startIter();
|
||||||
|
} else {
|
||||||
|
httpserver.stop(do_test_finished);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function run_test() {
|
||||||
|
httpserver.registerPathHandler("/test/test", handler);
|
||||||
|
httpserver.start(4444);
|
||||||
|
|
||||||
|
startIter();
|
||||||
|
do_test_pending();
|
||||||
|
}
|
||||||
|
|
||||||
|
function handler(metadata, response) {
|
||||||
|
var body = "thequickbrownfox";
|
||||||
|
response.setHeader("Content-Type", "text/plain", false);
|
||||||
|
|
||||||
|
var header = tests[index].responseheader;
|
||||||
|
if (header != undefined) {
|
||||||
|
for (var i = 0; i < header.length; i++) {
|
||||||
|
var splitHdr = header[i].split(": ");
|
||||||
|
response.setHeader(splitHdr[0], splitHdr[1], false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setStatusLine(metadata.httpVersion, 302, "Redirected");
|
||||||
|
response.bodyOutputStream.write(body, body.length);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -137,6 +137,7 @@ skip-if = os == "android"
|
||||||
[test_MIME_params.js]
|
[test_MIME_params.js]
|
||||||
[test_multipart_streamconv.js]
|
[test_multipart_streamconv.js]
|
||||||
[test_nestedabout_serialize.js]
|
[test_nestedabout_serialize.js]
|
||||||
|
[test_nojsredir.js]
|
||||||
[test_offline_status.js]
|
[test_offline_status.js]
|
||||||
[test_parse_content_type.js]
|
[test_parse_content_type.js]
|
||||||
[test_permmgr.js]
|
[test_permmgr.js]
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче