mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa

This commit is contained in:
bsmedberg%covad.net 2005-07-14 17:46:55 +00:00
Родитель be473bb2ee
Коммит 6115ede7b5
9 изменённых файлов: 111 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -1566,7 +1566,8 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
{
nsCAutoString spec;
principalURI->GetSpec(spec);
if (spec.EqualsLiteral("about:"))
if (spec.EqualsLiteral("about:") ||
StringBeginsWith(spec, NS_LITERAL_CSTRING("about:neterror?")))
{
*result = PR_TRUE;
return NS_OK;

15
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -3051,21 +3051,8 @@ nsDocShell::LoadErrorPage(nsIURI *aURI, const PRUnichar *aURL,
char *escapedError = nsEscape(NS_ConvertUTF16toUTF8(aErrorType).get(), url_Path);
char *escapedDescription = nsEscape(NS_ConvertUTF16toUTF8(aDescription).get(), url_Path);
nsXPIDLCString errorPageUrl;
nsCString errorPageUrl("about:neterror?e=");
nsCOMPtr<nsIPrefBranch> prefBranch(do_GetService(NS_PREFSERVICE_CONTRACTID));
if (prefBranch)
{
// Note that we don't expose this pref, because we don't want users fiddling with it.
prefBranch->GetCharPref("browser.xul.error_pages.location", getter_Copies(errorPageUrl));
}
if (errorPageUrl.IsEmpty())
{
errorPageUrl.AssignLiteral("chrome://global/content/netError.xhtml");
}
errorPageUrl.AppendLiteral("?e=");
errorPageUrl.AppendASCII(escapedError);
errorPageUrl.AppendLiteral("&u=");
errorPageUrl.AppendASCII(escapedUrl);

1
docshell/resources/content/jar.mn
Просмотреть файл

@ -1,3 +1,2 @@
toolkit.jar:
content/global/netError.xhtml
content/global/netError.js

0
docshell/resources/content/netError.js
Просмотреть файл

83
docshell/resources/content/netError.xhtml
Просмотреть файл

@ -51,7 +51,6 @@
<head>
<title>&loadError.label;</title>
<script src="chrome://global/content/netError.js"></script>
<style><![CDATA[
body {
font: message-box;
@ -161,12 +160,82 @@
</div>
</div>
<p><input type="button" value="&retry.label;" id="retry" onclick="retryThis();"/></p>
<!--
- Note: It is important to run fillIn using this way, instead of using
- an onload handler. This is because error pages are loaded as
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
-->
<script type="application/x-javascript">fillIn();</script>
<script type="application/x-javascript"><![CDATA[
// Error url MUST be formatted like this:
// moz-neterror:page?e=error&u=url&d=desc
// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.
function getErrorCode()
{
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
}
function getDuffUrl()
{
var url = document.documentURI;
var duffUrl = url.search(/u\=/);
var desc = url.search(/\&d\=/);
return decodeURIComponent(url.slice(duffUrl + 2, desc));
}
function getDescription()
{
var url = document.documentURI;
var desc = url.search(/d\=/);
return decodeURIComponent(url.slice(desc + 2));
}
function retryThis()
{
// Session history has the URL of the page that failed
// to load, not the one of the error page. So, just call
// reload(), which will also repost POST data correctly.
location.reload();
}
// Note: It is important to run this code inline, instead of using
// an onload handler. This is because error pages are loaded as
// LOAD_BACKGROUND, which means that onload handlers will not be executed.
var err = getErrorCode();
var duffUrl = getDuffUrl();
var i;
// Fill in the title
var et = document.getElementById("et_" + err);
if (et) {
et.className = "et_visible";
}
// Fill in the short description
var sd = document.getElementById("shortDesc");
for (i = 0; i < sd.childNodes.length; i++)
{
var n = sd.childNodes.item(i);
if (n.nodeType == Node.TEXT_NODE)
{
n.nodeValue = getDescription();
break;
}
}
// Long description
var ld = document.getElementById("ld_" + err);
if (ld) {
ld.className = "ld_visible";
}
]]></script>
</body>
</html>

5
netwerk/build/nsNetModule.cpp
Просмотреть файл

@ -1031,6 +1031,11 @@ static const nsModuleComponentInfo gNetModuleInfo[] = {
NS_ABOUT_MODULE_CONTRACTID_PREFIX "about",
nsAboutRedirector::Create
},
{ "about:neterror",
NS_ABOUT_REDIRECTOR_MODULE_CID,
NS_ABOUT_MODULE_CONTRACTID_PREFIX "neterror",
nsAboutRedirector::Create
},
{ "about:cache",
NS_ABOUT_CACHE_MODULE_CID,

35
netwerk/protocol/about/src/nsAboutProtocolHandler.cpp
Просмотреть файл

@ -131,32 +131,31 @@ nsAboutProtocolHandler::NewURI(const nsACString &aSpec,
return rv;
}
void
nsAboutProtocolHandler::StripQueryAndHash(nsCString& aPath)
{
PRInt32 f = aPath.FindCharInSet(NS_LITERAL_CSTRING("#?"));
if (f != kNotFound) {
aPath.Truncate(f);
}
// convert to lowercase, as all about: modules are lowercase
ToLowerCase(aPath);
}
NS_IMETHODIMP
nsAboutProtocolHandler::NewChannel(nsIURI* uri, nsIChannel* *result)
{
// about:what you ask?
nsresult rv;
nsCAutoString what;
rv = uri->GetPath(what);
nsCAutoString contractID;
rv = uri->GetPath(contractID);
if (NS_FAILED(rv)) return rv;
// look up a handler to deal with "whatStr"
nsCAutoString contractID(NS_ABOUT_MODULE_CONTRACTID_PREFIX);
// only take up to a question-mark if there is one:
nsACString::const_iterator begin, end;
what.BeginReading(begin);
what.EndReading(end);
FindCharInReadable('?', begin, end); // moves begin to first '?' or to end
end = begin;
what.BeginReading(begin);
FindCharInReadable('#', begin, end); // moves begin to first '#' or to end
end = begin;
what.BeginReading(begin);
contractID.Append(Substring(begin, end));
StripQueryAndHash(contractID);
// convert to lowercase, as all about: modules are lowercase
ToLowerCase(contractID);
// look up a handler to deal with "what"
contractID.Insert(NS_LITERAL_CSTRING(NS_ABOUT_MODULE_CONTRACTID_PREFIX), 0);
nsCOMPtr<nsIAboutModule> aboutMod(do_GetService(contractID.get(), &rv));
if (NS_SUCCEEDED(rv)) {

4
netwerk/protocol/about/src/nsAboutProtocolHandler.h
Просмотреть файл

@ -40,6 +40,8 @@
#include "nsIProtocolHandler.h"
class nsCString;
#define NS_ABOUTPROTOCOLHANDLER_CID \
{ /* 9e3b6c90-2f75-11d3-8cd0-0060b0fc14a3 */ \
0x9e3b6c90, \
@ -65,6 +67,8 @@ public:
nsresult Init();
static void StripQueryAndHash(nsCString& aPath);
protected:
};

8
netwerk/protocol/about/src/nsAboutRedirector.cpp
Просмотреть файл

@ -37,6 +37,7 @@
*
* ***** END LICENSE BLOCK ***** */
#include "nsAboutProtocolHandler.h"
#include "nsAboutRedirector.h"
#include "nsNetUtil.h"
#include "plstr.h"
@ -66,7 +67,8 @@ static RedirEntry kRedirMap[] = {
{ "buildconfig", "chrome://global/content/buildconfig.html", PR_TRUE },
{ "license", "chrome://global/content/MPL-1.1.html", PR_TRUE },
{ "licence", "chrome://global/content/MPL-1.1.html", PR_TRUE },
{ "about", "chrome://global/content/aboutAbout.html", PR_FALSE }
{ "about", "chrome://global/content/aboutAbout.html", PR_FALSE },
{ "neterror", "chrome://global/content/netError.xhtml", PR_TRUE }
};
static const int kRedirTotal = NS_ARRAY_LENGTH(kRedirMap);
@ -83,13 +85,15 @@ nsAboutRedirector::NewChannel(nsIURI *aURI, nsIChannel **result)
if (NS_FAILED(rv))
return rv;
nsAboutProtocolHandler::StripQueryAndHash(path);
nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv);
if (NS_FAILED(rv))
return rv;
for (int i=0; i<kRedirTotal; i++)
{
if (!PL_strcasecmp(path.get(), kRedirMap[i].id))
if (!strcmp(path.get(), kRedirMap[i].id))
{
nsCOMPtr<nsIChannel> tempChannel;
rv = ioService->NewChannel(nsDependentCString(kRedirMap[i].url),