зеркало из https://github.com/mozilla/pjs.git
b=258048: update security observers from OnLocationChange, r=jst, a=drivers
This commit is contained in:
shaver%mozilla.org
Родитель
d547abe525
Коммит
e454c1dde9
|
|
@ -1119,16 +1119,11 @@ nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
|
||||||
nsIRequest* aRequest,
|
nsIRequest* aRequest,
|
||||||
nsIURI* aLocation)
|
nsIURI* aLocation)
|
||||||
{
|
{
|
||||||
PRBool isWyciwyg = PR_FALSE;
|
|
||||||
|
|
||||||
if (aLocation)
|
if (aLocation)
|
||||||
{
|
{
|
||||||
nsresult rv = aLocation->SchemeIs("wyciwyg", &isWyciwyg);
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
|
||||||
|
|
||||||
PRBool vs;
|
PRBool vs;
|
||||||
|
|
||||||
rv = aLocation->SchemeIs("view-source", &vs);
|
nsresult rv = aLocation->SchemeIs("view-source", &vs);
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
if (vs) {
|
if (vs) {
|
||||||
|
|
@ -1141,35 +1136,38 @@ nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
|
||||||
|
|
||||||
mCurrentURI = aLocation;
|
mCurrentURI = aLocation;
|
||||||
|
|
||||||
if (isWyciwyg) {
|
// The location bar has changed, so we must update the security state. The
|
||||||
|
// only concern with doing this here is that a page may transition from being
|
||||||
|
// reported as completely secure to being reported as partially secure
|
||||||
|
// (mixed). This may be confusing for users, and it may bother users who
|
||||||
|
// like seeing security dialogs. However, it seems prudent given that page
|
||||||
|
// loading may never end in some edge cases (perhaps by a site with malicious
|
||||||
|
// intent).
|
||||||
|
|
||||||
nsCOMPtr<nsIDOMWindow> windowForProgress;
|
nsCOMPtr<nsIDOMWindow> windowForProgress;
|
||||||
aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
|
aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
|
||||||
|
|
||||||
if (windowForProgress.get() == mWindow.get()) {
|
if (windowForProgress.get() == mWindow.get()) {
|
||||||
// For toplevel wyciwyg channels, upate the security state right
|
// For toplevel channels, update the security state right away.
|
||||||
// away.
|
|
||||||
return EvaluateAndUpdateSecurityState(aRequest);
|
return EvaluateAndUpdateSecurityState(aRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
// For wyciwyg channels in subdocuments we only update our
|
// For channels in subdocuments we only update our subrequest state members.
|
||||||
// subrequest state members.
|
|
||||||
UpdateSubrequestMembers(aRequest);
|
UpdateSubrequestMembers(aRequest);
|
||||||
|
|
||||||
// Care for the following scenario:
|
// Care for the following scenario:
|
||||||
|
|
||||||
// A new top level document load might have already started, but
|
// A new toplevel document load might have already started, but the security
|
||||||
// the security state of the new top level document might not yet
|
// state of the new toplevel document might not yet be known.
|
||||||
// been known.
|
|
||||||
//
|
//
|
||||||
// At this point, we are learning about the security state of a
|
// At this point, we are learning about the security state of a sub-document.
|
||||||
// sub-document. We must not update the security state based on
|
// We must not update the security state based on the sub content, if the new
|
||||||
// the sub content, if the new top level state is not yet known.
|
// top level state is not yet known.
|
||||||
//
|
//
|
||||||
// We skip updating the security state in this case.
|
// We skip updating the security state in this case.
|
||||||
|
|
||||||
if (mNewToplevelSecurityStateKnown)
|
if (mNewToplevelSecurityStateKnown)
|
||||||
return UpdateSecurityState(aRequest);
|
return UpdateSecurityState(aRequest);
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче