Bug 1313533 - Have sendBeacon throw TypeErrors on invalid URLs to match a spec change. r=smaug
authorThomas Wisniewski <wisniewskit@gmail.com>
Fri, 28 Oct 2016 18:42:52 -0400
changeset 320202 a4079746a3f7da725f3174604ef0a127e2cd051b
parent 320201 72e781308ebf6a06c65a4400c28c4ad813bd1081
child 320203 bed4b65bc2361fde5a43f12131e88b1883a00be5
push id20751
push userphilringnalda@gmail.com
push dateSun, 30 Oct 2016 18:06:35 +0000
treeherderfx-team@e3279760cd97 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1313533
milestone52.0a1
Bug 1313533 - Have sendBeacon throw TypeErrors on invalid URLs to match a spec change. r=smaug
dom/base/Navigator.cpp
dom/tests/mochitest/beacon/test_beacon.html
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -1269,25 +1269,25 @@ Navigator::SendBeacon(const nsAString& a
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = nsContentUtils::NewURIWithDocumentCharset(
                   getter_AddRefs(uri),
                   aUrl,
                   doc,
                   doc->GetDocBaseURI());
   if (NS_FAILED(rv)) {
-    aRv.Throw(NS_ERROR_DOM_URL_MISMATCH_ERR);
+    aRv.ThrowTypeError<MSG_INVALID_URL>(aUrl);
     return false;
   }
 
-  // Explicitly disallow loading data: URIs
-  bool isDataScheme = false;
-  rv = uri->SchemeIs("data", &isDataScheme);
-  if (NS_FAILED(rv) || isDataScheme) {
-    aRv.Throw(NS_ERROR_CONTENT_BLOCKED);
+  // Spec disallows any schemes save for HTTP/HTTPs
+  bool isValidScheme;
+  if (!(NS_SUCCEEDED(uri->SchemeIs("http", &isValidScheme)) && isValidScheme) &&
+      !(NS_SUCCEEDED(uri->SchemeIs("https", &isValidScheme)) && isValidScheme)) {
+    aRv.ThrowTypeError<MSG_INVALID_URL_SCHEME>( NS_LITERAL_STRING("Beacon"), aUrl);
     return false;
   }
 
   nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL |
     nsIChannel::LOAD_CLASSIFY_URI;
 
   // No need to use CORS for sendBeacon unless it's a BLOB
   nsSecurityFlags securityFlags = (!aData.IsNull() && aData.Value().IsBlob())
--- a/dom/tests/mochitest/beacon/test_beacon.html
+++ b/dom/tests/mochitest/beacon/test_beacon.html
@@ -17,23 +17,35 @@ https://bugzilla.mozilla.org/show_bug.cg
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 SimpleTest.waitForExplicitFinish();
 SpecialPowers.pushPrefEnv({'set': [["beacon.enabled", true]]}, beginTest);
 
 function beginTest() {
   var threw;
-  try {
-    is(false, navigator.sendBeacon("ftp://example.com", "0"));
-    threw = false;
-  } catch (ex) {
-    threw = true;
+  for(let scheme of ["bad", "ftp", "data"]) {
+    try {
+      is(false, navigator.sendBeacon(`${scheme}://example.com`, "0"));
+      threw = false;
+    } catch (ex) {
+      threw = true;
+    }
+    ok(threw, `sendBeacon not supported for ${scheme} scheme.`);
   }
-  ok(threw, "sendBeacon not supported for non ftp calls.");
+
+  for(let scheme of ["http", "https"]) {
+    try {
+      is(false, navigator.sendBeacon(`${scheme}://invalid:URL`, "0"));
+      threw = false;
+    } catch (ex) {
+      threw = true;
+    }
+    ok(threw, `sendBeacon not supported for invalid ${scheme} URLs.`);
+  }
 
   try {
     is(false, navigator.sendBeacon());
     threw = false;
   } catch (e) {
     threw = true;
   }
   ok(threw, "sendBeacon needs more parameters.");