Bug 782882 - only allow sharing of http or https urls. r=jaws
authorMark Hammond <mhammond@skippinet.com.au>
Thu, 25 Oct 2012 16:44:53 +1100
changeset 111333 081340dcc074ae3c0fa90de86b7ce84b20b80318
parent 111332 c723271fec16afbb94c5916eeb9be5ba085db7a2
child 111334 689834383fbbdc3fe10e3e722be5cc328edf8707
push id23740
push userryanvm@gmail.com
push dateThu, 25 Oct 2012 12:13:42 +0000
treeherdermozilla-central@5374fb480634 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjaws
bugs782882
milestone19.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 782882 - only allow sharing of http or https urls. r=jaws
browser/base/content/browser-social.js
browser/base/content/test/browser_social_shareButton.js
--- a/browser/base/content/browser-social.js
+++ b/browser/base/content/browser-social.js
@@ -504,21 +504,27 @@ let SocialShareButton = {
   get unsharePopup() {
     return document.getElementById("unsharePopup");
   },
 
   dismissUnsharePopup: function SSB_dismissUnsharePopup() {
     this.unsharePopup.hidePopup();
   },
 
+  canSharePage: function SSB_canSharePage(aURI) {
+    // We only allow sharing of http or https
+    return aURI && (aURI.schemeIs('http') || aURI.schemeIs('https'));
+  },
+
   updateButtonHiddenState: function SSB_updateButtonHiddenState() {
     let shareButton = this.shareButton;
     if (shareButton)
       shareButton.hidden = !Social.uiVisible || this.promptImages == null ||
-                           !SocialUI.haveLoggedInUser();
+                           !SocialUI.haveLoggedInUser() ||
+                           !this.canSharePage(gBrowser.currentURI);
   },
 
   onClick: function SSB_onClick(aEvent) {
     if (aEvent.button != 0)
       return;
 
     // Don't bubble to the textbox, to avoid unwanted selection of the address.
     aEvent.stopPropagation();
@@ -561,34 +567,38 @@ let SocialShareButton = {
 
   unsharePage: function SSB_unsharePage() {
     Social.unsharePage(gBrowser.currentURI);
     this.updateShareState();
     this.dismissUnsharePopup();
   },
 
   updateShareState: function SSB_updateShareState() {
-    let currentPageShared = Social.isPageShared(gBrowser.currentURI);
+    // we might have been called due to a location change, and the new location
+    // might change the state of "can this url be shared"
+    this.updateButtonHiddenState();
+
+    let shareButton = this.shareButton;
+    let currentPageShared = shareButton && !shareButton.hidden && Social.isPageShared(gBrowser.currentURI);
 
     // Provide a11y-friendly notification of share.
     let status = document.getElementById("share-button-status");
     if (status) {
       // XXX - this should also be capable of reflecting that the page was
       // unshared (ie, it needs to manage three-states: (1) nothing done, (2)
       // shared, (3) shared then unshared)
       // Note that we *do* have an appropriate string from the provider for
       // this (promptMessages['unsharedLabel'] but currently lack a way of
       // tracking this state)
       let statusString = currentPageShared ?
                            this.promptMessages['sharedLabel'] : "";
       status.setAttribute("value", statusString);
     }
 
     // Update the share button, if present
-    let shareButton = this.shareButton;
     if (!shareButton || shareButton.hidden)
       return;
 
     let imageURL;
     if (currentPageShared) {
       shareButton.setAttribute("shared", "true");
       shareButton.setAttribute("tooltiptext", this.promptMessages['unshareTooltip']);
       imageURL = this.promptImages["unshare"]
--- a/browser/base/content/test/browser_social_shareButton.js
+++ b/browser/base/content/test/browser_social_shareButton.js
@@ -3,18 +3,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 let prefName = "social.enabled",
     gFinishCB;
 
 function test() {
   waitForExplicitFinish();
 
-  // Need to load a non-empty page for the social share button to appear
-  let tab = gBrowser.selectedTab = gBrowser.addTab("about:", {skipAnimation: true});
+  // Need to load a http/https/ftp/ftps page for the social share button to appear
+  let tab = gBrowser.selectedTab = gBrowser.addTab("https://example.com", {skipAnimation: true});
   tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
     tab.linkedBrowser.removeEventListener("load", tabLoad, true);
     executeSoon(tabLoaded);
   }, true);
 
   registerCleanupFunction(function() {
     Services.prefs.clearUserPref(prefName);
     gBrowser.removeTab(tab);
@@ -256,22 +256,73 @@ function testStillSharedAfterReopen() {
     is(shareButton.hasAttribute("shared"), true, "Share button should reflect the share");
     gBrowser.removeTab(tab);
     // should be on the initial unshared tab now.
     is(shareButton.hasAttribute("shared"), false, "Initial tab should be selected and be unshared.");
     // now open the same URL - should be back to shared.
     tab = gBrowser.selectedTab = gBrowser.addTab(toShare, {skipAnimation: true});
     tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
       tab.linkedBrowser.removeEventListener("load", tabLoad, true);
-      is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
-      SocialShareButton.unsharePage();
+      executeSoon(function() {
+        is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
+        SocialShareButton.unsharePage();
+        gBrowser.removeTab(tab);
+        executeSoon(testOnlyShareCertainUrlsTabSwitch);
+      });
+    }, true);
+  }, true);
+}
+
+function testOnlyShareCertainUrlsTabSwitch() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    let tab2 = gBrowser.selectedTab = gBrowser.addTab(notSharable);
+    let tabb2 = gBrowser.getBrowserForTab(tab2);
+    tabb2.addEventListener("load", function tabLoad(event) {
+      tabb2.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      gBrowser.selectedTab = tab;
+      ok(!shareButton.hidden, "share button re-shown when switching back to http: url");
+      gBrowser.selectedTab = tab2;
+      ok(shareButton.hidden, "share button re-hidden when switching back to about:blank");
       gBrowser.removeTab(tab);
-      executeSoon(testDisable);
+      gBrowser.removeTab(tab2);
+      executeSoon(testOnlyShareCertainUrlsSameTab);
     }, true);
   }, true);
 }
 
+function testOnlyShareCertainUrlsSameTab() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    tabb.addEventListener("load", function tabLoad(event) {
+      tabb.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      tabb.addEventListener("load", function tabLoad(event) {
+        tabb.removeEventListener("load", tabLoad, true);
+        ok(!shareButton.hidden, "share button re-enabled http url");
+        gBrowser.removeTab(tab);
+        executeSoon(testDisable);
+      }, true);
+      tabb.loadURI(toShare);
+    }, true);
+    tabb.loadURI(notSharable);
+  }, true);
+}
+
 function testDisable() {
   let shareButton = SocialShareButton.shareButton;
   Services.prefs.setBoolPref(prefName, false);
   is(shareButton.hidden, true, "Share button should be hidden when pref is disabled");
   gFinishCB();
 }