| author | Ehsan Akhgari <ehsan@mozilla.com> |
| Mon, 28 Jun 2010 15:29:30 -0400 | |
| changeset 46365 | cb88ce4856e775bba69074c94a90a86af8dfab6c |
| parent 46353 | d1cbe16de6bf334c522b09ec2cee4cc17327a7c8 |
| child 46366 | b497bf52499727906378b701d4de4aa5efa5cb86 |
| push id | 14145 |
| push user | eakhgari@mozilla.com |
| push date | Mon, 28 Jun 2010 19:30:00 +0000 |
| treeherder | mozilla-central@b497bf524997 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| milestone | 1.9.3a6pre |
| backs out | d1cbe16de6bf334c522b09ec2cee4cc17327a7c8 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -1773,19 +1773,41 @@ nsScriptSecurityManager::CanExecuteScrip nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(sgo); nsCOMPtr<nsIDocShell> docshell; nsresult rv; if (window) { docshell = window->GetDocShell(); } - rv = docshell->GetCanExecuteScripts(result); - if (NS_FAILED(rv)) return rv; - if (!*result) return NS_OK; + nsCOMPtr<nsIDocShellTreeItem> globalObjTreeItem = + do_QueryInterface(docshell); + + if (globalObjTreeItem) + { + nsCOMPtr<nsIDocShellTreeItem> treeItem(globalObjTreeItem); + nsCOMPtr<nsIDocShellTreeItem> parentItem; + + // Walk up the docshell tree to see if any containing docshell disallows scripts + do + { + rv = docshell->GetAllowJavascript(result); + if (NS_FAILED(rv)) return rv; + if (!*result) + return NS_OK; // Do not run scripts + treeItem->GetParent(getter_AddRefs(parentItem)); + treeItem.swap(parentItem); + docshell = do_QueryInterface(treeItem); +#ifdef DEBUG + if (treeItem && !docshell) { + NS_ERROR("cannot get a docshell from a treeItem!"); + } +#endif // DEBUG + } while (treeItem && docshell); + } // OK, the docshell doesn't have script execution explicitly disabled. // Check whether our URI is an "about:" URI that allows scripts. If it is, // we need to allow JS to run. In this case, don't apply the JS enabled // pref or policies. On failures, just press on and don't do this special // case. nsCOMPtr<nsIURI> principalURI; aPrincipal->GetURI(getter_AddRefs(principalURI));
--- a/content/html/document/test/Makefile.in +++ b/content/html/document/test/Makefile.in @@ -60,16 +60,17 @@ include $(topsrcdir)/config/rules.mk test_bug311681.html \ test_bug311681.xhtml \ test_bug324378.html \ test_bug332848.xhtml \ test_bug359657.html \ test_bug369370.html \ bug369370-popup.png \ test_bug380383.html \ + test_bug386495.html \ test_bug391777.html \ test_bug402680.html \ test_bug403868.html \ test_bug403868.xhtml \ test_bug404320.html \ $(warning test_bug435128.html disabled because it takes 60 seconds) \ test_bug463104.html \ test_bug468353.html \
new file mode 100644 --- /dev/null +++ b/content/html/document/test/test_bug386495.html @@ -0,0 +1,42 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=386495 +--> +<head> + <title>Test for Bug 386495</title> + <script type="text/javascript" src="/MochiKit/packed.js"></script> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=386495">Mozilla Bug 386495</a> +<p id="display"></p> +<div id="content"> + <iframe id="testIframe"></iframe> +</div> +<pre id="test"> +<script class="testbody" type="text/javascript"> + +/** Test for Bug 386495 **/ + +function finishTest() { + is(document.getElementById("testIframe").contentWindow.timeoutFired, false, "Timeout shouldn't fire."); + SimpleTest.finish(); +} + +function testContentEditable() { + document.getElementById('testIframe').style.display = 'block'; + document.getElementById('testIframe').contentWindow.timeoutFired = false; + document.getElementById('testIframe').contentWindow.setTimeout("window.timeoutFired = true", 50); + document.getElementById('testIframe').contentDocument.designMode = 'on'; + setTimeout(finishTest, 100); +} + +SimpleTest.waitForExplicitFinish(); +addLoadEvent(testContentEditable); + +</script> +</pre> +</body> +</html>
--- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -11161,102 +11161,8 @@ nsDocShell::GetPrintPreview(nsIWebBrowse return NS_ERROR_NOT_IMPLEMENTED; #endif } #ifdef DEBUG unsigned long nsDocShell::gNumberOfDocShells = 0; #endif - -NS_IMETHODIMP -nsDocShell::GetCanExecuteScripts(PRBool *aResult, PRBool *aContinueLooking) -{ - NS_ENSURE_ARG_POINTER(aResult); - *aResult = PR_FALSE; // disallow by default - - nsCOMPtr<nsIDocShell> docshell = this; - nsCOMPtr<nsIDocShellTreeItem> globalObjTreeItem = - do_QueryInterface(docshell); - - if (globalObjTreeItem) - { - nsCOMPtr<nsIDocShellTreeItem> treeItem(globalObjTreeItem); - nsCOMPtr<nsIDocShellTreeItem> parentItem; - PRBool firstPass = PR_TRUE; - PRBool lookForParents = PR_FALSE; - - // Walk up the docshell tree to see if any containing docshell disallows scripts - do - { - nsresult rv = docshell->GetAllowJavascript(aResult); - if (NS_FAILED(rv)) return rv; - if (!*aResult) { - nsDocShell* realDocshell = static_cast<nsDocShell*>(docshell.get()); - if (realDocshell->mContentViewer) { - nsIDocument* doc = realDocshell->mContentViewer->GetDocument(); - if (doc && doc->HasFlag(NODE_IS_EDITABLE) && - realDocshell->mEditorData) { - nsCOMPtr<nsIEditingSession> editSession; - realDocshell->mEditorData->GetEditingSession(getter_AddRefs(editSession)); - PRBool jsDisabled = PR_FALSE; - if (editSession && - NS_SUCCEEDED(rv = editSession->GetJsAndPluginsDisabled(&jsDisabled))) { - if (firstPass) { - if (jsDisabled) { - // We have a docshell which has been explicitly set - // to design mode, so we disallow scripts. - return NS_OK; - } - // The docshell was not explicitly set to design mode, - // so it must be so because a parent was explicitly - // set to design mode. We don't need to look at higher - // docshells. - *aResult = PR_TRUE; - break; - } else if (lookForParents && jsDisabled) { - // If a parent was explicitly set to design mode, - // we should allow script execution on the child. - *aResult = PR_TRUE; - break; - } - // If the child docshell allows scripting, and the - // parent is inside design mode, we don't need to look - // further. - *aResult = PR_TRUE; - return NS_OK; - } - NS_WARNING("The editing session does not work?"); - return NS_FAILED(rv) ? rv : NS_ERROR_FAILURE; - } - if (firstPass) { - // Don't be too hard on docshells on the first pass. - // There may be a parent docshell which has been set - // to design mode, so look for it. - lookForParents = PR_TRUE; - } else { - // We have a docshell which disallows scripts - // and is not editable, so we shouldn't allow - // scripts at all. - return NS_OK; - } - } - } else if (lookForParents) { - // The parent docshell was not explicitly set to design - // mode, so js on the child docshell was disabled for - // another reason. Therefore, we need to disable js. - return NS_OK; - } - firstPass = PR_FALSE; - - treeItem->GetParent(getter_AddRefs(parentItem)); - treeItem.swap(parentItem); - docshell = do_QueryInterface(treeItem); -#ifdef DEBUG - if (treeItem && !docshell) { - NS_ERROR("cannot get a docshell from a treeItem!"); - } -#endif // DEBUG - } while (treeItem && docshell); - } - - return NS_OK; -}
--- a/docshell/base/nsIDocShell.idl +++ b/docshell/base/nsIDocShell.idl @@ -66,17 +66,17 @@ interface nsIRequest; interface nsISHEntry; interface nsILayoutHistoryState; interface nsISecureBrowserUI; interface nsIDOMStorage; interface nsIPrincipal; interface nsIWebBrowserPrint; interface nsIVariant; -[scriptable, uuid(8ac6b880-776a-44d4-b271-a7e64ae3debd)] +[scriptable, uuid(3adde256-05a9-43a7-a190-f8fe75eecfd6)] interface nsIDocShell : nsISupports { /** * Loads a given URI. This will give priority to loading the requested URI * in the object implementing this interface. If it can't be loaded here * however, the URL dispatcher will go through its normal process of content * loading. * @@ -506,19 +506,9 @@ interface nsIDocShell : nsISupports attribute boolean isOffScreenBrowser; /** * If the current content viewer isn't initialized for print preview, * it is replaced with one which is and to which an about:blank document * is loaded. */ readonly attribute nsIWebBrowserPrint printPreview; - - /** - * Whether this docshell can execute scripts based on its hierarchy. - * The rule of thumb here is that we disable js if this docshell or any - * of its parents disallow scripting, unless the only reason for js being - * disabled in this docshell is a parent docshell having a document that - * is in design mode. In that case, we explicitly allow scripting on the - * current docshell. - */ - readonly attribute boolean canExecuteScripts; };
--- a/editor/composer/public/nsIEditingSession.idl +++ b/editor/composer/public/nsIEditingSession.idl @@ -38,17 +38,17 @@ * * ***** END LICENSE BLOCK ***** */ #include "nsISupports.idl" #include "domstubs.idl" interface nsIEditor; -[scriptable, uuid(24f3f4da-18a4-448d-876d-7360fefac029)] +[scriptable, uuid(274cd32e-3675-47e1-9d8a-fc6504ded9ce)] interface nsIEditingSession : nsISupports { /** * Error codes when we fail to create an editor * is placed in attribute editorStatus */ const long eEditorOK = 0; @@ -123,15 +123,10 @@ interface nsIEditingSession : nsISupport */ void detachFromWindow(in nsIDOMWindow aWindow); /** * Undos detachFromWindow(), reattaches this editing session/editor * to the window. */ void reattachToWindow(in nsIDOMWindow aWindow); - - /** - * Whether this session has disabled JS and plugins. - */ - readonly attribute boolean jsAndPluginsDisabled; };
--- a/editor/composer/src/nsEditingSession.cpp +++ b/editor/composer/src/nsEditingSession.cpp @@ -256,24 +256,16 @@ nsEditingSession::RestoreJSAndPlugins(ns nsresult rv = docShell->SetAllowJavascript(mScriptsEnabled); NS_ENSURE_SUCCESS(rv, rv); // Disable plugins in this document: return docShell->SetAllowPlugins(mPluginsEnabled); } -NS_IMETHODIMP -nsEditingSession::GetJsAndPluginsDisabled(PRBool *aResult) -{ - NS_ENSURE_ARG_POINTER(aResult); - *aResult = mDisabledJSAndPlugins; - return NS_OK; -} - /*--------------------------------------------------------------------------- WindowIsEditable boolean windowIsEditable (in nsIDOMWindow aWindow); ----------------------------------------------------------------------------*/ NS_IMETHODIMP nsEditingSession::WindowIsEditable(nsIDOMWindow *aWindow, PRBool *outIsEditable)
--- a/editor/composer/test/Makefile.in +++ b/editor/composer/test/Makefile.in @@ -43,13 +43,12 @@ relativesrcdir = editor/composer/test include $(DEPTH)/config/autoconf.mk include $(topsrcdir)/config/rules.mk _TEST_FILES = \ test_bug348497.html \ test_bug384147.html \ test_bug389350.html \ - test_bug519928.html \ $(NULL) libs:: $(_TEST_FILES) $(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
deleted file mode 100644 --- a/editor/composer/test/test_bug519928.html +++ /dev/null @@ -1,96 +0,0 @@ -<!DOCTYPE HTML> -<html> -<!-- -https://bugzilla.mozilla.org/show_bug.cgi?id=519928 ---> -<head> - <title>Test for Bug 519928</title> - <script type="text/javascript" src="/MochiKit/packed.js"></script> - <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> - <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> -</head> -<body> -<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=519928">Mozilla Bug 519928</a> -<p id="display"></p> -<div id="content"> -<iframe id="load-frame"></iframe> -</div> -<pre id="test"> -<script class="testbody" type="text/javascript"> - -var iframe = document.getElementById("load-frame"); - -function enableJS() allowJS(true); -function disableJS() allowJS(false); -function allowJS(allow) { - netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); - iframe.contentWindow.QueryInterface(Components.interfaces.nsIInterfaceRequestor) - .getInterface(Components.interfaces.nsIWebNavigation) - .QueryInterface(Components.interfaces.nsIDocShell) - .allowJavascript = allow; -} -function expectJSAllowed(allowed, testCondition, callback) { - window.ICanRunMyJS = false; - var self_ = window; - testCondition(); - - var doc = iframe.contentDocument; - doc.body.innerHTML = "<iframe></iframe>"; - var innerFrame = doc.querySelector("iframe"); - innerFrame.addEventListener("load", function() { - innerFrame.removeEventListener("load", arguments.callee, false); - - var msg = "The inner iframe should" + (allowed ? "" : " not") + " be able to run Javascript"; - is(self_.ICanRunMyJS, allowed, msg); - callback(); - }, false); - var iframeSrc = "data:text/html,<script>parent.parent.ICanRunMyJS = true;</scr" + "ipt>"; - innerFrame.src = iframeSrc; -} - -SimpleTest.waitForExplicitFinish(); -addLoadEvent(function() { - var enterDesignMode = function() document.designMode = "on"; - var leaveDesignMode = function() document.designMode = "off"; - expectJSAllowed(false, disableJS, function() { - expectJSAllowed(true, enableJS, function() { - expectJSAllowed(true, enterDesignMode, function() { - expectJSAllowed(true, leaveDesignMode, function() { - expectJSAllowed(false, disableJS, function() { - expectJSAllowed(false, enterDesignMode, function() { - expectJSAllowed(false, leaveDesignMode, function() { - expectJSAllowed(true, enableJS, function() { - enterDesignMode = function() iframe.contentDocument.designMode = "on"; - leaveDesignMode = function() iframe.contentDocument.designMode = "off"; - expectJSAllowed(false, disableJS, function() { - expectJSAllowed(true, enableJS, function() { - expectJSAllowed(true, enterDesignMode, function() { - expectJSAllowed(true, leaveDesignMode, function() { - expectJSAllowed(false, disableJS, function() { - expectJSAllowed(true, enterDesignMode, function() { - expectJSAllowed(false, leaveDesignMode, function() { - expectJSAllowed(true, enableJS, function() { - SimpleTest.finish(); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); - }); -}); - -</script> -</pre> -</body> -</html> -