bug 791943; r=fabrice, a=akeybl
authorMyk Melez <myk@mozilla.org>
Tue, 25 Sep 2012 10:31:09 -0700
changeset 106951 229a0c3a8f95c33662af2e81bc7944908d12ccdb
parent 106950 dcd4b71977cd46de2420bd8439bd64cc47a25839
child 106952 030540c0d2439936eaf0ada86e45b0848990d238
push id2161
push usermyk@mozilla.com
push dateTue, 25 Sep 2012 17:32:31 +0000
treeherdermozilla-aurora@229a0c3a8f95 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfabrice, akeybl
bugs791943
milestone17.0a2
bug 791943; r=fabrice, a=akeybl
dom/apps/src/Webapps.js
dom/tests/mochitest/webapps/test_install_errors.xul
--- a/dom/apps/src/Webapps.js
+++ b/dom/apps/src/Webapps.js
@@ -102,19 +102,31 @@ WebappsRegistry.prototype = {
     this.removeRequest(msg.requestID);
   },
 
   _getOrigin: function(aURL) {
     let uri = Services.io.newURI(aURL, null, null);
     return uri.prePath; 
   },
 
+  _validateScheme: function(aURL) {
+    let scheme = Services.io.newURI(aURL, null, null).scheme;
+    if (scheme != "http" && scheme != "https") {
+      throw new Components.Exception(
+        "INVALID_URL_SCHEME: '" + scheme + "'; must be 'http' or 'https'",
+        Cr.NS_ERROR_FAILURE
+      );
+    }
+  },
+
   // mozIDOMApplicationRegistry implementation
   
   install: function(aURL, aParams) {
+    this._validateScheme(aURL);
+
     let installURL = this._window.location.href;
     let installOrigin = this._getOrigin(installURL);
     let request = this.createRequest();
     let requestID = this.getRequestId(request);
     let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Ci.nsIXMLHttpRequest);
     xhr.open("GET", aURL, true);
     xhr.channel.loadFlags |= Ci.nsIRequest.VALIDATE_ALWAYS;
 
@@ -178,16 +190,18 @@ WebappsRegistry.prototype = {
 
   uninit: function() {
     this._mgmt = null;
   },
 
   // mozIDOMApplicationRegistry2 implementation
 
   installPackage: function(aPackageURL, aParams) {
+    this._validateScheme(aPackageURL);
+
     let request = this.createRequest();
     let requestID = this.getRequestId(request);
 
     let receipts = (aParams && aParams.receipts &&
                     Array.isArray(aParams.receipts)) ? aParams.receipts : [];
     let categories = (aParams && aParams.categories &&
                       Array.isArray(aParams.categories)) ? aParams.categories : [];
     cpmm.sendAsyncMessage("Webapps:InstallPackage", { url: aPackageURL,
--- a/dom/tests/mochitest/webapps/test_install_errors.xul
+++ b/dom/tests/mochitest/webapps/test_install_errors.xul
@@ -23,17 +23,17 @@
 <script> 
 
 function go() {
   runAll(steps);
 }
 
 steps = [no_args, parse_error, invalid_manifest, permission_denied, invalid_content,
          install_package_not_implemented, mgmt_api_errors, mgmt_api_add_listener,
-         uninstall_apps, tearDown];
+         uninstall_apps, fileURL, tearDown];
 
 function no_args(next)  {
   debug("in " + arguments.callee.name);
   try { 
     navigator.mozApps.install();
   } catch (e) {
     ok(e.message == "Not enough arguments \[mozIDOMApplicationRegistry.install\]", "install returned " + e.message);
     next();
@@ -86,11 +86,32 @@ function uninstall_apps(next) {
   debug("in " + arguments.callee.name);
   var appURL = SERVERS['bad_content_type'];
   uninstall(appURL, ok, function() {
     appURL = SERVERS['no_delegated_install'];
     uninstall(appURL, ok, function() { next(); });
   });
 }
 
+function fileURL(next) {
+  try {
+    navigator.mozApps.install("file:///nonexistent");
+    ok(false,
+       "attempt to install nonexistent file: URL doesn't throw exception");
+  } catch(ex) {
+    is(ex.message, "INVALID_URL_SCHEME: 'file'; must be 'http' or 'https'",
+       "attempt to install nonexistent file: URL throws exception");
+  }
+
+  try {
+    navigator.mozApps.install("file:///");
+    ok(false, "attempt to install existent file: URL doesn't throw exception");
+  } catch(ex) {
+    is(ex.message, "INVALID_URL_SCHEME: 'file'; must be 'http' or 'https'",
+       "attempt to install existent file: URL throws exception");
+  }
+
+  next();
+}
+
 </script> 
 
 </window>