Bug 804446 - Disable the javascript: protocol when it is entered in the location bar of browser in Firefox OS. r=bz, a=blocking-basecamp
authorAndrea Marchesini <amarchesini@mozilla.com>
Fri, 26 Oct 2012 10:46:27 +0200
changeset 113811 8dbcb793c3c15bd4f48183ef67c20b2a3f2bccf0
parent 113810 3785dabca4871f95a7d19cb497be773c61ced056
child 113812 ddac7cc21c7f474bb589632860aecff348678b24
push id2519
push userryanvm@gmail.com
push dateWed, 31 Oct 2012 01:45:28 +0000
treeherdermozilla-aurora@54f51455ee2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, blocking-basecamp
bugs804446
milestone18.0a2
Bug 804446 - Disable the javascript: protocol when it is entered in the location bar of browser in Firefox OS. r=bz, a=blocking-basecamp
content/base/src/nsFrameLoader.cpp
dom/browser-element/mochitest/Makefile.in
dom/browser-element/mochitest/browserElement_FrameWrongURI.js
dom/browser-element/mochitest/file_browserElement_FrameWrongURI.html
dom/browser-element/mochitest/test_browserElement_inproc_FrameWrongURI.html
dom/browser-element/mochitest/test_browserElement_oop_FrameWrongURI.html
dom/ipc/TabChild.cpp
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@@ -476,21 +476,29 @@ nsFrameLoader::ReallyStartLoadingInterna
   loadInfo->SetOwner(mOwnerContent->NodePrincipal());
 
   nsCOMPtr<nsIURI> referrer;
   rv = mOwnerContent->NodePrincipal()->GetURI(getter_AddRefs(referrer));
   NS_ENSURE_SUCCESS(rv, rv);
 
   loadInfo->SetReferrer(referrer);
 
+  // Default flags:
+  int32_t flags = nsIWebNavigation::LOAD_FLAGS_NONE;
+
+  // Flags for browser frame:
+  if (OwnerIsBrowserFrame()) {
+    flags = nsIWebNavigation::LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
+            nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_OWNER;
+  }
+
   // Kick off the load...
   bool tmpState = mNeedsAsyncDestroy;
   mNeedsAsyncDestroy = true;
-  rv = mDocShell->LoadURI(mURIToLoad, loadInfo,
-                          nsIWebNavigation::LOAD_FLAGS_NONE, false);
+  rv = mDocShell->LoadURI(mURIToLoad, loadInfo, flags, false);
   mNeedsAsyncDestroy = tmpState;
   mURIToLoad = nullptr;
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NS_OK;
 }
 
 nsresult
--- a/dom/browser-element/mochitest/Makefile.in
+++ b/dom/browser-element/mochitest/Makefile.in
@@ -142,16 +142,19 @@ MOCHITEST_FILES = \
 		browserElement_AppFramePermission.js \
 		test_browserElement_inproc_AppFramePermission.html \
 		file_wyciwyg.html \
 		browserElement_ExposableURI.js \
 		test_browserElement_inproc_ExposableURI.html \
 		file_post_request.html \
 		test_browserElement_inproc_ReloadPostRequest.html \
 		browserElement_ReloadPostRequest.js \
+		browserElement_FrameWrongURI.js \
+		test_browserElement_inproc_FrameWrongURI.html \
+		file_browserElement_FrameWrongURI.html \
 		$(NULL)
 
 # Disabled due to https://bugzilla.mozilla.org/show_bug.cgi?id=774100
 #		test_browserElement_inproc_Reload.html \
 
 # OOP tests don't work on Windows (bug 763081) or native-fennec (bug
 # 774939).
 #
@@ -207,14 +210,15 @@ MOCHITEST_FILES += \
 		test_browserElement_oop_SendEvent.html \
 		test_browserElement_oop_ScrollEvent.html \
 		test_browserElement_oop_Auth.html \
 		test_browserElement_oop_RemoveBrowserElement.html \
 		test_browserElement_oop_DOMRequestError.html \
 		test_browserElement_oop_AppFramePermission.html \
 		test_browserElement_oop_ExposableURI.html \
 		test_browserElement_oop_ReloadPostRequest.html \
+		test_browserElement_oop_FrameWrongURI.html \
 		$(NULL)
 endif #}
 endif #}
 
 
 include $(topsrcdir)/config/rules.mk
new file mode 100644
--- /dev/null
+++ b/dom/browser-element/mochitest/browserElement_FrameWrongURI.js
@@ -0,0 +1,53 @@
+/* Any copyright is dedicated to the public domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Bug 804446 - Test that window.open(javascript:..) works with <iframe mozbrowser>.
+
+"use strict";
+SimpleTest.waitForExplicitFinish();
+
+function runTest() {
+  browserElementTestHelpers.setEnabledPref(true);
+  browserElementTestHelpers.addPermission();
+
+  var iframeJS = document.createElement('iframe');
+  iframeJS.mozbrowser = true;
+
+  iframeJS.addEventListener('mozbrowserloadstart', function(e) {
+    ok(false, "This should not happen!");
+  });
+
+  iframeJS.addEventListener('mozbrowserloadend', function(e) {
+    ok(false, "This should not happen!");
+  });
+
+  iframeJS.src = 'javascript:alert("Foo");';
+  document.body.appendChild(iframeJS);
+
+  var iframe = document.createElement('iframe');
+  iframe.mozbrowser = true;
+
+  var gotPopup = false;
+  iframe.addEventListener('mozbrowseropenwindow', function(e) {
+    is(gotPopup, false, 'Should get just one popup.');
+    gotPopup = true;
+
+    document.body.appendChild(e.detail.frameElement);
+  });
+
+  iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {
+    ok(gotPopup, 'Got mozbrowseropenwindow event before showmodalprompt event.');
+    if (e.detail.message.indexOf("success") == 0) {
+      ok(true, e.detail.message);
+      SimpleTest.finish();
+    }
+    else {
+      ok(false, "Got invalid message: " + e.detail.message);
+    }
+  });
+
+  iframe.src = 'file_browserElement_FrameWrongURI.html';
+  document.body.appendChild(iframe);
+}
+
+runTest();
new file mode 100644
--- /dev/null
+++ b/dom/browser-element/mochitest/file_browserElement_FrameWrongURI.html
@@ -0,0 +1,5 @@
+<script>
+  function testSucceeded() { alert("success"); }
+  function callback() { return "<script>opener.testSucceeded()</" + "script>"; }
+  var w = window.open("javascript:opener.callback();");
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/browser-element/mochitest/test_browserElement_inproc_FrameWrongURI.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test of browser element.</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="application/javascript" src="browserElementTestHelpers.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<script type="application/javascript;version=1.7" src="browserElement_FrameWrongURI.js">
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/browser-element/mochitest/test_browserElement_oop_FrameWrongURI.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test of browser element.</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="application/javascript" src="browserElementTestHelpers.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<script type="application/javascript;version=1.7" src="browserElement_FrameWrongURI.js">
+</script>
+</body>
+</html>
--- a/dom/ipc/TabChild.cpp
+++ b/dom/ipc/TabChild.cpp
@@ -1049,17 +1049,18 @@ TabChild::IsRootContentDocument()
 
 bool
 TabChild::RecvLoadURL(const nsCString& uri)
 {
     printf("loading %s, %d\n", uri.get(), NS_IsMainThread());
     SetProcessNameToAppName();
 
     nsresult rv = mWebNav->LoadURI(NS_ConvertUTF8toUTF16(uri).get(),
-                                   nsIWebNavigation::LOAD_FLAGS_NONE,
+                                   nsIWebNavigation::LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
+                                   nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_OWNER,
                                    NULL, NULL, NULL);
     if (NS_FAILED(rv)) {
         NS_WARNING("mWebNav->LoadURI failed. Eating exception, what else can I do?");
     }
 
     return true;
 }