Bug 782882 - only allow sharing of http or https urls. r=jaws a=gavin
authorMark Hammond <mhammond@skippinet.com.au>
Thu, 25 Oct 2012 16:44:53 +1100
changeset 113656 ffee7552efeccecdf5a8c35521bd930a04feb50e
parent 113655 b4db9e158fafcef5fdb461f9c5faadfa87920735
child 113657 ff1303caa975355ca421d20f5c4eff693c210567
push id2450
push userfelipc@gmail.com
push dateThu, 25 Oct 2012 20:26:41 +0000
treeherdermozilla-aurora@1e19bb30061f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjaws, gavin
bugs782882
milestone18.0a2
Bug 782882 - only allow sharing of http or https urls. r=jaws a=gavin
browser/base/content/browser-social.js
browser/base/content/test/browser_social_shareButton.js
--- a/browser/base/content/browser-social.js
+++ b/browser/base/content/browser-social.js
@@ -506,21 +506,27 @@ let SocialShareButton = {
   get unsharePopup() {
     return document.getElementById("unsharePopup");
   },
 
   dismissUnsharePopup: function SSB_dismissUnsharePopup() {
     this.unsharePopup.hidePopup();
   },
 
+  canSharePage: function SSB_canSharePage(aURI) {
+    // We only allow sharing of http or https
+    return aURI && (aURI.schemeIs('http') || aURI.schemeIs('https'));
+  },
+
   updateButtonHiddenState: function SSB_updateButtonHiddenState() {
     let shareButton = this.shareButton;
     if (shareButton)
       shareButton.hidden = !Social.uiVisible || this.promptImages == null ||
-                           !SocialUI.haveLoggedInUser();
+                           !SocialUI.haveLoggedInUser() ||
+                           !this.canSharePage(gBrowser.currentURI);
   },
 
   onClick: function SSB_onClick(aEvent) {
     if (aEvent.button != 0)
       return;
 
     // Don't bubble to the textbox, to avoid unwanted selection of the address.
     aEvent.stopPropagation();
@@ -563,34 +569,38 @@ let SocialShareButton = {
 
   unsharePage: function SSB_unsharePage() {
     Social.unsharePage(gBrowser.currentURI);
     this.updateShareState();
     this.dismissUnsharePopup();
   },
 
   updateShareState: function SSB_updateShareState() {
-    let currentPageShared = Social.isPageShared(gBrowser.currentURI);
+    // we might have been called due to a location change, and the new location
+    // might change the state of "can this url be shared"
+    this.updateButtonHiddenState();
+
+    let shareButton = this.shareButton;
+    let currentPageShared = shareButton && !shareButton.hidden && Social.isPageShared(gBrowser.currentURI);
 
     // Provide a11y-friendly notification of share.
     let status = document.getElementById("share-button-status");
     if (status) {
       // XXX - this should also be capable of reflecting that the page was
       // unshared (ie, it needs to manage three-states: (1) nothing done, (2)
       // shared, (3) shared then unshared)
       // Note that we *do* have an appropriate string from the provider for
       // this (promptMessages['unsharedLabel'] but currently lack a way of
       // tracking this state)
       let statusString = currentPageShared ?
                            this.promptMessages['sharedLabel'] : "";
       status.setAttribute("value", statusString);
     }
 
     // Update the share button, if present
-    let shareButton = this.shareButton;
     if (!shareButton || shareButton.hidden)
       return;
 
     let imageURL;
     if (currentPageShared) {
       shareButton.setAttribute("shared", "true");
       shareButton.setAttribute("tooltiptext", this.promptMessages['unshareTooltip']);
       imageURL = this.promptImages["unshare"]
--- a/browser/base/content/test/browser_social_shareButton.js
+++ b/browser/base/content/test/browser_social_shareButton.js
@@ -3,18 +3,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 let prefName = "social.enabled",
     gFinishCB;
 
 function test() {
   waitForExplicitFinish();
 
-  // Need to load a non-empty page for the social share button to appear
-  let tab = gBrowser.selectedTab = gBrowser.addTab("about:", {skipAnimation: true});
+  // Need to load a http/https/ftp/ftps page for the social share button to appear
+  let tab = gBrowser.selectedTab = gBrowser.addTab("https://example.com", {skipAnimation: true});
   tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
     tab.linkedBrowser.removeEventListener("load", tabLoad, true);
     executeSoon(tabLoaded);
   }, true);
 
   registerCleanupFunction(function() {
     Services.prefs.clearUserPref(prefName);
     gBrowser.removeTab(tab);
@@ -256,22 +256,73 @@ function testStillSharedAfterReopen() {
     is(shareButton.hasAttribute("shared"), true, "Share button should reflect the share");
     gBrowser.removeTab(tab);
     // should be on the initial unshared tab now.
     is(shareButton.hasAttribute("shared"), false, "Initial tab should be selected and be unshared.");
     // now open the same URL - should be back to shared.
     tab = gBrowser.selectedTab = gBrowser.addTab(toShare, {skipAnimation: true});
     tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
       tab.linkedBrowser.removeEventListener("load", tabLoad, true);
-      is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
-      SocialShareButton.unsharePage();
+      executeSoon(function() {
+        is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
+        SocialShareButton.unsharePage();
+        gBrowser.removeTab(tab);
+        executeSoon(testOnlyShareCertainUrlsTabSwitch);
+      });
+    }, true);
+  }, true);
+}
+
+function testOnlyShareCertainUrlsTabSwitch() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    let tab2 = gBrowser.selectedTab = gBrowser.addTab(notSharable);
+    let tabb2 = gBrowser.getBrowserForTab(tab2);
+    tabb2.addEventListener("load", function tabLoad(event) {
+      tabb2.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      gBrowser.selectedTab = tab;
+      ok(!shareButton.hidden, "share button re-shown when switching back to http: url");
+      gBrowser.selectedTab = tab2;
+      ok(shareButton.hidden, "share button re-hidden when switching back to about:blank");
       gBrowser.removeTab(tab);
-      executeSoon(testDisable);
+      gBrowser.removeTab(tab2);
+      executeSoon(testOnlyShareCertainUrlsSameTab);
     }, true);
   }, true);
 }
 
+function testOnlyShareCertainUrlsSameTab() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    tabb.addEventListener("load", function tabLoad(event) {
+      tabb.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      tabb.addEventListener("load", function tabLoad(event) {
+        tabb.removeEventListener("load", tabLoad, true);
+        ok(!shareButton.hidden, "share button re-enabled http url");
+        gBrowser.removeTab(tab);
+        executeSoon(testDisable);
+      }, true);
+      tabb.loadURI(toShare);
+    }, true);
+    tabb.loadURI(notSharable);
+  }, true);
+}
+
 function testDisable() {
   let shareButton = SocialShareButton.shareButton;
   Services.prefs.setBoolPref(prefName, false);
   is(shareButton.hidden, true, "Share button should be hidden when pref is disabled");
   gFinishCB();
 }