Bug 307770: pass the blocked host to xpinstall-install-blocked observers so that they can offer to whitelist the correct URI (fix installation of XPIs from target="blank" links), r=mano, sr=dveditz
authorgavin@gavinsharp.com
Sun, 19 Aug 2007 13:51:30 -0700
changeset 4799 3fc957030445f6f601f17b95fcaaecd32ed1b74f
parent 4798 41ebb2448c027fb37b01f41a06bd48f44f3463fe
child 4800 919bc79d409e9ffa76e0fd0aa16ad03d397ee1e7
push idunknown
push userunknown
push dateunknown
reviewersmano, dveditz
bugs307770
milestone1.9a8pre
Bug 307770: pass the blocked host to xpinstall-install-blocked observers so that they can offer to whitelist the correct URI (fix installation of XPIs from target="blank" links), r=mano, sr=dveditz
browser/base/content/browser.js
xpinstall/src/nsInstallTrigger.cpp
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -663,17 +663,17 @@ const gXPInstallObserver = {
     var brandBundle = document.getElementById("bundle_brand");
     var browserBundle = document.getElementById("bundle_browser");
     var browser, webNav, wm;
     switch (aTopic) {
     case "xpinstall-install-blocked":
       var shell = aSubject.QueryInterface(Components.interfaces.nsIDocShell);
       browser = this._getBrowser(shell);
       if (browser) {
-        var host = browser.docShell.QueryInterface(Components.interfaces.nsIWebNavigation).currentURI.host;
+        var host = aData;
         var brandShortName = brandBundle.getString("brandShortName");
         var notificationName, messageString, buttons;
         if (!gPrefService.getBoolPref("xpinstall.enabled")) {
           notificationName = "xpinstall-disabled"
           if (gPrefService.prefIsLocked("xpinstall.enabled")) {
             messageString = browserBundle.getString("xpinstallDisabledMessageLocked");
             buttons = [];
           }
@@ -688,54 +688,50 @@ const gXPInstallObserver = {
               callback: function editPrefs() {
                 gPrefService.setBoolPref("xpinstall.enabled", true);
                 return false;
               }
             }];
           }
         }
         else {
-          // XXXben - use regular software install warnings for now until we can
-          // properly differentiate themes. It's likely in fact that themes won't
-          // be blocked so this code path will only be reached for extensions.
           notificationName = "xpinstall"
           messageString = browserBundle.getFormattedString("xpinstallPromptWarning",
                                                            [brandShortName, host]);
 
           buttons = [{
             label: browserBundle.getString("xpinstallPromptWarningButton"),
             accessKey: browserBundle.getString("xpinstallPromptWarningButton.accesskey"),
             popup: null,
-            callback: function() { return xpinstallEditPermissions(shell); }
+            callback: function() { return xpinstallEditPermissions(shell, host); }
           }];
         }
 
         var notificationBox = gBrowser.getNotificationBox(browser);
         if (!notificationBox.getNotificationWithValue(notificationName)) {
           const priority = notificationBox.PRIORITY_WARNING_MEDIUM;
           const iconURL = "chrome://mozapps/skin/xpinstall/xpinstallItemGeneric.png";
           notificationBox.appendNotification(messageString, notificationName,
                                              iconURL, priority, buttons);
         }
       }
       break;
     }
   }
 };
 
-function xpinstallEditPermissions(aDocShell)
+function xpinstallEditPermissions(aDocShell, aHost)
 {
   var browser = gXPInstallObserver._getBrowser(aDocShell);
   if (browser) {
     var bundlePreferences = document.getElementById("bundle_preferences");
-    var webNav = aDocShell.QueryInterface(Components.interfaces.nsIWebNavigation);
     var params = { blockVisible   : false,
                    sessionVisible : false,
                    allowVisible   : true,
-                   prefilledHost  : webNav.currentURI.host,
+                   prefilledHost  : aHost,
                    permissionType : "install",
                    windowTitle    : bundlePreferences.getString("addons_permissions_title"),
                    introText      : bundlePreferences.getString("addonspermissionstext") };
     var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
                    .getService(Components.interfaces.nsIWindowMediator);
     var existingWindow = wm.getMostRecentWindow("Browser:Permissions");
     if (existingWindow) {
       existingWindow.initWithParams(params);
--- a/xpinstall/src/nsInstallTrigger.cpp
+++ b/xpinstall/src/nsInstallTrigger.cpp
@@ -188,28 +188,33 @@ nsInstallTrigger::HandleContent(const ch
       globalObjectOwner ? globalObjectOwner->GetScriptGlobalObject() : nsnull;
     if ( !globalObject )
         return NS_ERROR_INVALID_ARG;
 
 
     // We have what we need to start an XPInstall, now figure out if we are
     // going to honor this request based on PermissionManager settings
     PRBool enabled = PR_FALSE;
+    // Keep the host so that it can be sent to the
+    // xpinstall-install-blocked observers to display the host to be
+    // whitelisted
+    nsCAutoString host;
 
     if ( useReferrer )
     {
         // easiest and most common case: base decision on the page that
         // contained the link
         //
         // NOTE: the XPI itself may be from elsewhere; the user can decide if
         // they trust the actual source when they get the install confirmation
         // dialog. The decision we're making here is whether the triggering
         // site is one which is allowed to annoy the user with modal dialogs.
 
         enabled = AllowInstall( referringURI );
+        referringURI->GetHost(host);
     }
     else
     {
         // Now we're stumbing in the dark. In the most likely case the user
         // simply clicked on an FTP link (no referrer) and it's perfectly
         // sane to use the current window.
         //
         // On the other hand the user might be opening a non-http XPI link
@@ -236,34 +241,35 @@ nsInstallTrigger::HandleContent(const ch
         // If a trusted site hosts an install with an exploitable flaw it
         // might be possible that a malicious site would attempt to trick
         // people into installing it, hoping to turn around and exploit it.
         // This is not entirely far-fetched (it's been done with ActiveX
         // controls) and will require community policing of the default
         // trusted sites.
 
         enabled = AllowInstall( uri );
+        uri->GetHost(host);
     }
 
 
     if ( enabled )
     {
         rv = StartSoftwareUpdate( globalObject,
                                   NS_ConvertUTF8toUTF16(urispec),
                                   0,
                                   &enabled);
     }
     else
     {
         nsCOMPtr<nsPIDOMWindow> win(do_QueryInterface(globalObject));
         nsCOMPtr<nsIObserverService> os(do_GetService("@mozilla.org/observer-service;1"));
         if (os) {
             os->NotifyObservers(win->GetDocShell(),
-                                "xpinstall-install-blocked", 
-                                NS_LITERAL_STRING("install-chrome").get());
+                                "xpinstall-install-blocked",
+                                NS_ConvertUTF8toUTF16(host).get());
         }
         rv = NS_ERROR_ABORT;
     }
     
     return rv;
 }