Bug 645699, r=robstrong
authorDave Townsend <dtownsend@oxymoronical.com>
Fri, 08 Apr 2011 09:46:59 -0700
changeset 67616 3578f5b22f6b1af5225ac390d0c8e029c8d1d279
parent 67615 2ea06ff58dbe6299d60e734c4fde05e5b9542d2f
child 67617 de57e98c7a28420b80517fc72a03f69ef45848cb
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrobstrong
bugs645699
milestone2.2a1pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 645699, r=robstrong
toolkit/mozapps/extensions/content/extensions-content.js
toolkit/mozapps/extensions/test/xpinstall/Makefile.in
toolkit/mozapps/extensions/test/xpinstall/browser_bug645699.js
toolkit/mozapps/extensions/test/xpinstall/bug645699.html
--- a/toolkit/mozapps/extensions/content/extensions-content.js
+++ b/toolkit/mozapps/extensions/content/extensions-content.js
@@ -46,16 +46,17 @@ const MSG_INSTALL_ADDONS   = "WebInstall
 const MSG_INSTALL_CALLBACK = "WebInstallerInstallCallback";
 
 var gIoService = Components.classes["@mozilla.org/network/io-service;1"]
                            .getService(Components.interfaces.nsIIOService);
 
 function createInstallTrigger(window) {
   let chromeObject = {
     window: window,
+    url: window.document.documentURIObject,
 
     __exposedProps__: {
       SKIN: "r",
       LOCALE: "r",
       CONTENT: "r",
       PACKAGE: "r",
       enabled: "r",
       updateEnabled: "r",
@@ -71,17 +72,17 @@ function createInstallTrigger(window) {
     CONTENT: Ci.amIInstallTrigger.CONTENT,
     PACKAGE: Ci.amIInstallTrigger.PACKAGE,
 
     /**
      * @see amIInstallTriggerInstaller.idl
      */
     enabled: function() {
       return sendSyncMessage(MSG_INSTALL_ENABLED, {
-        mimetype: "application/x-xpinstall", referer: this.window.location.href
+        mimetype: "application/x-xpinstall", referer: this.url.spec
       })[0];
     },
 
     /**
      * @see amIInstallTriggerInstaller.idl
      */
     updateEnabled: function() {
       return this.enabled();
@@ -92,17 +93,17 @@ function createInstallTrigger(window) {
      */
     install: function(aArgs, aCallback) {
       if (!aArgs || typeof aArgs != "object")
         throw new Error("Incorrect arguments passed to InstallTrigger.install()");
 
       var params = {
         installerId: this.installerId,
         mimetype: "application/x-xpinstall",
-        referer: this.window.location.href,
+        referer: this.url.spec,
         uris: [],
         hashes: [],
         names: [],
         icons: [],
       };
 
       for (var name in aArgs) {
         var item = aArgs[name];
@@ -158,29 +159,28 @@ function createInstallTrigger(window) {
      * this before sending URLs to the parent process.
      *
      * @param  aUrl
      *         The url to resolve.
      *
      * @return A resolved, absolute nsURI object.
      */
     resolveURL: function(aUrl) {
-      return gIoService.newURI(aUrl, null,
-                               this.window.document.documentURIObject);
+      return gIoService.newURI(aUrl, null, this.url);
     },
 
     /**
      * @see amInstallTrigger.cpp
      * TODO: When e10s lands on m-c, consider removing amInstallTrigger.cpp
      *       See bug 571166
      */
     checkLoadURIFromScript: function(aUri) {
       var secman = Cc["@mozilla.org/scriptsecuritymanager;1"].
                    getService(Ci.nsIScriptSecurityManager);
-      var principal = this.window.content.document.nodePrincipal;
+      var principal = this.window.document.nodePrincipal;
       try {
         secman.checkLoadURIWithPrincipal(principal, aUri,
           Ci.nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
         return true;
       }
       catch(e) {
         return false;
       }
@@ -237,17 +237,17 @@ InstallTriggerManager.prototype = {
 
     window.wrappedJSObject.__defineGetter__("InstallTrigger", function() {
       // We do this in a getter, so that we create these objects
       // only on demand (this is a potential concern, since
       // otherwise we might add one per iframe, and keep them
       // alive for as long as the tab is alive).
 
       delete window.wrappedJSObject.InstallTrigger;
-      var installTrigger = createInstallTrigger(window.wrappedJSObject);
+      var installTrigger = createInstallTrigger(window);
       window.wrappedJSObject.InstallTrigger = installTrigger;
       return installTrigger;
     });
   },
 
   /**
    * Adds a callback to the list of callbacks we may receive messages
    * about from the parent process. We save them here; only callback IDs
--- a/toolkit/mozapps/extensions/test/xpinstall/Makefile.in
+++ b/toolkit/mozapps/extensions/test/xpinstall/Makefile.in
@@ -92,16 +92,17 @@ include $(topsrcdir)/config/rules.mk
                  browser_httphash3.js \
                  browser_httphash4.js \
                  browser_httphash5.js \
                  browser_httphash6.js \
                  browser_badargs.js \
                  browser_badargs2.js \
                  browser_bug611242.js \
                  browser_bug638292.js \
+                 browser_bug645699.js \
                  unsigned.xpi \
                  signed.xpi \
                  signed2.xpi \
                  signed-no-o.xpi \
                  signed-no-cn.xpi \
                  signed-untrusted.xpi \
                  signed-tampered.xpi \
                  theme.xpi \
@@ -116,13 +117,14 @@ include $(topsrcdir)/config/rules.mk
                  startsoftwareupdate.html \
                  installchrome.html \
                  triggerredirect.html \
                  authRedirect.sjs \
                  cookieRedirect.sjs \
                  hashRedirect.sjs \
                  bug540558.html \
                  bug638292.html \
+                 bug645699.html \
                  redirect.sjs \
                  $(NULL)
 
 libs::	$(_BROWSER_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/browser/$(relativesrcdir)
new file mode 100644
--- /dev/null
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_bug645699.js
@@ -0,0 +1,36 @@
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through an InstallTrigger call in web
+// content. This should be blocked by the whitelist check.
+// This verifies bug 645699
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Services.perms;
+  pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION);
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "bug645699.html");
+}
+
+function allow_blocked(installInfo) {
+  is(installInfo.originatingWindow, gBrowser.contentWindow, "Install should have been triggered by the right window");
+  is(installInfo.originatingURI.spec, gBrowser.currentURI.spec, "Install should have been triggered by the right uri");
+  return false;
+}
+
+function confirm_install(window) {
+  ok(false, "Should not see the install dialog");
+  return false;
+}
+
+function finish_test(count) {
+  is(count, 0, "0 Add-ons should have been successfully installed");
+  Services.perms.remove("addons.mozilla.org", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------
new file mode 100644
--- /dev/null
+++ b/toolkit/mozapps/extensions/test/xpinstall/bug645699.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html>
+
+<head>
+<title>InstallTrigger tests</title>
+<script type="text/javascript">
+function startInstall() {
+  var whiteUrl = "https://example.org/";
+
+  Object.defineProperty(window, "location", { value : { href : whiteUrl }	});
+  Object.defineProperty(document, "documentURIObject", { spec : { href : whiteUrl }	});
+
+  InstallTrigger.install({
+    "Unsigned XPI": "http://example.com/browser/toolkit/mozapps/extensions/test/xpinstall/unsigned.xpi"
+  });
+}
+</script>
+</head>
+<body onload="startInstall()">
+<p>InstallTrigger tests</p>
+</body>
+</html>