Bug 1197791 - hide password for uri in error and web console. r=michal r=mrbkap
authorDragana Damjanovic <dd.mozilla@gmail.com>
Fri, 11 Sep 2015 08:44:00 +0200
changeset 294524 c5d35e37655161dbcbfb7002f6eddcaff2c85c80
parent 294523 dc7a86c094388f7b0294e5147f2b90f53ca0b813
child 294525 3f38aafec98d7a2c170b069eb4cec3508659334c
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmichal, mrbkap
bugs1197791
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1197791 - hide password for uri in error and web console. r=michal r=mrbkap
js/xpconnect/src/nsScriptError.cpp
netwerk/base/moz.build
netwerk/base/nsISensitiveInfoHiddenURI.idl
netwerk/base/nsStandardURL.cpp
netwerk/base/nsStandardURL.h
--- a/js/xpconnect/src/nsScriptError.cpp
+++ b/js/xpconnect/src/nsScriptError.cpp
@@ -12,16 +12,17 @@
 #include "xpcprivate.h"
 #include "jsprf.h"
 #include "MainThreadUtils.h"
 #include "mozilla/Assertions.h"
 #include "nsGlobalWindow.h"
 #include "nsPIDOMWindow.h"
 #include "nsILoadContext.h"
 #include "nsIDocShell.h"
+#include "nsISensitiveInfoHiddenURI.h"
 
 nsScriptErrorBase::nsScriptErrorBase()
     :  mMessage(),
        mSourceName(),
        mLineNumber(0),
        mSourceLine(),
        mColumnNumber(0),
        mFlags(0),
@@ -173,17 +174,36 @@ nsScriptErrorBase::InitWithWindowID(cons
                                     const nsAString& sourceLine,
                                     uint32_t lineNumber,
                                     uint32_t columnNumber,
                                     uint32_t flags,
                                     const nsACString& category,
                                     uint64_t aInnerWindowID)
 {
     mMessage.Assign(message);
-    mSourceName.Assign(sourceName);
+
+    if (!sourceName.IsEmpty()) {
+        mSourceName.Assign(sourceName);
+
+        nsCOMPtr<nsIURI> uri;
+        nsAutoCString pass;
+        if (NS_SUCCEEDED(NS_NewURI(getter_AddRefs(uri), sourceName)) &&
+            NS_SUCCEEDED(uri->GetPassword(pass)) &&
+            !pass.IsEmpty()) {
+            nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri =
+                do_QueryInterface(uri);
+
+            nsAutoCString loc;
+            if (safeUri &&
+                NS_SUCCEEDED(safeUri->GetSensitiveInfoHiddenSpec(loc))) {
+                mSourceName.Assign(NS_ConvertUTF8toUTF16(loc));
+            }
+        }
+    }
+
     mLineNumber = lineNumber;
     mSourceLine.Assign(sourceLine);
     mColumnNumber = columnNumber;
     mFlags = flags;
     mCategory = category;
     mTimeStamp = JS_Now() / 1000;
     mInnerWindowID = aInnerWindowID;
 
--- a/netwerk/base/moz.build
+++ b/netwerk/base/moz.build
@@ -94,16 +94,17 @@ XPIDL_SOURCES += [
     'nsIResponseHeadProvider.idl',
     'nsIResumableChannel.idl',
     'nsISchedulingContext.idl',
     'nsISecCheckWrapChannel.idl',
     'nsISecretDecoderRing.idl',
     'nsISecureBrowserUI.idl',
     'nsISecurityEventSink.idl',
     'nsISecurityInfoProvider.idl',
+    'nsISensitiveInfoHiddenURI.idl',
     'nsISerializationHelper.idl',
     'nsIServerSocket.idl',
     'nsISimpleStreamListener.idl',
     'nsISocketTransport.idl',
     'nsISocketTransportService.idl',
     'nsISpeculativeConnect.idl',
     'nsIStandardURL.idl',
     'nsIStreamingProtocolController.idl',
new file mode 100644
--- /dev/null
+++ b/netwerk/base/nsISensitiveInfoHiddenURI.idl
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(a5761968-6e1a-4f2d-8191-ec749602b178)]
+interface nsISensitiveInfoHiddenURI : nsISupports
+{
+  /**
+   * Returns the spec attribute with sensitive information hidden. This will
+   * only affect uri with password. The password part of uri will be
+   * transformed into "****".
+   */
+   AUTF8String getSensitiveInfoHiddenSpec();
+};
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -959,16 +959,17 @@ NS_INTERFACE_MAP_BEGIN(nsStandardURL)
     NS_INTERFACE_MAP_ENTRY(nsIURI)
     NS_INTERFACE_MAP_ENTRY(nsIURL)
     NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIFileURL, mSupportsFileURL)
     NS_INTERFACE_MAP_ENTRY(nsIStandardURL)
     NS_INTERFACE_MAP_ENTRY(nsISerializable)
     NS_INTERFACE_MAP_ENTRY(nsIClassInfo)
     NS_INTERFACE_MAP_ENTRY(nsIMutable)
     NS_INTERFACE_MAP_ENTRY(nsIIPCSerializableURI)
+    NS_INTERFACE_MAP_ENTRY(nsISensitiveInfoHiddenURI)
     // see nsStandardURL::Equals
     if (aIID.Equals(kThisImplCID))
         foundInterface = static_cast<nsIURI *>(this);
     else
     NS_INTERFACE_MAP_ENTRY(nsISizeOf)
 NS_INTERFACE_MAP_END
 
 //----------------------------------------------------------------------------
@@ -980,16 +981,27 @@ NS_IMETHODIMP
 nsStandardURL::GetSpec(nsACString &result)
 {
     result = mSpec;
     return NS_OK;
 }
 
 // result may contain unescaped UTF-8 characters
 NS_IMETHODIMP
+nsStandardURL::GetSensitiveInfoHiddenSpec(nsACString &result)
+{
+    result = mSpec;
+    if (mPassword.mLen >= 0) {
+      result.Replace(mPassword.mPos, mPassword.mLen, "****");
+    }
+    return NS_OK;
+}
+
+// result may contain unescaped UTF-8 characters
+NS_IMETHODIMP
 nsStandardURL::GetSpecIgnoringRef(nsACString &result)
 {
     // URI without ref is 0 to one char before ref
     if (mRef.mLen >= 0) {
         URLSegment noRef(0, mRef.mPos - 1);
 
         result = Segment(noRef);
     } else {
--- a/netwerk/base/nsStandardURL.h
+++ b/netwerk/base/nsStandardURL.h
@@ -15,16 +15,17 @@
 #include "nsCOMPtr.h"
 #include "nsURLHelper.h"
 #include "nsIClassInfo.h"
 #include "nsISizeOf.h"
 #include "prclist.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/MemoryReporting.h"
 #include "nsIIPCSerializableURI.h"
+#include "nsISensitiveInfoHiddenURI.h"
 
 #ifdef NS_BUILD_REFCNT_LOGGING
 #define DEBUG_DUMP_URLS_AT_SHUTDOWN
 #endif
 
 class nsIBinaryInputStream;
 class nsIBinaryOutputStream;
 class nsIIDNService;
@@ -37,30 +38,32 @@ class nsIURLParser;
 //-----------------------------------------------------------------------------
 
 class nsStandardURL : public nsIFileURL
                     , public nsIStandardURL
                     , public nsISerializable
                     , public nsIClassInfo
                     , public nsISizeOf
                     , public nsIIPCSerializableURI
+                    , public nsISensitiveInfoHiddenURI
 {
 protected:
     virtual ~nsStandardURL();
 
 public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIURI
     NS_DECL_NSIURL
     NS_DECL_NSIFILEURL
     NS_DECL_NSISTANDARDURL
     NS_DECL_NSISERIALIZABLE
     NS_DECL_NSICLASSINFO
     NS_DECL_NSIMUTABLE
     NS_DECL_NSIIPCSERIALIZABLEURI
+    NS_DECL_NSISENSITIVEINFOHIDDENURI
 
     // nsISizeOf
     virtual size_t SizeOfExcludingThis(mozilla::MallocSizeOf aMallocSizeOf) const override;
     virtual size_t SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const override;
 
     explicit nsStandardURL(bool aSupportsFileURL = false, bool aTrackURL = true);
 
     static void InitGlobalObjects();