Bug 1061136 - Assume both http:// and https:// for schemeless URIs in CAPS prefs. r=bz, a=sledru
authorBobby Holley <bobbyholley@gmail.com>
Fri, 05 Sep 2014 20:01:06 -0700
changeset 216734 e608db37bafb
parent 216733 cd04e5bf0fec
child 216735 a91c79c7e64e
push id3893
push userryanvm@gmail.com
push date2014-09-15 15:46 +0000
treeherdermozilla-beta@1c636d0e8ec1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, sledru
bugs1061136
milestone33.0
Bug 1061136 - Assume both http:// and https:// for schemeless URIs in CAPS prefs. r=bz, a=sledru
caps/nsScriptSecurityManager.cpp
caps/tests/mochitest/test_bug995943.xul
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -1341,17 +1341,25 @@ void
 nsScriptSecurityManager::AddSitesToFileURIWhitelist(const nsCString& aSiteList)
 {
     for (uint32_t base = SkipPast<IsWhitespace>(aSiteList, 0), bound = 0;
          base < aSiteList.Length();
          base = SkipPast<IsWhitespace>(aSiteList, bound))
     {
         // Grab the current site.
         bound = SkipUntil<IsWhitespace>(aSiteList, base);
-        auto site = Substring(aSiteList, base, bound - base);
+        nsAutoCString site(Substring(aSiteList, base, bound - base));
+
+        // Check if the URI is schemeless. If so, add both http and https.
+        nsAutoCString unused;
+        if (NS_FAILED(sIOService->ExtractScheme(site, unused))) {
+            AddSitesToFileURIWhitelist(NS_LITERAL_CSTRING("http://") + site);
+            AddSitesToFileURIWhitelist(NS_LITERAL_CSTRING("https://") + site);
+            continue;
+        }
 
         // Convert it to a URI and add it to our list.
         nsCOMPtr<nsIURI> uri;
         nsresult rv = NS_NewURI(getter_AddRefs(uri), site, nullptr, nullptr, sIOService);
         if (NS_SUCCEEDED(rv)) {
             mFileURIWhitelist.AppendElement(uri);
         } else {
             nsCOMPtr<nsIConsoleService> console(do_GetService("@mozilla.org/consoleservice;1"));
--- a/caps/tests/mochitest/test_bug995943.xul
+++ b/caps/tests/mochitest/test_bug995943.xul
@@ -77,21 +77,23 @@ https://bugzilla.mozilla.org/show_bug.cg
                             ['capability.policy.somepolicy.sites', 'http://example.com']]))
     .then(checkLoadFileURI.bind(null, 'http://example.com', true))
     .then(popPrefs)
     .then(checkLoadFileURI.bind(null, 'http://example.com', false))
     .then(
       pushPrefs.bind(null, [['capability.policy.policynames', ',somepolicy, someotherpolicy, '],
                             ['capability.policy.somepolicy.checkloaduri.enabled', 'allaccess'],
                             ['capability.policy.someotherpolicy.checkloaduri.enabled', 'nope'],
-                            ['capability.policy.somepolicy.sites', ' http://example.org   https://example.com'],
+                            ['capability.policy.somepolicy.sites', ' http://example.org   https://example.com test1.example.com'],
                             ['capability.policy.someotherpolicy.sites', 'http://example.net ']]))
     .then(checkLoadFileURI.bind(null, 'http://example.org', true))
     .then(checkLoadFileURI.bind(null, 'http://example.com', false))
     .then(checkLoadFileURI.bind(null, 'http://example.net', false))
+    .then(checkLoadFileURI.bind(null, 'http://test1.example.com', true))
+    .then(checkLoadFileURI.bind(null, 'https://test1.example.com', true))
     .then(pushPrefs.bind(null, [['capability.policy.someotherpolicy.checkloaduri.enabled', 'allAccess']]))
     .then(checkLoadFileURI.bind(null, 'http://example.net', true))
     .then(popPrefs)
     .then(popPrefs)
     .then(checkLoadFileURI.bind(null, 'http://example.net', false))
     .then(SimpleTest.finish.bind(SimpleTest));
 
   }