Bug 613568: InstallTrigger.install accepts null as a URL and attempts to download the current page as an extension. r=robstrong, a=blocks-beta9
authorDave Townsend <dtownsend@oxymoronical.com>
Wed, 24 Nov 2010 12:10:46 -0800
changeset 58186 d744f676a7583c67f842773935158ba331f30a92
parent 58185 f17e290f4e4f97cad3ddbbceeef6482541dbe9ae
child 58187 a0c57346cb22fb2f1b78a0c5f8fdfb98ca498f03
push id1
push usershaver@mozilla.com
push dateTue, 04 Jan 2011 17:58:04 +0000
reviewersrobstrong, blocks-beta9
bugs613568
milestone2.0b8pre
Bug 613568: InstallTrigger.install accepts null as a URL and attempts to download the current page as an extension. r=robstrong, a=blocks-beta9
toolkit/mozapps/extensions/content/extensions-content.js
toolkit/mozapps/extensions/test/xpinstall/Makefile.in
toolkit/mozapps/extensions/test/xpinstall/browser_badargs2.js
--- a/toolkit/mozapps/extensions/content/extensions-content.js
+++ b/toolkit/mozapps/extensions/content/extensions-content.js
@@ -105,27 +105,27 @@ InstallTrigger.prototype = {
       names: [],
       icons: [],
     };
 
     for (var name in aArgs) {
       var item = aArgs[name];
       if (typeof item === 'string') {
         item = { URL: item };
-      } else if (!("URL" in item)) {
+      } else if (!("URL" in item) || item.URL === undefined) {
         throw new Error("Missing URL property for '" + name + "'");
       }
 
       // Resolve and validate urls
       var url = this.resolveURL(item.URL);
       if (!this.checkLoadURIFromScript(url))
         throw new Error("insufficient permissions to install: " + url);
 
       var iconUrl = null;
-      if ("IconURL" in item) {
+      if ("IconURL" in item && item.IconURL !== undefined) {
         iconUrl = this.resolveURL(item.IconURL);
         if (!this.checkLoadURIFromScript(iconUrl)) {
           iconUrl = null; // If page can't load the icon, just ignore it
         }
       }
       params.uris.push(url.spec);
       params.hashes.push("Hash" in item ? item.Hash : null);
       params.names.push(name);
--- a/toolkit/mozapps/extensions/test/xpinstall/Makefile.in
+++ b/toolkit/mozapps/extensions/test/xpinstall/Makefile.in
@@ -89,16 +89,17 @@ include $(topsrcdir)/config/rules.mk
                  browser_trigger_redirect.js \
                  browser_httphash.js \
                  browser_httphash2.js \
                  browser_httphash3.js \
                  browser_httphash4.js \
                  browser_httphash5.js \
                  browser_httphash6.js \
                  browser_badargs.js \
+                 browser_badargs2.js \
                  unsigned.xpi \
                  signed.xpi \
                  signed2.xpi \
                  signed-no-o.xpi \
                  signed-no-cn.xpi \
                  signed-untrusted.xpi \
                  signed-tampered.xpi \
                  theme.xpi \
new file mode 100644
--- /dev/null
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_badargs2.js
@@ -0,0 +1,27 @@
+// ----------------------------------------------------------------------------
+// Test whether passing an undefined url InstallTrigger.install throws an
+// exception
+function test() {
+  waitForExplicitFinish();
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": {
+      URL: undefined
+    }
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.selectedBrowser.addEventListener("load", function() {
+    gBrowser.selectedBrowser.removeEventListener("load", arguments.callee, true);
+    // Allow the in-page load handler to run first
+    executeSoon(page_loaded);
+  }, true);
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function page_loaded() {
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("return").textContent, "exception", "installTrigger should have failed");
+  gBrowser.removeCurrentTab();
+  finish();
+}
+// ----------------------------------------------------------------------------