Bug 782882 - only allow sharing of http or https urls. r=jaws
authorMark Hammond <mhammond@skippinet.com.au>
Thu, 25 Oct 2012 16:44:53 +1100
changeset 111465 081340dcc074ae3c0fa90de86b7ce84b20b80318
parent 111464 c723271fec16afbb94c5916eeb9be5ba085db7a2
child 111466 689834383fbbdc3fe10e3e722be5cc328edf8707
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersjaws
bugs782882
milestone19.0a1
Bug 782882 - only allow sharing of http or https urls. r=jaws
browser/base/content/browser-social.js
browser/base/content/test/browser_social_shareButton.js
--- a/browser/base/content/browser-social.js
+++ b/browser/base/content/browser-social.js
@@ -504,21 +504,27 @@ let SocialShareButton = {
   get unsharePopup() {
     return document.getElementById("unsharePopup");
   },
 
   dismissUnsharePopup: function SSB_dismissUnsharePopup() {
     this.unsharePopup.hidePopup();
   },
 
+  canSharePage: function SSB_canSharePage(aURI) {
+    // We only allow sharing of http or https
+    return aURI && (aURI.schemeIs('http') || aURI.schemeIs('https'));
+  },
+
   updateButtonHiddenState: function SSB_updateButtonHiddenState() {
     let shareButton = this.shareButton;
     if (shareButton)
       shareButton.hidden = !Social.uiVisible || this.promptImages == null ||
-                           !SocialUI.haveLoggedInUser();
+                           !SocialUI.haveLoggedInUser() ||
+                           !this.canSharePage(gBrowser.currentURI);
   },
 
   onClick: function SSB_onClick(aEvent) {
     if (aEvent.button != 0)
       return;
 
     // Don't bubble to the textbox, to avoid unwanted selection of the address.
     aEvent.stopPropagation();
@@ -561,34 +567,38 @@ let SocialShareButton = {
 
   unsharePage: function SSB_unsharePage() {
     Social.unsharePage(gBrowser.currentURI);
     this.updateShareState();
     this.dismissUnsharePopup();
   },
 
   updateShareState: function SSB_updateShareState() {
-    let currentPageShared = Social.isPageShared(gBrowser.currentURI);
+    // we might have been called due to a location change, and the new location
+    // might change the state of "can this url be shared"
+    this.updateButtonHiddenState();
+
+    let shareButton = this.shareButton;
+    let currentPageShared = shareButton && !shareButton.hidden && Social.isPageShared(gBrowser.currentURI);
 
     // Provide a11y-friendly notification of share.
     let status = document.getElementById("share-button-status");
     if (status) {
       // XXX - this should also be capable of reflecting that the page was
       // unshared (ie, it needs to manage three-states: (1) nothing done, (2)
       // shared, (3) shared then unshared)
       // Note that we *do* have an appropriate string from the provider for
       // this (promptMessages['unsharedLabel'] but currently lack a way of
       // tracking this state)
       let statusString = currentPageShared ?
                            this.promptMessages['sharedLabel'] : "";
       status.setAttribute("value", statusString);
     }
 
     // Update the share button, if present
-    let shareButton = this.shareButton;
     if (!shareButton || shareButton.hidden)
       return;
 
     let imageURL;
     if (currentPageShared) {
       shareButton.setAttribute("shared", "true");
       shareButton.setAttribute("tooltiptext", this.promptMessages['unshareTooltip']);
       imageURL = this.promptImages["unshare"]
--- a/browser/base/content/test/browser_social_shareButton.js
+++ b/browser/base/content/test/browser_social_shareButton.js
@@ -3,18 +3,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 let prefName = "social.enabled",
     gFinishCB;
 
 function test() {
   waitForExplicitFinish();
 
-  // Need to load a non-empty page for the social share button to appear
-  let tab = gBrowser.selectedTab = gBrowser.addTab("about:", {skipAnimation: true});
+  // Need to load a http/https/ftp/ftps page for the social share button to appear
+  let tab = gBrowser.selectedTab = gBrowser.addTab("https://example.com", {skipAnimation: true});
   tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
     tab.linkedBrowser.removeEventListener("load", tabLoad, true);
     executeSoon(tabLoaded);
   }, true);
 
   registerCleanupFunction(function() {
     Services.prefs.clearUserPref(prefName);
     gBrowser.removeTab(tab);
@@ -256,22 +256,73 @@ function testStillSharedAfterReopen() {
     is(shareButton.hasAttribute("shared"), true, "Share button should reflect the share");
     gBrowser.removeTab(tab);
     // should be on the initial unshared tab now.
     is(shareButton.hasAttribute("shared"), false, "Initial tab should be selected and be unshared.");
     // now open the same URL - should be back to shared.
     tab = gBrowser.selectedTab = gBrowser.addTab(toShare, {skipAnimation: true});
     tab.linkedBrowser.addEventListener("load", function tabLoad(event) {
       tab.linkedBrowser.removeEventListener("load", tabLoad, true);
-      is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
-      SocialShareButton.unsharePage();
+      executeSoon(function() {
+        is(shareButton.hasAttribute("shared"), true, "New tab to previously shared URL should reflect shared");
+        SocialShareButton.unsharePage();
+        gBrowser.removeTab(tab);
+        executeSoon(testOnlyShareCertainUrlsTabSwitch);
+      });
+    }, true);
+  }, true);
+}
+
+function testOnlyShareCertainUrlsTabSwitch() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    let tab2 = gBrowser.selectedTab = gBrowser.addTab(notSharable);
+    let tabb2 = gBrowser.getBrowserForTab(tab2);
+    tabb2.addEventListener("load", function tabLoad(event) {
+      tabb2.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      gBrowser.selectedTab = tab;
+      ok(!shareButton.hidden, "share button re-shown when switching back to http: url");
+      gBrowser.selectedTab = tab2;
+      ok(shareButton.hidden, "share button re-hidden when switching back to about:blank");
       gBrowser.removeTab(tab);
-      executeSoon(testDisable);
+      gBrowser.removeTab(tab2);
+      executeSoon(testOnlyShareCertainUrlsSameTab);
     }, true);
   }, true);
 }
 
+function testOnlyShareCertainUrlsSameTab() {
+  let toShare = "http://example.com";
+  let notSharable = "about:blank";
+  let {shareButton} = SocialShareButton;
+  let tab = gBrowser.selectedTab = gBrowser.addTab(toShare);
+  let tabb = gBrowser.getBrowserForTab(tab);
+  tabb.addEventListener("load", function tabLoad(event) {
+    tabb.removeEventListener("load", tabLoad, true);
+    ok(!shareButton.hidden, "share button not hidden for http url");
+    tabb.addEventListener("load", function tabLoad(event) {
+      tabb.removeEventListener("load", tabLoad, true);
+      ok(shareButton.hidden, "share button hidden for about:blank");
+      tabb.addEventListener("load", function tabLoad(event) {
+        tabb.removeEventListener("load", tabLoad, true);
+        ok(!shareButton.hidden, "share button re-enabled http url");
+        gBrowser.removeTab(tab);
+        executeSoon(testDisable);
+      }, true);
+      tabb.loadURI(toShare);
+    }, true);
+    tabb.loadURI(notSharable);
+  }, true);
+}
+
 function testDisable() {
   let shareButton = SocialShareButton.shareButton;
   Services.prefs.setBoolPref(prefName, false);
   is(shareButton.hidden, true, "Share button should be hidden when pref is disabled");
   gFinishCB();
 }