Closed Bug 86486 Opened 24 years ago Closed 22 years ago

[FIX]URL: Invalid protocols in HREF links fail silently

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.3alpha

People

(Reporter: gregm, Assigned: bzbarsky)

References

(
URL
)

Details

(Keywords: testcase, Whiteboard: [Hixie-P0][Hixie-1.0])

Attachments

(2 files, 1 obsolete file)

Simple test case
237 bytes, text/html
Details
So more like this.
7.86 KB, patch
adamlock
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
Attached html presents a link when clicked on does nothing. No error's no response on the browser's part at all. View-Source and paste the url in the url bar will generate a popup with 'invaild protocol httpf'. Clicking should maybe produce the same? Linux build 2001061712 from the blizzard rpms.
Attached file Simple test case
Possibly a dup of 46537, if not its in the same family ;)
Greg: changed summary. This is a really good catch, b/c I'm not where I wanted to be in testing this stuff... I updated bug 46537 too, but I think we should keep them separate Gagan: since the errors come back correctly in some entry points, isn't this someone else's code talking to Necko that needs to trap the error?
Blocks: 61999
Summary: Invaild protocol's in links fail silently. → URL: Invaild protocol's in HREF links fail silently
If I do open link in new window, I get a security manager assertion: ###!!! ASSERTION: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed: '(!((rv) & 0x80000000))', file nsScriptSecurityManager.cpp, line 808 ###!!! Break: at file nsScriptSecurityManager.cpp, line 808 JavaScript error: line 0: uncaught exception: Load of httpf://www.cnn.com/ denied. This is because the call to NS_NewURI failed, and something is probably turning a CAPS failure into a security exception. mstoltz, does that sound right? I don't know if thats the same cause when just clicking on a link, though. I don't get that assertion, and don't hit the one at the bottom of CheckLoadUri either.
In nsGenericElement::TriggerLink(..) we return an error from NS_NewURI(..). We then do a CheckLoadURI(..) only if rv succeeds. proceed = securityManager->CheckLoadURI(..) Now, since "proceed" is already initialized to NS_OK, we call OnLinkClick(..) // Only pass off the click event if the script security manager // says it's ok. if (NS_SUCCEEDED(proceed)) handler->OnLinkClick(this, aVerb, absURLSpec.GetUnicode(), aTargetSpec.GetUnicode());
Assignee: neeti → jst
Component: Networking: HTTP → Layout
Target Milestone: --- → mozilla1.0
Component: Layout → Networking
Keywords: testcase
Summary: URL: Invaild protocol's in HREF links fail silently → URL: Invalid protocol's in HREF links fail silently
Well, clicking on a link which is insecure should _also_ give an error. e.g., if in a web page there is a link to about:cache, then we should report an error if the user clicks on it. See also bug 28586, which is complaining about the fact that error messages should be inline (as a web page) instead of dialogs.
Whiteboard: [Hixie-P0][Hixie-1.0]
See also bug 47617, Connection to https needs to tell user to install PSM if w/o. See also bug 84128, Need user-visible message when CheckLoadURI fails (eg, for links to file: urls).
Summary: URL: Invalid protocol's in HREF links fail silently → URL: Invalid protocols in HREF links fail silently
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
+mozilla1.0 - please bring this back to 1.0
Keywords: mozilla1.0
Why would this need to be fixed for mozilla1.0? It doesn't break anything as long as people do the right thing, it only breaks in cases where we'd break anyway.
This should be fixed ASAP. It's a user or web manaager problem, but Mozilla should at least say that "httpf" or "zzvkjdfr" is an invalid protocol. This kind of error handling would tell the user that Mozilla is still working, but the link itself is broken.
*** Bug 112171 has been marked as a duplicate of this bug. ***
Is this bug a dupe of bug 62744?
Plat: PC --> All, OS: Linux --> All Removing URL http://tweetie.comstar.net/test.html, because it is 404.
URL: http://tweetie.comstar.net/test.html
OS: Linux → All
Hardware: PC → All
Andrew, this is not a dup of bug 62744.
Darin, was this fixed by your checkin to bug 47617 (Connection to https needs to tell user to install PSM if w/o) ? Seems that you left the error message as generic for this purpose.
the fix for bug 47617 only handles toplevel document loads that fail with NS_ERROR_UNKNOWN_SOCKET_TYPE. that doesn't apply here.
It's fixed. I don't know when, but as of 0.9.7, at the latest, worksforme on Windows 98.
Now using 0.9.7 Build ID: 2002011003, it's broken again.
I don't know if this is covered elsewhere, but data:foo doesn't work either. (should be data:text/html,foo)
Keywords: mozilla1.0mozilla1.3
Target Milestone: mozilla1.0.1 → ---
data: has it's own set of bugs. please search Browser:Networking. Properly written bugs should have "data:" as start of the summary.
*** Bug 181008 has been marked as a duplicate of this bug. ***
mine
Assignee: jst → bzbarsky
Priority: -- → P2
Target Milestone: --- → mozilla1.3alpha
Attachment #106899 - Flags: superreview?(darin)
Attachment #106899 - Flags: review?(adamlock)
Summary: URL: Invalid protocols in HREF links fail silently → [FIX]URL: Invalid protocols in HREF links fail silently
Comment on attachment 106899 [details] [diff] [review] Move the error reporting down into DoURILoad so, you're moving the error "trap" into DoURILoad because we only care about alerting the user about errors to create a channel?1? i'm not sure i follow.
Right now we have the error trap in a few places: nsWebShell::EndPageLoad nsDocShell::IsPrintingOrPP (this one doesn't have much to do with pageload) nsDocShell::LoadURI (the version that takes a PRUnichar* uri) I'm taking this last check and moving it down so that callers of both versions of nsDocShell::LoadURI (the PRUnichar* version and the nsIURI version) as well as direct callers of nsDocShell::InternalLoad will benefit from it. I'm leaving the check for NS_ERROR_MALFORMED_URI in nsDocShell::LoadURI (PRUnichar* version) because that's the only place it's relevant. So now we report the following errors: 1) If we start with a string, we will report NS_ERROR_MALFORMED_URI as needed 2) Once we have a URI, we will report any error in attempting to create a channel (that's a recognized error as far as DisplayLoadError is concerned) 3) Once we have a channel, I suppose we could have errors in trying to open it. In fact, we have some code there to deal with port blocking (see nsDocShell::DoChannelLoad). Perhaps it would be better to put the error report around the entire call to DoURILoad in nsDocShell::InternalLoad 4) Once the channel is open, we will get state change notifications via our nsIWebProgressListener interface so we will call EndPageLoad() and its error handling. So we only need to handle errors up to the point when we have an open channel...
Attachment #106899 - Attachment is obsolete: true
Attachment #106899 - Flags: superreview?(darin)
Attachment #106899 - Flags: review?(adamlock)
Attachment #106921 - Flags: superreview?(darin)
Attachment #106921 - Flags: review?(adamlock)
Actually, I should check the return value from the OnStartURIOpen call. Consider that fixed; it is in my local tree (using a different nsresult variable than rv so that I don't clobber rv), like so: PRBool abort = PR_FALSE; nsresult rv2 = mContentListener->OnStartURIOpen(aURI, &abort); if (NS_SUCCEEDED(rv2) && abort) { // Hey, they're handling the load for us! How convenient! return NS_OK; }
Comment on attachment 106921 [details] [diff] [review] So more like this. yeah, that makes a lot more sense to me. thanks! assuming adam is okay with this patch, sr=darin.
Attachment #106921 - Flags: superreview?(darin) → superreview+
Comment on attachment 106899 [details] [diff] [review] Move the error reporting down into DoURILoad Shouldn't that DisplayLoadError go inside the NS_ERROR_UNKNOWN_PROTOCOL block?
Adam, did you read the last patch or the previous one? Did you read Darin's comments? The idea here is that we want to catch all errors from DoURILoad and let ReportLoadError decide whether it wants to report them.
Comment on attachment 106921 [details] [diff] [review] So more like this. Sorry, was looking at a stale copy of the bug. r=adamlock
Attachment #106921 - Flags: review?(adamlock) → review+
All good. ;) Patch checked in; thanks for the reviews.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Blocks: 147414
VERIFIED: Mozilla 1.3a, Win 98. If anyone wants to verify for Linux and Mac before I do, click on the URL field label, and then remove the comment for the plaform you tested on...
URL: httpf:
Whiteboard: [Hixie-P0][Hixie-1.0] → [Hixie-P0][Hixie-1.0] checkmac checklinux
*** Bug 100176 has been marked as a duplicate of this bug. ***
VERIFIED: Mac OS X, Linux - Mozilla 1.3a.
Status: RESOLVED → VERIFIED
Whiteboard: [Hixie-P0][Hixie-1.0] checkmac checklinux → [Hixie-P0][Hixie-1.0]
*** Bug 140025 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: