Closed
Bug 292724
Opened 19 years ago
Closed 19 years ago
Add error messages for failed origin checks
Categories
(Core Graveyard :: XForms, defect)
Core Graveyard
XForms
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: allan, Assigned: allan)
References
()
Details
Attachments
(1 file)
|
6.79 KB,
patch
|
smaug
:
review+
doronr
:
review+
|
Details | Diff | Splinter Review |
We should ReportError when CheckSameOrigin() fails for instance and submission.
|
Assignee | |
Comment 1•19 years ago
|
||
Also changes ReportBoundNode to give an error message when a node binding fails (which could very well happen when an instance fails :) )
Attachment #182482 -
Flags: review?(smaug)
|
|
Assignee | |
Updated•19 years ago
|
Attachment #182482 -
Flags: review?(doronr)
|
||
Updated•19 years ago
|
Attachment #182482 -
Flags: review?(smaug) → review+
|
||
Comment 2•19 years ago
|
||
Comment on attachment 182482 [details] [diff] [review] Patch >? .svn >? content >? dependentLibs.h >? errors.patch >? semantic.cache >? package/.svn >? package/semantic.cache >? resources/.svn >? resources/locale/.svn >? resources/locale/en-US/.svn >Index: nsXFormsControlStub.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsControlStub.cpp,v >retrieving revision 1.15 >diff -u -p -U8 -r1.15 nsXFormsControlStub.cpp >--- nsXFormsControlStub.cpp 28 Apr 2005 07:23:38 -0000 1.15 >+++ nsXFormsControlStub.cpp 3 May 2005 11:28:08 -0000 >@@ -134,26 +134,28 @@ nsXFormsControlStub::ResetBoundNode() > > nsCOMPtr<nsIModelElementPrivate> modelNode; > nsCOMPtr<nsIDOMXPathResult> result; > nsresult rv = > ProcessNodeBinding(NS_LITERAL_STRING("ref"), > nsIDOMXPathResult::FIRST_ORDERED_NODE_TYPE, > getter_AddRefs(result), > getter_AddRefs(modelNode)); >- NS_ENSURE_SUCCESS(rv, rv); >- >- if (!result) { >- return NS_OK; >- } > >- // Get context node, if any >- result->GetSingleNodeValue(getter_AddRefs(mBoundNode)); >+ if (NS_SUCCEEDED(rv)) { >+ if (result) { >+ // Get context node, if any >+ result->GetSingleNodeValue(getter_AddRefs(mBoundNode)); >+ } >+ rv = NS_OK; >+ } else { >+ nsXFormsUtils::ReportError(NS_LITERAL_STRING("controlBindError"), mElement); >+ } > >- return NS_OK; >+ return rv; > } > > /** > * @note Refresh() is always called after a Bind(), so if a control decides to > * do all the work in Refresh() this function implements a NOP Bind(). > */ > NS_IMETHODIMP > nsXFormsControlStub::Bind() >Index: nsXFormsInstanceElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsInstanceElement.cpp,v >retrieving revision 1.12 >diff -u -p -U8 -r1.12 nsXFormsInstanceElement.cpp >--- nsXFormsInstanceElement.cpp 7 Mar 2005 19:46:03 -0000 1.12 >+++ nsXFormsInstanceElement.cpp 3 May 2005 11:28:09 -0000 >@@ -178,18 +178,23 @@ nsXFormsInstanceElement::OnChannelRedire > nsresult rv = aNewChannel->GetURI(getter_AddRefs(newURI)); > NS_ENSURE_SUCCESS(rv, rv); > > NS_ENSURE_STATE(mElement); > nsCOMPtr<nsIDOMDocument> domDoc; > mElement->GetOwnerDocument(getter_AddRefs(domDoc)); > nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc)); > NS_ENSURE_STATE(doc); >- return nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), newURI) ? >- NS_OK : NS_ERROR_ABORT; >+ >+ if (!nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), newURI)) { >+ nsXFormsUtils::ReportError(NS_LITERAL_STRING("instanceLoadOrigin"), domDoc); >+ return NS_ERROR_ABORT; >+ } >+ >+ return NS_OK; > } > > // nsIStreamListener > > NS_IMETHODIMP > nsXFormsInstanceElement::OnStartRequest(nsIRequest *request, nsISupports *ctx) > { > NS_ASSERTION(mListener, "No stream listener for document!"); >@@ -396,16 +401,19 @@ nsXFormsInstanceElement::LoadExternalIns > if (docChannel) { > rv = newDoc->StartDocumentLoad(kLoadAsData, docChannel, loadGroup, nsnull, > getter_AddRefs(mListener), PR_TRUE); > if (NS_SUCCEEDED(rv)) { > docChannel->SetNotificationCallbacks(this); > rv = docChannel->AsyncOpen(this, nsnull); > } > } >+ } else { >+ nsXFormsUtils::ReportError(NS_LITERAL_STRING("instanceLoadOrigin"), >+ domDoc); > } > } > } > } > > nsCOMPtr<nsIModelElementPrivate> model = GetModel(); > if (model) { > model->InstanceLoadStarted(); >Index: nsXFormsSubmissionElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsSubmissionElement.cpp,v >retrieving revision 1.26 >diff -u -p -U8 -r1.26 nsXFormsSubmissionElement.cpp >--- nsXFormsSubmissionElement.cpp 3 May 2005 07:28:51 -0000 1.26 >+++ nsXFormsSubmissionElement.cpp 3 May 2005 11:28:09 -0000 >@@ -356,18 +356,21 @@ nsXFormsSubmissionElement::OnChannelRedi > NS_ENSURE_SUCCESS(rv, rv); > > NS_ENSURE_STATE(mElement); > nsCOMPtr<nsIDOMDocument> domDoc; > mElement->GetOwnerDocument(getter_AddRefs(domDoc)); > nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc)); > NS_ENSURE_STATE(doc); > >- if (!CheckSameOrigin(doc->GetDocumentURI(), newURI)) >+ if (!CheckSameOrigin(doc->GetDocumentURI(), newURI)) { >+ nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"), >+ mElement); > return NS_ERROR_ABORT; >+ } > > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsSubmissionElement::OnStartRequest(nsIRequest *request, nsISupports *ctx) > { > return NS_OK; >@@ -1518,18 +1521,21 @@ nsXFormsSubmissionElement::SendData(cons > ios->NewURI(uriSpec, > doc->GetDocumentCharacterSet().get(), > doc->GetDocumentURI(), > getter_AddRefs(uri)); > NS_ENSURE_STATE(uri); > > nsresult rv; > >- if (!CheckSameOrigin(doc->GetDocumentURI(), uri)) >+ if (!CheckSameOrigin(doc->GetDocumentURI(), uri)) { >+ nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"), >+ mElement); > return NS_ERROR_ABORT; >+ } > > // wrap the entire upload stream in a buffered input stream, so that > // it can be read in large chunks. > // XXX necko should probably do this (or something like this) for us. > nsCOMPtr<nsIInputStream> bufferedStream; > if (stream) > { > NS_NewBufferedInputStream(getter_AddRefs(bufferedStream), stream, 4096); >Index: resources/locale/en-US/xforms.properties >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/resources/locale/en-US/xforms.properties,v >retrieving revision 1.5 >diff -u -p -U8 -r1.5 xforms.properties >--- resources/locale/en-US/xforms.properties 3 May 2005 07:28:52 -0000 1.5 >+++ resources/locale/en-US/xforms.properties 3 May 2005 11:28:09 -0000 >@@ -6,8 +6,11 @@ mipParseError = XForms Error (5): > nodesetEvaluateError = XForms Error (6): Error evaluating nodeset expression: %S > multiMIPError = XForms Error (7): Multiply defined model item property on element > idRefError = XForms Error (8): id (%S) does not refer to a %S element > indexEvalError = XForms Error (9): Error evaluating index attribute: %S > exprParseError = XForms Error (10): Error parsing XPath expression: %S > exprEvaluateError = XForms Error (11): Error evaluating XPath expression: %S > noModelError = XForms Error (12): Could not find model for element > instanceParseError = XForms Error (13): Could not parse new instance data >+submitSendOrigin = XForms Error (14): Security check failed! Trying to submit data to a different domain than document >+instanceLoadOrigin = XForms Error (15): Security check failed! Trying to load instance data from a different domain than document >+controlBindError = XForms Error (16): Could not bind control to instance data
Attachment #182482 -
Flags: review?(doronr) → review+
|
|
Assignee | |
Comment 3•19 years ago
|
||
Checked in
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•