Closed Bug 1061116 Opened 10 years ago Closed 9 years ago

The criterion of valid |src| for mozwidget

Categories

(Core Graveyard :: DOM: Apps, defect)

Product:
Core Graveyard
Component:
DOM: Apps
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox39 fixed)

Status:
RESOLVED FIXED
Milestone:
2.2 S2 (19dec)
Tracking Flags:
Tracking Status
firefox39 --- fixed

People

(Reporter: CuveeHsu, Assigned: CuveeHsu)

References

Details

(Whiteboard: [ft:conndevices])

Attachments

(1 file, 9 obsolete files)

hash/query insensitive comparison
8.21 KB, patch
CuveeHsu
: review+
Details | Diff | Splinter Review 
A |src| for mozwidget is valid only if the |src| is equal to one of |widgetPages| specified by manifest. Here we want to define the equivalence. The equivalence is perfect coincidence in bug 1005818, and we need to find out if appropriate equivalence is up to path/query/hash fragment.
I think there may be no problem that we make they perfect match on scheme, domain, and path. There are two parts: query and hash needing to defined. In some Forum/CMS/Blog apps, they may use ?p=99 to reference to another page. So, I would suggest that we keep the perfect match on the "query".

IMHO, I would suggest to discard the hash for flexibility because hash may be a link among the page.
Blocks: 1062062
I think it is useful for widget developer if widget API ignores hash tag or query string when gecko compares |widgetPages| and |src|.
Because some developer will want to use hash tag or query string to send information to widget.
Here's a scenario:
There's a device with several third-party homescreens.
Each homescreen is bound to a user profile.
Assume here's an homescreen for Andy.

While the homescreen launches an widget for Andy,
the homescreen needs a way to talk to the widget to load Andy's profile.

Since the homescreen might be an privileged app, IAC is not a general solution.

One way is using hash/query like |src=/index.html#AndysHash|, which needs to ease
comparison criterion to hash/query-insensitive instead of perfect coincidence.

Thoughts?
Flags: needinfo?(ptheriault)
Flags: needinfo?(jonas)
Flags: needinfo?(fabrice)
The manifest declaration is a whitelist only. Does it matter to us if "different" pages are mapped to the same entry in the whitelist? IE I don't think we need to match anything except the path? For exmaple the developer specifies |/user| in the manifest they they can still use <iframe mozwidget=manifestURL src="/user?id=steve#mobileview"> since the path matches. 

Whitelisting on the value of query or hash sounds fragile to me? (what if the query parameters are the same but in a different order?)
Flags: needinfo?(ptheriault)
Attached patch startsWith Comparison (obsolete) — Splinter Review 
Use startsWith comparison for hasWidgetPage check.
btw, I remove some useless dependency to datastore

without permission: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=addddb83695d
with permission: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=ab2b1d3d8072
Assignee: nobody → juhsu
Flags: needinfo?(fabrice)
Attachment #8511894 - Flags: review?(fabrice)
Comment on attachment 8511894 [details] [diff] [review]
startsWith Comparison

Review of attachment 8511894 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/apps/AppsUtils.jsm
@@ +59,5 @@
>    },
>  
>    hasWidgetPage: function(aPageURL) {
> +    var aPageURLHasPrefix = element => aPageURL.startsWith(element);
> +    return this.widgetPages.find( aPageURLHasPrefix ) !== undefined;

nits: s/var/let and no spaces around ( )

Also, this will not match potentially valid pages:
- lower/upper case mismatch in the scheme and host.
- default port.

eg, HTTP://test:80/widget should match http://test/widget

I know that doesn't work with the current version either, but let's try to improve there! (and add tests for that).
Attachment #8511894 - Flags: review?(fabrice) → review-
Okay. That's a perfect chance to make it complete.
Let's investigate if there's any potential improvement.
I have an idea to use |equalsExceptRef|[1] as a criterion since it's still a practical implementation and easy to implement. I wonder if it matters or not to make query sensitive.

[1] http://dxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsIURI.idl#234

Is that feasible?
Flags: needinfo?(fabrice)
(In reply to Junior Hsu [:juniorhsu] from comment #8)
> I have an idea to use |equalsExceptRef|[1] as a criterion since it's still a
> practical implementation and easy to implement. I wonder if it matters or
> not to make query sensitive.
> 
> [1]
> http://dxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsIURI.
> idl#234
> 
> Is that feasible?

I think we need to check without the query string. So it seems you'll have to rebuild uris from origin + path for each one and compare them.
Flags: needinfo?(fabrice)
WIP patch
1. Make hash/query insensitive.
2. And at least it passes the case in comment 6

Will modify tests.
Attachment #8511894 - Attachment is obsolete: true
Flags: needinfo?(jonas)
Attachment #8524553 - Flags: feedback?(fabrice)
Substitute for the wrong patch in comment 10
Attachment #8524553 - Attachment is obsolete: true
Attachment #8524553 - Flags: feedback?(fabrice)
Attachment #8524554 - Flags: feedback?(fabrice)
Whiteboard: [ft:conndevices]
Target Milestone: --- → 2.2 S1 (5dec)
Comment on attachment 8524554 [details] [diff] [review]
WIP: hash/query insensitive comparisonprefix

Review of attachment 8524554 [details] [diff] [review]:
-----------------------------------------------------------------

That would be nice to add unit tests for the AppsUtils.jsm function.
Attachment #8524554 - Flags: feedback?(fabrice) → feedback+
Target Milestone: 2.2 S1 (5dec) → 2.2 S2 (19dec)
Add test

Hello fabrice,
Sorry for a really long idling :(
Could I have your review?
Attachment #8524554 - Attachment is obsolete: true
Attachment #8564946 - Flags: review?(fabrice)
add more test case
Hope the test could be an Q&A for checking criterion :)
Attachment #8564946 - Attachment is obsolete: true
Attachment #8564946 - Flags: review?(fabrice)
Attachment #8564954 - Flags: review?(fabrice)
Comment on attachment 8564954 [details] [diff] [review]
hash/query insensitive comparison

Review of attachment 8564954 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/apps/AppsUtils.jsm
@@ +79,1 @@
>    },

please factor that logic out to share it with webapps.jsm. We really don't want to duplicate this rather strange code ;)
Attachment #8564954 - Flags: review?(fabrice)
refactor by comment 15
Attachment #8564954 - Attachment is obsolete: true
Attachment #8568443 - Flags: review?(fabrice)
extract the logic in test
Attachment #8568443 - Attachment is obsolete: true
Attachment #8568443 - Flags: review?(fabrice)
Attachment #8568454 - Flags: review?(fabrice)
Comment on attachment 8568454 [details] [diff] [review]
hash/query insensitive comparison

Review of attachment 8568454 [details] [diff] [review]:
-----------------------------------------------------------------

Almost there, sorry to be picky.

::: dom/apps/AppsUtils.jsm
@@ +70,5 @@
> +    return this.widgetPages.find(equalCriterion) !== undefined;
> +  },
> +
> +  // Eliminate query and hash string.
> +  getFilePath: function(aPagePath) {

move that function out of the mozIApplication object.

@@ +75,5 @@
> +    let urlParser = Cc["@mozilla.org/network/url-parser;1?auth=no"]
> +                    .getService(Ci.nsIURLParser);
> +    let uriData = [aPagePath, aPagePath.length, {}, {}, {}, {}, {}, {}];
> +    urlParser.parsePath.apply(urlParser, uriData);
> +    let [{value: pathPos}, {value: pathLen}] = uriData.slice(2,4);

nit: space between 2, and 4
Attachment #8568454 - Flags: review?(fabrice) → feedback+
(In reply to Fabrice Desré [:fabrice] from comment #18)
> Comment on attachment 8568454 [details] [diff] [review]
> hash/query insensitive comparison
> 
> Review of attachment 8568454 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> Almost there, sorry to be picky.
> 
> ::: dom/apps/AppsUtils.jsm
> @@ +70,5 @@
> > +    return this.widgetPages.find(equalCriterion) !== undefined;
> > +  },
> > +
> > +  // Eliminate query and hash string.
> > +  getFilePath: function(aPagePath) {
> 
> move that function out of the mozIApplication object.

Any suggesstion place? Since this function needs to be shared in two files, we can not make it global in one file. I guess we can expose symbol here?
https://dxr.mozilla.org/mozilla-central/source/dom/apps/AppsUtils.jsm?from=AppsUtils.jsm#32
Flags: needinfo?(fabrice)
Junior, you can just add it on the AppsUtils object.
Flags: needinfo?(fabrice)
Modify by comment 18

Try result:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=8f7ebe7e3415
Attachment #8568454 - Attachment is obsolete: true
Attachment #8572474 - Flags: review?(fabrice)
Attachment #8572474 - Flags: review?(fabrice) → review+
Try server fails since we make query-insensitive, which disobey the origin test case. Will modify the test.
One line change in file_invalidWidget_app.template.webapp for test.
Carry r+
Try result: https://treeherder.mozilla.org/#/jobs?repo=try&revision=56952b355e02
Attachment #8572474 - Attachment is obsolete: true
Attachment #8573156 - Flags: review+
Still hit the jetpack package test fail. Will investigate.
Rebase, carry r+

The jetpack error disappears after rebase, seems irrelative to the patch.

Try result: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d8810e975dfe
Attachment #8573156 - Attachment is obsolete: true
Attachment #8573847 - Flags: review+
Keywords: checkin-needed
Component: General → DOM: Apps
Product: Firefox OS → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: