Closed Bug 1134424 Opened 9 years ago Closed 9 years ago

[e10s] "Save Image/Audio/Video As..." in remote browser causes unsafe CPOW usage warning

Categories

(Firefox :: Menus, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
Firefox 40
Tracking Status
e10s m8+ ---
firefox40 --- fixed

People

(Reporter: Kwan, Assigned: Kwan)

References

Details

Attachments

(2 files, 1 obsolete file)

+++ This bug was initially created as a clone of Bug #1133577 +++

STR:

1) Visit a site with some images, <audio/>s, <video/>s, or <canvas/>s on it in an e10s window
2) Right-click on one of the media elements, and choose "Save Image/Audio/Video As..."

This causes some "unsafe CPOW usage" warnings in the Browser Console.

In browser/base/content/nsContextMenu.js:

  saveHelper: function(linkURL, linkText, dialogTitle, bypassCache, doc) {
[...]
    if (channel instanceof Ci.nsIHttpChannel) {
      channel.referrer = BrowserUtils.makeURIFromCPOW(doc.documentURIObject); <-- Causes CPOW warning [audio, video]
      if (channel instanceof Ci.nsIHttpChannelInternal)
        channel.forceAllowThirdPartyCookie = true;
    }

[...]

  // Save URL of the clicked upon image, video, or audio.
  saveMedia: function() {
    var doc =  this.target.ownerDocument; <-- Causes CPOW warning
    if (this.onCanvas) {
      // Bypass cache, since it's a data: URL.
      saveImageURL(this.target.toDataURL(), "canvas.png", "SaveImageTitle", <-- Causes CPOW warning [canvas]
                   true, false, BrowserUtils.makeURIFromCPOW(doc.documentURIObject), doc); <-- Causes CPOW warning [canvas]
    }
    else if (this.onImage) {
      urlSecurityCheck(this.mediaURL, this.principal);
      saveImageURL(this.mediaURL, null, "SaveImageTitle", false,
                   false, BrowserUtils.makeURIFromCPOW(doc.documentURIObject), doc); <-- Causes CPOW warning [image]
    }
    else if (this.onVideo || this.onAudio) {
      urlSecurityCheck(this.mediaURL, this.principal);
      var dialogTitle = this.onVideo ? "SaveVideoTitle" : "SaveAudioTitle";
      this.saveHelper(this.mediaURL, null, dialogTitle, false, doc);
    }
  },


in toolkit/modules/BrowserUtils.jsm

  makeURIFromCPOW: function(aCPOWURI) {
    return Services.io.newURI(aCPOWURI.spec, aCPOWURI.originCharset, null); <-- Causes CPOW warning
  },

warnings are tagged e.g. [image] if they only occur with certain element types.
Assignee: nobody → moz-ian
Status: NEW → ASSIGNED
Depends on: 1140859
Depends on: 1134391
Attached file MozReview Request: bz://1134424/Kwan (obsolete) —
/r/6985 - Bug 1134424 - Use message to safely get the dataURL of the canvas for saving
/r/7359 - Bug 1134424 - Use the existing reference to the document in nsContextMenu.saveMedia() rather than unsafely creating a new one

Pull down these commits:

hg pull -r 7ca6efe0e6d13e86e885dab531ccae97624e079c https://reviewboard-hg.mozilla.org/gecko/
Attachment #8596041 - Flags: review?(gkrizsanits)
Comment on attachment 8596041 [details]
MozReview Request: bz://1134424/Kwan

https://reviewboard.mozilla.org/r/6983/#review6251

Ship It!
Attachment #8596041 - Flags: review?(gkrizsanits) → review+
https://hg.mozilla.org/mozilla-central/rev/9c5fc44bda0b
https://hg.mozilla.org/mozilla-central/rev/5863c2d9f9ae
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 40
Attachment #8596041 - Attachment is obsolete: true
Attachment #8619518 - Flags: review+
Attachment #8619519 - Flags: review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: