Closed Bug 239580 Opened 20 years ago Closed 20 years ago

default button in script-permission dialog should be "No"

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: mkaply)

Details

(Keywords: fixed-aviary1.0, fixed1.4.3, fixed1.7)

Attachments

(2 files, 1 obsolete file)

Patch as described
6.15 KB, patch
danm.moz
: review+
dveditz
: superreview+
Details | Diff | Splinter Review
Update patch that uses upper byte.
6.62 KB, patch
danm.moz
: review+
dveditz
: superreview+
caillon
: approval1.4.3+
asa
: approval1.7+
asa
: approval1.8a1+
Details | Diff | Splinter Review 
The default button in the script-permission dialog should be "No", like it is in
the XPI dialog.
Taking. Do we want to block 1.7 for this?
Assignee: security-bugs → dveditz+bmo
Flags: blocking1.7?
Flags: blocking1.7? → blocking1.7+
yeah we should get this in, espcially if it is a one-liner.
Attached patch Switches the default to "No" (obsolete) — Splinter Review 
This, unfortunately, switches not only the default button, but also the
ordering of the buttons (a flaw in the API, i think).  So, now, NO is on the
left and YES is on the right.
Assignee: dveditz → dougt
Status: NEW → ASSIGNED
Attachment #148169 - Flags: review?(dveditz)
Attachment #148169 - Flags: approval1.7?
I don't think this is the right fix, as it sets a very bad UI precedent.

I think adding support for "defaultButton" to the prompt service is actually
pretty trivial.

I am doing it now.

I'll have a patch tomorrow.
before adding it, how about suggesting the fix?
This must've been what I saw mkaply talking about on IRC (not positive, saw this
in scroll-back and he was gone). It appears there are 8 bits left in the flags
that he was going to try to use, or maybe it was the high-bit in each button
position.
Probably a good idea :)

Looking at nsIPromptService.idl:

http://lxr.mozilla.org/seamonkey/source/embedding/components/windowwatcher/public/nsIPromptService.idl#120

There is already a buttonFlags parameter passed in to confirmEX.

It has one free bit (it could have more if changed BUTTON_TITLE_IS_STRING to be
lower)

Anyway, I was thinking of adding a new value BUTTON_IS_DEFAULT set to 128 and
then this would get passed in with the other flags.

I would add a new enum to nsIPIPromptService.idl 

http://lxr.mozilla.org/seamonkey/source/embedding/components/windowwatcher/public/nsPIPromptService.idl#54

for another int called eDefaultButton.

Then in the ConfirmEx function I would translate the new flag to eDefaultButton
which would then be queryable in commonDialog.js

In commonDialog.js, I could query this value to decide which button to focus.

currently, commonDialog.js just queries the firstbutton and focuses it - my new
code would work no matter what because if it isn't set, it would default to
position 0 (the first button) otherwise it would focus the asked for button.

How's that sound?

The biggest part of the change will actually be the switch statement in
commonDialog.js.
update for you too dan.
This is a patch exactly as I described (very low impact)

I have verified that other ConfirmEx dialogs (security for instance) behave as
they did before.
Assignee: dougt → mkaply
Attachment #148169 - Attachment is obsolete: true
Comment on attachment 148411 [details] [diff] [review]
Patch as described

sr=dveditz

(The raw hex masks in nsPromptService.cpp are ugly, use a #define or constant
to make the code clearer)
Attachment #148411 - Flags: superreview+
Attachment #148411 - Flags: review?(danm-moz)
Comment on attachment 148169 [details] [diff] [review]
Switches the default to "No"

r-, like mkaply's change better.
Attachment #148169 - Flags: review?(dveditz)
Attachment #148169 - Flags: review-
Attachment #148169 - Flags: approval1.7?
Comment on attachment 148411 [details] [diff] [review]
Patch as described

need another reviewer? Who owns this stuff anyway?
Attachment #148411 - Flags: approval1.7?
This kind of change isn't clean as you do not know if the underlying
implementation honors this flag.  New implementations will, but old
implementations won't.


old implementations will simply ignore the flag.

The API is designed such that thew flag is used when set otherwise you get the
old behavior.

using this bits seems like a very logical way to do this.
Attachment #148411 - Flags: review?(danm-moz) → review+
Doug's probably right that embedding implementations will break. The fact that
the "string" value is 127 rather than 255 is the only clue that the high bit
might be usable for something else, and it's not much of a clue. The button
values themselves aren't bit values so implementations aren't going to be
thinking of masking anything out, they're just going to do
   switch(buttonvalue) {
      case BUTTON_TITLE_OK:
and anything with the new "defaultbutton" bit set won't match.

Much like the assumption made by the mozilla implementation you had to change
from using xff as a mask to x7f, in fact. Embeddors are likely to make the same
assumtions, epecially so if they used that code as a guide to fill out their
understanding of the .idl contract.

Reclaiming the wasted bit probably too clever. Safer to change this to use the
bottom two bits of the unused high byte in the flags. Any current
nsIPrompt[Service] implementation I can imagine would be ignoring that flag byte
so adding flags there would be safer.
Patch that uses upper byte.

Much uglier :)
Comment on attachment 148853 [details] [diff] [review]
Update patch that uses upper byte.

Not much uglier, about the same as your first patch (diff the patches and see).

>+#define BUTTON_DEFAULT_MASK 0xff000000

This is asking for the same kinds of potential problems as trying to use x80 --
what if we want to use another bit up there (say, to indicate delay enabling
the buttons, bug 162020)?

#define BUTTON_DEFAULT_MASK 0x03000000

>+  switch (buttonFlags & BUTTON_DEFAULT_MASK) {
>+    case BUTTON_POS_1_DEFAULT:
>+      block->SetInt(eDefaultButton, 1);
>+      break;
>+    case BUTTON_POS_2_DEFAULT:
>+      block->SetInt(eDefaultButton, 2);
>+      break;
>+    default:
>+      block->SetInt(eDefaultButton, 0);
>+      break;
>+  }

If you called it "ugly" because of the added switch you could always do it in
one line

block->SetInt(eDefaultButton, (buttonFlags & BUTTON_DEFAULT_MASK) >> 24);

pick your ugly, I guess.

sr=dveditz if you shrink the mask
Attachment #148853 - Flags: superreview+
Attachment #148853 - Flags: review?(danm-moz)
Attachment #148853 - Flags: approval1.8a1?
Attachment #148853 - Flags: approval1.7?
Attachment #148853 - Flags: review?(danm-moz) → review+
Comment on attachment 148853 [details] [diff] [review]
Update patch that uses upper byte.

a=asa (on behalf of drivers) for checkin to 1.8a1 and 1.7
Attachment #148853 - Flags: approval1.8a1?
Attachment #148853 - Flags: approval1.8a1+
Attachment #148853 - Flags: approval1.7?
Attachment #148853 - Flags: approval1.7+
No, I think it's ugly because I thought using the spare upper bit was very
elegant because it was setting a style on each button in the upper bit :)
Attachment #148411 - Flags: approval1.7?
fixed

There probably needs to be a firefox bug for this?
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Keywords: fixed1.7
Resolution: --- → FIXED
Fix checked in on aviary branch.
Whiteboard: fixed-aviary1.0
Wouldn't Firefox use mozilla/toolkit/content/commonDialog.js? The AVIARY branch
check-in included mozilla/xpfe/global/resources/content/commonDialog.js instead.
according to mconnor, this should indeed go into the other file for Firefox, and
that still needs to happen.  should also go into Firefox trunk.
Whiteboard: fixed-aviary1.0 → needed-aviary1.0
Comment on attachment 148853 [details] [diff] [review]
Update patch that uses upper byte.

Easy backport.	a=blizzard for 1.4.3
Attachment #148853 - Flags: approval1.4.3+
/toolkit version checked in ala bug 253945, trunk and branch
Keywords: fixed-aviary1.0
Whiteboard: needed-aviary1.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: