Closed Bug 278773 Opened 20 years ago Closed 19 years ago

Various toolkit code incorrectly constructs URIs

Categories

(Toolkit :: Storage, defect, P2)

Product:
Toolkit
Component:
Storage
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8final

People

(Reporter: bzbarsky, Assigned: Gavin)

References

(
URL
)

Details

(Whiteboard: [sg:fix])

Attachments

(1 file, 1 obsolete file)

Revised (checked in)
15.44 KB, patch
Details | Diff | Splinter Review 
Unless you're implementing a protocol, creating an nsIURI object by
instantiating an nsStandardURL and setting the spec is almost certainly the
wrong thing to do.  This will lead to bugs for various URIs, ranging from data:
and javascript: to jar: (and we don't really want to break signed jars any more
than we have to, please).  Especially troubling, to me, are the cases where the
incorrectly-created URI object is then used in security checks.  This could
cause real issues in both directions (checks failing when they should succeed,
and the other way around).

The URL in the url field shows a number of hits for the contractid in various
tookit files.  Spot-checks show that every single case I've looked at should be
using either nsIIOService.newURI or nsIIOService.newFileURI (the latter in
toolkit/mozapps/extensions/src/nsExtensionManager.js.in, for example).

It may be that the hits under toolkit/ don't belong in the toolkit product
(since none of the components seem relevant), but I can't tell for sure, so
filing this just in case and picking a random component.
Bug 278772 is the equivalent Firefox bug.
Whiteboard: [sg;fix]
Whiteboard: [sg;fix] → [sg:fix]
Assignee: vladimir → gavin.sharp
Attached patch Patch v1 (obsolete) — Splinter Review 

        Attachment #176378 -
        Flags: second-review?(darin)

        Attachment #176378 -
        Flags: first-review?(mconnor)

    
    

    
  
Comment on attachment 176378 [details] [diff] [review]
Patch v1

>Index: toolkit/mozapps/downloads/content/downloads.js

>     for (var i = 0; i < numXPInstallItems;) {
>       // Pretty Name
>       var displayName = aParams.GetString(i++);
>       
>       // URI
>+      var uri = Components.classes["@mozilla.org/network/io-service;1"]
>+                          .getService(Components.interfaces.nsIIOService)
>+                          .newURI(aParams.GetString(i++), null, null);

I think it would be wise to move the getService call out of 
the body of the loop.  Otherwise, you are doing duplicate
work for each iteration.

looks good otherwise.  r=darin

        Attachment #176378 -
        Flags: second-review?(darin) → second-review+

    
    

    
  


  

        Attachment #176378 -
        Attachment is obsolete: true

        Attachment #176378 -
        Flags: first-review?(mconnor)
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [sg:fix] → [checkin needed] [sg:fix]

        Attachment #176403 -
        Attachment description: Revised → Revised (checked in)
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Whiteboard: [checkin needed] [sg:fix] → [sg:fix]
Target Milestone: --- → mozilla1.8final

    
  
Flags: in-testsuite-

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: