Add error messages for failed origin checks

RESOLVED FIXED

Status

Core Graveyard
XForms
RESOLVED FIXED
13 years ago
a year ago

People

(Reporter: Allan Beaufour, Assigned: Allan Beaufour)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

6.79 KB, patch
smaug
: review+
Doron Rosenberg (IBM)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

13 years ago
We should ReportError when CheckSameOrigin() fails for instance and submission.
(Assignee)

Comment 1

13 years ago
Created attachment 182482 [details] [diff] [review]
Patch

Also changes ReportBoundNode to give an error message when a node binding fails
(which could very well happen when an instance fails :) )
Attachment #182482 - Flags: review?(smaug)
(Assignee)

Updated

13 years ago
Attachment #182482 - Flags: review?(doronr)
Attachment #182482 - Flags: review?(smaug) → review+

Comment 2

13 years ago
Comment on attachment 182482 [details] [diff] [review]
Patch

>? .svn
>? content
>? dependentLibs.h
>? errors.patch
>? semantic.cache
>? package/.svn
>? package/semantic.cache
>? resources/.svn
>? resources/locale/.svn
>? resources/locale/en-US/.svn
>Index: nsXFormsControlStub.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsControlStub.cpp,v
>retrieving revision 1.15
>diff -u -p -U8 -r1.15 nsXFormsControlStub.cpp
>--- nsXFormsControlStub.cpp	28 Apr 2005 07:23:38 -0000	1.15
>+++ nsXFormsControlStub.cpp	3 May 2005 11:28:08 -0000
>@@ -134,26 +134,28 @@ nsXFormsControlStub::ResetBoundNode()
> 
>   nsCOMPtr<nsIModelElementPrivate> modelNode;
>   nsCOMPtr<nsIDOMXPathResult> result;
>   nsresult rv =
>     ProcessNodeBinding(NS_LITERAL_STRING("ref"),
>                        nsIDOMXPathResult::FIRST_ORDERED_NODE_TYPE,
>                        getter_AddRefs(result),
>                        getter_AddRefs(modelNode));
>-  NS_ENSURE_SUCCESS(rv, rv);
>-  
>-  if (!result) {
>-    return NS_OK;
>-  }
> 
>-  // Get context node, if any  
>-  result->GetSingleNodeValue(getter_AddRefs(mBoundNode));
>+  if (NS_SUCCEEDED(rv)) {    
>+    if (result) {
>+      // Get context node, if any  
>+      result->GetSingleNodeValue(getter_AddRefs(mBoundNode));
>+    }
>+    rv = NS_OK;
>+  } else {
>+    nsXFormsUtils::ReportError(NS_LITERAL_STRING("controlBindError"), mElement);
>+  }
> 
>-  return NS_OK;
>+  return rv;
> }
> 
> /**
>  * @note Refresh() is always called after a Bind(), so if a control decides to
>  * do all the work in Refresh() this function implements a NOP Bind().
>  */
> NS_IMETHODIMP
> nsXFormsControlStub::Bind()
>Index: nsXFormsInstanceElement.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsInstanceElement.cpp,v
>retrieving revision 1.12
>diff -u -p -U8 -r1.12 nsXFormsInstanceElement.cpp
>--- nsXFormsInstanceElement.cpp	7 Mar 2005 19:46:03 -0000	1.12
>+++ nsXFormsInstanceElement.cpp	3 May 2005 11:28:09 -0000
>@@ -178,18 +178,23 @@ nsXFormsInstanceElement::OnChannelRedire
>   nsresult rv = aNewChannel->GetURI(getter_AddRefs(newURI));
>   NS_ENSURE_SUCCESS(rv, rv);
>   
>   NS_ENSURE_STATE(mElement);
>   nsCOMPtr<nsIDOMDocument> domDoc;
>   mElement->GetOwnerDocument(getter_AddRefs(domDoc));
>   nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
>   NS_ENSURE_STATE(doc);
>-  return nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), newURI) ?
>-    NS_OK : NS_ERROR_ABORT;
>+
>+  if (!nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), newURI)) {
>+    nsXFormsUtils::ReportError(NS_LITERAL_STRING("instanceLoadOrigin"), domDoc);
>+    return NS_ERROR_ABORT;
>+  }
>+
>+  return NS_OK;
> }
> 
> // nsIStreamListener
> 
> NS_IMETHODIMP
> nsXFormsInstanceElement::OnStartRequest(nsIRequest *request, nsISupports *ctx)
> {
>   NS_ASSERTION(mListener, "No stream listener for document!");
>@@ -396,16 +401,19 @@ nsXFormsInstanceElement::LoadExternalIns
>           if (docChannel) {
>             rv = newDoc->StartDocumentLoad(kLoadAsData, docChannel, loadGroup, nsnull,
>                                            getter_AddRefs(mListener), PR_TRUE);
>             if (NS_SUCCEEDED(rv)) {
>               docChannel->SetNotificationCallbacks(this);
>               rv = docChannel->AsyncOpen(this, nsnull);
>             }
>           }
>+        } else {
>+          nsXFormsUtils::ReportError(NS_LITERAL_STRING("instanceLoadOrigin"),
>+                                     domDoc);
>         }
>       }
>     }
>   }
> 
>   nsCOMPtr<nsIModelElementPrivate> model = GetModel();
>   if (model) {
>     model->InstanceLoadStarted();
>Index: nsXFormsSubmissionElement.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsSubmissionElement.cpp,v
>retrieving revision 1.26
>diff -u -p -U8 -r1.26 nsXFormsSubmissionElement.cpp
>--- nsXFormsSubmissionElement.cpp	3 May 2005 07:28:51 -0000	1.26
>+++ nsXFormsSubmissionElement.cpp	3 May 2005 11:28:09 -0000
>@@ -356,18 +356,21 @@ nsXFormsSubmissionElement::OnChannelRedi
>   NS_ENSURE_SUCCESS(rv, rv);
> 
>   NS_ENSURE_STATE(mElement);
>   nsCOMPtr<nsIDOMDocument> domDoc;
>   mElement->GetOwnerDocument(getter_AddRefs(domDoc));
>   nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
>   NS_ENSURE_STATE(doc);
> 
>-  if (!CheckSameOrigin(doc->GetDocumentURI(), newURI))
>+  if (!CheckSameOrigin(doc->GetDocumentURI(), newURI)) {
>+    nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"),
>+                               mElement);
>     return NS_ERROR_ABORT;
>+  }
> 
>   return NS_OK;
> }
> 
> NS_IMETHODIMP
> nsXFormsSubmissionElement::OnStartRequest(nsIRequest *request, nsISupports *ctx)
> {
>   return NS_OK;
>@@ -1518,18 +1521,21 @@ nsXFormsSubmissionElement::SendData(cons
>   ios->NewURI(uriSpec,
>               doc->GetDocumentCharacterSet().get(),
>               doc->GetDocumentURI(),
>               getter_AddRefs(uri));
>   NS_ENSURE_STATE(uri);
> 
>   nsresult rv;
> 
>-  if (!CheckSameOrigin(doc->GetDocumentURI(), uri))
>+  if (!CheckSameOrigin(doc->GetDocumentURI(), uri)) {
>+    nsXFormsUtils::ReportError(NS_LITERAL_STRING("submitSendOrigin"),
>+                               mElement);
>     return NS_ERROR_ABORT;
>+  }
> 
>   // wrap the entire upload stream in a buffered input stream, so that
>   // it can be read in large chunks.
>   // XXX necko should probably do this (or something like this) for us.
>   nsCOMPtr<nsIInputStream> bufferedStream;
>   if (stream)
>   {
>     NS_NewBufferedInputStream(getter_AddRefs(bufferedStream), stream, 4096);
>Index: resources/locale/en-US/xforms.properties
>===================================================================
>RCS file: /cvsroot/mozilla/extensions/xforms/resources/locale/en-US/xforms.properties,v
>retrieving revision 1.5
>diff -u -p -U8 -r1.5 xforms.properties
>--- resources/locale/en-US/xforms.properties	3 May 2005 07:28:52 -0000	1.5
>+++ resources/locale/en-US/xforms.properties	3 May 2005 11:28:09 -0000
>@@ -6,8 +6,11 @@ mipParseError        = XForms Error (5):
> nodesetEvaluateError = XForms Error (6): Error evaluating nodeset expression: %S
> multiMIPError        = XForms Error (7): Multiply defined model item property on element
> idRefError           = XForms Error (8): id (%S) does not refer to a %S element
> indexEvalError       = XForms Error (9): Error evaluating index attribute: %S
> exprParseError       = XForms Error (10): Error parsing XPath expression: %S
> exprEvaluateError    = XForms Error (11): Error evaluating XPath expression: %S
> noModelError         = XForms Error (12): Could not find model for element
> instanceParseError   = XForms Error (13): Could not parse new instance data
>+submitSendOrigin     = XForms Error (14): Security check failed! Trying to submit data to a different domain than document
>+instanceLoadOrigin   = XForms Error (15): Security check failed! Trying to load instance data from a different domain than document
>+controlBindError     = XForms Error (16): Could not bind control to instance data
Attachment #182482 - Flags: review?(doronr) → review+
(Assignee)

Comment 3

13 years ago
Checked in
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.