Closed
Bug 323924
Opened 20 years ago
Closed 19 years ago
Call CheckLoadURI before issuing pings
Categories
(Core :: DOM: Navigation, defect, P2)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: darin.moz, Assigned: sicking)
References
Details
(Whiteboard: [blocking1.9a1+] if a ping is on by default)
Attachments
(1 file, 2 obsolete files)
|
6.49 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
Call CheckLoadURI before issuing pings
We should restrict pings as we restrict redirects.
|
Reporter | |
Updated•20 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.9alpha
|
|
||
Updated•20 years ago
|
Flags: blocking1.9a1+
|
|
||
Comment 1•20 years ago
|
||
I think it should also check with content policy (::ShouldProcess?), so content policy can selectively veto the ping.
|
|
Reporter | |
Comment 2•20 years ago
|
||
Yeah, dveditz made the same comment to me over IM. I plan to include that in the forthcoming patch.
|
|
Reporter | |
Comment 3•20 years ago
|
||
*** Bug 323959 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 4•20 years ago
|
||
My patch in bug 324642 limits pings to HTTP and HTTPS only, so that should "fix" this bug as well.
Depends on: 324642
|
||
Comment 5•20 years ago
|
||
that won't fix the content policy part of this bug.
|
|
||
Comment 6•20 years ago
|
||
Actually, we should still call CheckLoadURI... There's no reason we won't fix things so some sites can't link to others (eg via capabilities) at some point.
|
|
Reporter | |
Comment 7•20 years ago
|
||
ok
|
|
Reporter | |
Updated•20 years ago
|
Priority: -- → P2
Flags: blocking1.9+
Flags: blocking1.9a1+
Whiteboard: [blocking1.9a1+] if a ping is on by default
Assignee: darin.moz → bugmail
Status: ASSIGNED → NEW
|
Assignee | |
Comment 8•19 years ago
|
||
This should do it
Attachment #246722 -
Flags: superreview?(jst)
Attachment #246722 -
Flags: review?(jst)
|
|
Assignee | |
Comment 9•19 years ago
|
||
jst says it's ok to depend on the scriptsecuritymanager to be available.
Attachment #246722 -
Attachment is obsolete: true
Attachment #246724 -
Flags: superreview?(jst)
Attachment #246724 -
Flags: review?(jst)
Attachment #246722 -
Flags: superreview?(jst)
Attachment #246722 -
Flags: review?(jst)
|
||
Comment 10•19 years ago
|
||
Comment on attachment 246722 [details] [diff] [review]
Patch to fix
r+sr=jst
Attachment #246722 -
Flags: superreview+
Attachment #246722 -
Flags: review+
|
|
||
Updated•19 years ago
|
Attachment #246724 -
Flags: superreview?(jst)
Attachment #246724 -
Flags: superreview+
Attachment #246724 -
Flags: review?(jst)
Attachment #246724 -
Flags: review+
|
|
||
Updated•19 years ago
|
Attachment #246722 -
Flags: superreview+
Attachment #246722 -
Flags: review+
|
|
Assignee | |
Comment 11•19 years ago
|
||
Checked in
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 12•19 years ago
|
||
Ugh, missed the comments at the top of this bug, there's some more work to be done here.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 13•19 years ago
|
||
This one adds all needed checks both on initial load and on redirect.
Attachment #246724 -
Attachment is obsolete: true
Attachment #246862 -
Flags: superreview?(jst)
Attachment #246862 -
Flags: review?(jst)
|
|
||
Comment 14•19 years ago
|
||
Comment on attachment 246862 [details] [diff] [review]
This one's better
>Index: base/nsWebShell.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/docshell/base/nsWebShell.cpp,v
>retrieving revision 1.681
>diff -u -8 -p -r1.681 nsWebShell.cpp
>--- base/nsWebShell.cpp 28 Nov 2006 20:47:10 -0000 1.681
>+++ base/nsWebShell.cpp 28 Nov 2006 23:24:42 -0000
>@@ -117,16 +117,17 @@
> #include "nsCExternalHandlerService.h"
>
> #include "nsIIDNService.h"
>
> #include "nsIPrefBranch.h"
> #include "nsIPrefService.h"
> #include "nsITimer.h"
> #include "nsIScriptSecurityManager.h"
>+#include "nsContentPolicyUtils.h"
>
> #ifdef NS_DEBUG
> /**
> * Note: the log module is created during initialization which
> * means that you cannot perform logging before then.
> */
> static PRLogModuleInfo* gLogModule = PR_NewLogModule("webshell");
> #endif
>@@ -187,16 +188,60 @@ PingsEnabled(PRInt32 *maxPerLink, PRBool
> prefs->GetIntPref(PREF_PINGS_MAX_PER_LINK, maxPerLink);
> prefs->GetBoolPref(PREF_PINGS_REQUIRE_SAME_HOST, requireSameHost);
> }
> }
>
> return allow;
> }
>
>+static PRBool
- In CheckPingURI():
...
+ if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
+ return PR_FALSE;
+ }
+}
Missing return at the end of the function. Maybe just return NS_SUCCEEDED(rv) && !NS_CP_REJECTED(shouldLoad) and avoid the explicit if check?
r+sr=jst with that fixed.
Attachment #246862 -
Flags: superreview?(jst)
Attachment #246862 -
Flags: superreview+
Attachment #246862 -
Flags: review?(jst)
Attachment #246862 -
Flags: review+
|
|
Assignee | |
Comment 15•19 years ago
|
||
Checked in with that fixed
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•