Open Bug 522319 Opened 16 years ago Updated 3 years ago

Adding Security Exception on the "View Source" window does nothing/NoOp

Categories

(Toolkit :: View Source, defect)

defect

Tracking

()

People

(Reporter: nausher81, Unassigned)

References

()

Details

Attachments

(3 files)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) Build Identifier: Firefox 3.5.3 [ Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) ] Clicking the "Add Exception" button on the "This Connection is Untrusted" page in the "View Page Source" Window does not perform any Action. Reproducible: Always Steps to Reproduce: 1. View any Site with an Expired/(Or Self-Signed) Certificate and with includes (css/js) also from a Expired (Or Self-Signed) Certificate. 2. Right Click & Select "View Page Source" from the Browser Window 3. Click on the include (https://include.nonsecuresite.com/default.css) from an Untrusted Site. 4. The "This Connection is Untrusted" page shows up. 5. Click the "Add Exception" button Actual Results: No Action is performed Nothing Happens Expected Results: The "Confirm Add Exception" Dialog box should be shown.
I get the following error in the JS console (using a testcase that I will post next): Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMLocation.host]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: about:certerror?e=nssBadCert&u=view-source%3Ahttps%3A//css.production.alyoung.com/default.css&c=&d=css.production.alyoung.com%20uses%20an%20invalid%20security%20certificate.%0A%0AThe%20certificate%20is%20only%20valid%20for%20the%20following%20names%3A%0A%20%20alyoung.com%20%2C%20www.alyoung.com%20%20%0A%0A%28Error%20code%3A%20ssl_error_bad_cert_domain%29%0A :: replaceWithHost :: line 114" data: no] Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20100120 Minefield/3.7a1pre (.NET CLR 3.5.30729) ID:20100120043108
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows Server 2003 → All
Hardware: x86_64 → All
Attached file Testcase
The error is on line 114 in initPage() node.textContent = location.host; From my discussion with Gavin in IRC about this, the problem is that nsLookup cannot reconcile hosts for internal urls. So to fix this could be a little nasty.
To be specific, the issue is that nsLocation::GetURI only looks into nsIJARURIs when aGetInnermostURI is true, rather than all nsINestedURIs (e.g. view-source: URIs). That means that GetHost() throws for view-source: pages. Maybe we should just fix that - not sure if there are any security concerns with doing that, though.
I can fix the issue comment 5 is about (and have, in my tree), but with that fixed I still get nothing happening when I click "Add Exception". No more error in the error console, of course. But sounds like someone else ends up with an exception and eats it or something. I'll attach the nsLocation patch in case someone else wants to try to figure out what part of the UI is doing that.
Note that bug 562433 could have affected this (though it may not have, given comment 6).
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: