Open
Bug 522319
Opened 16 years ago
Updated 3 years ago
Adding Security Exception on the "View Source" window does nothing/NoOp
Categories
(Toolkit :: View Source, defect)
Toolkit
View Source
Tracking
()
NEW
People
(Reporter: nausher81, Unassigned)
References
()
Details
Attachments
(3 files)
72.43 KB,
image/jpeg
|
Details | |
275 bytes,
text/html
|
Details | |
1.37 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build Identifier: Firefox 3.5.3 [ Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) ]
Clicking the "Add Exception" button on the "This Connection is Untrusted" page
in the "View Page Source" Window does not perform any Action.
Reproducible: Always
Steps to Reproduce:
1. View any Site with an Expired/(Or Self-Signed) Certificate and with
includes (css/js) also from a Expired (Or Self-Signed) Certificate.
2. Right Click & Select "View Page Source" from the Browser Window
3. Click on the include (https://include.nonsecuresite.com/default.css) from an Untrusted Site.
4. The "This Connection is Untrusted" page shows up.
5. Click the "Add Exception" button
Actual Results:
No Action is performed
Nothing Happens
Expected Results:
The "Confirm Add Exception" Dialog box should be shown.
Reporter | ||
Comment 1•16 years ago
|
||
Comment 2•16 years ago
|
||
I get the following error in the JS console (using a testcase that I will post next):
Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMLocation.host]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: about:certerror?e=nssBadCert&u=view-source%3Ahttps%3A//css.production.alyoung.com/default.css&c=&d=css.production.alyoung.com%20uses%20an%20invalid%20security%20certificate.%0A%0AThe%20certificate%20is%20only%20valid%20for%20the%20following%20names%3A%0A%20%20alyoung.com%20%2C%20www.alyoung.com%20%20%0A%0A%28Error%20code%3A%20ssl_error_bad_cert_domain%29%0A :: replaceWithHost :: line 114" data: no]
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20100120 Minefield/3.7a1pre (.NET CLR 3.5.30729) ID:20100120043108
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows Server 2003 → All
Hardware: x86_64 → All
Comment 3•16 years ago
|
||
Comment 4•15 years ago
|
||
The error is on line 114 in initPage()
node.textContent = location.host;
From my discussion with Gavin in IRC about this, the problem is that nsLookup cannot reconcile hosts for internal urls. So to fix this could be a little nasty.
Comment 5•15 years ago
|
||
To be specific, the issue is that nsLocation::GetURI only looks into nsIJARURIs when aGetInnermostURI is true, rather than all nsINestedURIs (e.g. view-source: URIs). That means that GetHost() throws for view-source: pages. Maybe we should just fix that - not sure if there are any security concerns with doing that, though.
![]() |
||
Comment 6•15 years ago
|
||
I can fix the issue comment 5 is about (and have, in my tree), but with that fixed I still get nothing happening when I click "Add Exception". No more error in the error console, of course. But sounds like someone else ends up with an exception and eats it or something.
I'll attach the nsLocation patch in case someone else wants to try to figure out what part of the UI is doing that.
![]() |
||
Comment 7•15 years ago
|
||
Comment 8•15 years ago
|
||
Note that bug 562433 could have affected this (though it may not have, given comment 6).
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•