Closed Bug 618311 Opened 14 years ago Closed 13 years ago

Inspect Network Request window persists on close of Web Console - PB data leak

Categories

(DevTools :: General, defect)

Product:
DevTools
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking2.0 .x+)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- .x+

People

(Reporter: aaronmt, Assigned: msucan)

References

Details

(Keywords: privacy, Whiteboard: [console-1])

Attachments

(1 file, 2 obsolete files)

[in-devtools] rebased patch
17.19 KB, patch
Details | Diff | Splinter Review 
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8pre) Gecko/20101210 Firefox/4.0b8pre

Currently, the inspect network request window will persist on close of the web console -- which is triggered automatically by an enter/exit of PB mode. Thus some may consider a data leak[1], such as q=christmas%20gifts

[1] http://clients1.google.ca/complete/search?&q=christmas%20gift

As far as I think, keeping the window open is for debugging purposes, as well it is a pretty bizarre edge case. Ehsan, would you consider this a data leak for PB mode?

1. Enter PB mode
2. Go to google.com and open the web console
3. Enter a search term, "Christmas gifts"
4. Click on a query request. The inspect network request window should open.
5. Exit PB mode

ER: Inspect network request window should close
(In reply to comment #0)
> As far as I think, keeping the window open is for debugging purposes, as well
> it is a pretty bizarre edge case. Ehsan, would you consider this a data leak
> for PB mode?

Yes, for sure!

We have similar code for page info windows <http://mxr.mozilla.org/mozilla-central/source/browser/components/privatebrowsing/src/nsPrivateBrowsingService.js#393>.  David, do you know what windowtype I should use to catch the inspector panels?
adding this as a dependent to bug 602199
blocking2.0: --- → ?
Depends on: 602199
OS: Mac OS X → All
Hardware: x86 → All
blocking2.0: ? → final+
Keywords: privacy
Summary: Inspect Network Request window persists on close of Web Console - PB data leak? → Inspect Network Request window persists on close of Web Console - PB data leak
Blocks: devtools4
Also worth noting is that i bet the object inspector does the same thing.
Notes from the Grand Retriage: I'd like to see it fixed, but it doesn't block.
blocking2.0: final+ → .x
Attached patch proposed fix (obsolete) — Splinter Review 
Proposed fix. This makes panels opened by a specific Web Console to close automatically when the Web Console is closed. This does not only fix issues with Private Browsing, but also with stale panels staying open after their Web Console (or tab) is closed.

I know this is scheduled for a .x release, but I think it would be a nice piece of Web Console polish to have it for Fx4, given sufficient feedback/review resources. Thanks!
Assignee: nobody → mihai.sucan
Status: NEW → ASSIGNED
Attachment #510347 - Flags: feedback?(rcampbell)
Whiteboard: [Web-Console-Testday] → [Web-Console-Testday][patchclean:0207]
Comment on attachment 510347 [details] [diff] [review]
proposed fix

this seems reasonable enough.
Attachment #510347 - Flags: feedback?(rcampbell) → feedback+
Comment on attachment 510347 [details] [diff] [review]
proposed fix

Thanks for the feedback+! Asking for review.
Attachment #510347 - Flags: review?(sdwilsh)
Can you please extend the test to cover private browsing mode switch as well?
Attached patch updated patch (obsolete) — Splinter Review 
Added a test for private browsing as well, as requested by Ehsan.
Attachment #510347 - Attachment is obsolete: true
Attachment #510591 - Flags: review?(sdwilsh)
Attachment #510347 - Flags: review?(sdwilsh)
Comment on attachment 510591 [details] [diff] [review]
updated patch

>+++ b/toolkit/components/console/hudservice/HUDService.jsm
>+++ b/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_618311_close_panels.js
>@@ -0,0 +1,93 @@
>+/*
>+ * Any copyright is dedicated to the Public Domain.
>+ * http://creativecommons.org/publicdomain/zero/1.0/
>+ *
>+ * Contributor(s):
>+ *   Mihai Èucan <mihai.sucan@gmail.com>
>+ */
global-nit: should just be https://www.mozilla.org/MPL/boilerplate-1.1/pd-c

r=sdwilsh
Attachment #510591 - Flags: review?(sdwilsh) → review+
Thanks for the review+ Shawn!
Whiteboard: [Web-Console-Testday][patchclean:0207] → [Web-Console-Testday][patchclean:0207][checkin][next-release]
Whiteboard: [Web-Console-Testday][patchclean:0207][checkin][next-release] → [Web-Console-Testday][patchclean:0207][checkin][next-release] [console-1]
Ready to land (mozilla-central, default branch).
Attachment #510591 - Attachment is obsolete: true
Whiteboard: [Web-Console-Testday][patchclean:0207][checkin][next-release] [console-1] → [Web-Console-Testday][patchclean:0323][checkin][console-1]
Whiteboard: [Web-Console-Testday][patchclean:0323][checkin][console-1] → [Web-Console-Testday][patchclean:0323][merge-m-c][console-1]
Comment on attachment 521232 [details] [diff] [review]
[in-devtools] rebased patch

checked into devtools:

http://hg.mozilla.org/projects/devtools/rev/79f09037701d
Attachment #521232 - Attachment description: rebased patch → [in-devtools] rebased patch
Whiteboard: [Web-Console-Testday][patchclean:0323][merge-m-c][console-1] → [console-1][merge-m-c]
http://hg.mozilla.org/mozilla-central/rev/79f09037701d
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [console-1][merge-m-c] → [console-1]
Verified on:
Build identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.2a1pre) Gecko/20110403 Firefox/4.2a1pre
Status: RESOLVED → VERIFIED
Depends on: 676696
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: