Closed
Bug 792517
Opened 12 years ago
Closed 12 years ago
nsContextMenu.js save as handler creates a channel without regard for privacy status
Categories
(Firefox :: File Handling, defect)
Tracking
()
RESOLVED
FIXED
Firefox 18
People
(Reporter: jdm, Assigned: jdm)
References
Details
Attachments
(1 file, 1 obsolete file)
8.19 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
http://mxr.mozilla.org/mozilla-central/source/browser/base/content/nsContextMenu.js#1008 There's a notification callback we could hijack to return the privacy status of the original document, perhaps. Since the request isn't guaranteed to bypass the cache unless a flag is passed, it looks like this could get stored on disk and that would be bad.
Updated•12 years ago
|
Assignee: nobody → josh
tracking-firefox18:
--- → +
Assignee | ||
Comment 1•12 years ago
|
||
I want to write a test for this, but I haven't found good examples of triggering Save As yet.
Assignee | ||
Comment 2•12 years ago
|
||
Assignee | ||
Updated•12 years ago
|
Attachment #663262 -
Attachment is obsolete: true
Assignee | ||
Comment 3•12 years ago
|
||
The test needs PB cookie separation to actually test what it's supposed to test. It probably passes unconditionally without that patch applied.
Assignee | ||
Comment 4•12 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=42ebb6ed5276
Assignee | ||
Comment 5•12 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=183c629b0102 https://hg.mozilla.org/integration/mozilla-inbound/rev/71a2a9d7618e and then I realized that this hasn't been reviewed yet, so backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/5a4d66a6da20.
Assignee | ||
Updated•12 years ago
|
Attachment #666027 -
Flags: review?(ehsan)
Comment 6•12 years ago
|
||
Comment on attachment 666027 [details] [diff] [review] Make the channel created by Save As respect the privacy status of the originating document. Review of attachment 666027 [details] [diff] [review]: ----------------------------------------------------------------- r=me with the stuff below addressed. ::: browser/base/content/nsContextMenu.js @@ +1008,5 @@ > var ioService = Cc["@mozilla.org/network/io-service;1"]. > getService(Ci.nsIIOService); > var channel = ioService.newChannelFromURI(makeURI(linkURL)); > + if (channel instanceof Ci.nsIPrivateBrowsingChannel) { > + var docIsPrivate = PrivateBrowsingUtils.isWindowPrivate(doc.defaultView); Nit: let ::: browser/base/content/test/browser_save_link.js @@ +13,5 @@ > +// the first by checking the cookies that are sent. > + > +function triggerSave(aCallback) { > + var fileName; > + gBrowser.loadURI("http://mochi.test:8888/browser/browser/base/content/test/bug792517-2.html"); I'd rather you open a new tab, load the page inside it and close it when you're done to make sure that this test does not mess with the sessionhistory of the tab which might be relied on in future tests. @@ +20,5 @@ > + return; > + gBrowser.removeEventListener("pageshow", pageShown); > + > + executeSoon(function () { > + document.addEventListener("popupshown", contextMenuOpened); Nit: ditto. @@ +27,5 @@ > + EventUtils.synthesizeMouseAtCenter(link, > + { type: "contextmenu", button: 2 }, > + gBrowser.contentWindow); > + }); > + }); Nit: third argument to addEventListener. ::: browser/base/content/test/bug792517.sjs @@ +8,5 @@ > + aResponse.write("cookie-present"); > + } else { > + aResponse.setHeader("Set-Cookie", "foopy=1"); > + aResponse.write("cookie-not-present"); > + } I think you're supposed to do aResponse.finish() at some point. I'm surprised that this works!
Attachment #666027 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/cb64683950d9
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cb64683950d9
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox18:
--- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → Firefox 18
You need to log in
before you can comment on or make changes to this bug.
Description
•