Closed
Bug 86486
Opened 23 years ago
Closed 22 years ago
[FIX]URL: Invalid protocols in HREF links fail silently
Categories
(Core :: Networking, defect, P2)
Core
Networking
Tracking
()
VERIFIED
FIXED
mozilla1.3alpha
People
(Reporter: gregm, Assigned: bzbarsky)
References
()
Details
(Keywords: testcase, Whiteboard: [Hixie-P0][Hixie-1.0])
Attachments
(2 files, 1 obsolete file)
237 bytes,
text/html
|
Details | |
7.86 KB,
patch
|
adamlock
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
Attached html presents a link when clicked on does nothing. No error's no response on the browser's part at all. View-Source and paste the url in the url bar will generate a popup with 'invaild protocol httpf'. Clicking should maybe produce the same? Linux build 2001061712 from the blizzard rpms.
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
Possibly a dup of 46537, if not its in the same family ;)
Greg: changed summary. This is a really good catch, b/c I'm not where I wanted to be in testing this stuff... I updated bug 46537 too, but I think we should keep them separate Gagan: since the errors come back correctly in some entry points, isn't this someone else's code talking to Necko that needs to trap the error?
Blocks: 61999
Summary: Invaild protocol's in links fail silently. → URL: Invaild protocol's in HREF links fail silently
Comment 4•23 years ago
|
||
If I do open link in new window, I get a security manager assertion: ###!!! ASSERTION: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed: '(!((rv) & 0x80000000))', file nsScriptSecurityManager.cpp, line 808 ###!!! Break: at file nsScriptSecurityManager.cpp, line 808 JavaScript error: line 0: uncaught exception: Load of httpf://www.cnn.com/ denied. This is because the call to NS_NewURI failed, and something is probably turning a CAPS failure into a security exception. mstoltz, does that sound right? I don't know if thats the same cause when just clicking on a link, though. I don't get that assertion, and don't hit the one at the bottom of CheckLoadUri either.
In nsGenericElement::TriggerLink(..) we return an error from NS_NewURI(..). We then do a CheckLoadURI(..) only if rv succeeds. proceed = securityManager->CheckLoadURI(..) Now, since "proceed" is already initialized to NS_OK, we call OnLinkClick(..) // Only pass off the click event if the script security manager // says it's ok. if (NS_SUCCEEDED(proceed)) handler->OnLinkClick(this, aVerb, absURLSpec.GetUnicode(), aTargetSpec.GetUnicode());
Assignee: neeti → jst
Component: Networking: HTTP → Layout
Updated•23 years ago
|
Target Milestone: --- → mozilla1.0
Updated•23 years ago
|
Component: Layout → Networking
Keywords: testcase
Summary: URL: Invaild protocol's in HREF links fail silently → URL: Invalid protocol's in HREF links fail silently
Comment 6•23 years ago
|
||
Well, clicking on a link which is insecure should _also_ give an error. e.g., if in a web page there is a link to about:cache, then we should report an error if the user clicks on it. See also bug 28586, which is complaining about the fact that error messages should be inline (as a web page) instead of dialogs.
Whiteboard: [Hixie-P0][Hixie-1.0]
Comment 7•23 years ago
|
||
See also bug 47617, Connection to https needs to tell user to install PSM if w/o. See also bug 84128, Need user-visible message when CheckLoadURI fails (eg, for links to file: urls).
Summary: URL: Invalid protocol's in HREF links fail silently → URL: Invalid protocols in HREF links fail silently
Comment 8•23 years ago
|
||
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Comment 10•23 years ago
|
||
Why would this need to be fixed for mozilla1.0? It doesn't break anything as long as people do the right thing, it only breaks in cases where we'd break anyway.
Comment 11•23 years ago
|
||
This should be fixed ASAP. It's a user or web manaager problem, but Mozilla should at least say that "httpf" or "zzvkjdfr" is an invalid protocol. This kind of error handling would tell the user that Mozilla is still working, but the link itself is broken.
Comment 12•23 years ago
|
||
*** Bug 112171 has been marked as a duplicate of this bug. ***
Comment 13•23 years ago
|
||
Is this bug a dupe of bug 62744?
Comment 14•23 years ago
|
||
Plat: PC --> All, OS: Linux --> All Removing URL http://tweetie.comstar.net/test.html, because it is 404.
Comment 15•23 years ago
|
||
Andrew, this is not a dup of bug 62744.
Comment 16•23 years ago
|
||
Darin, was this fixed by your checkin to bug 47617 (Connection to https needs to tell user to install PSM if w/o) ? Seems that you left the error message as generic for this purpose.
Comment 17•23 years ago
|
||
the fix for bug 47617 only handles toplevel document loads that fail with NS_ERROR_UNKNOWN_SOCKET_TYPE. that doesn't apply here.
Comment 18•23 years ago
|
||
It's fixed. I don't know when, but as of 0.9.7, at the latest, worksforme on Windows 98.
Comment 19•23 years ago
|
||
Now using 0.9.7 Build ID: 2002011003, it's broken again.
Comment 20•22 years ago
|
||
I don't know if this is covered elsewhere, but data:foo doesn't work either. (should be data:text/html,foo)
Updated•22 years ago
|
Keywords: mozilla1.0 → mozilla1.3
Updated•22 years ago
|
Target Milestone: mozilla1.0.1 → ---
Comment 21•22 years ago
|
||
data: has it's own set of bugs. please search Browser:Networking. Properly written bugs should have "data:" as start of the summary.
Assignee | ||
Comment 22•22 years ago
|
||
*** Bug 181008 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 23•22 years ago
|
||
mine
Assignee: jst → bzbarsky
Priority: -- → P2
Target Milestone: --- → mozilla1.3alpha
Assignee | ||
Comment 24•22 years ago
|
||
Assignee | ||
Updated•22 years ago
|
Attachment #106899 -
Flags: superreview?(darin)
Attachment #106899 -
Flags: review?(adamlock)
Assignee | ||
Updated•22 years ago
|
Summary: URL: Invalid protocols in HREF links fail silently → [FIX]URL: Invalid protocols in HREF links fail silently
Comment 25•22 years ago
|
||
Comment on attachment 106899 [details] [diff] [review] Move the error reporting down into DoURILoad so, you're moving the error "trap" into DoURILoad because we only care about alerting the user about errors to create a channel?1? i'm not sure i follow.
Assignee | ||
Comment 26•22 years ago
|
||
Right now we have the error trap in a few places: nsWebShell::EndPageLoad nsDocShell::IsPrintingOrPP (this one doesn't have much to do with pageload) nsDocShell::LoadURI (the version that takes a PRUnichar* uri) I'm taking this last check and moving it down so that callers of both versions of nsDocShell::LoadURI (the PRUnichar* version and the nsIURI version) as well as direct callers of nsDocShell::InternalLoad will benefit from it. I'm leaving the check for NS_ERROR_MALFORMED_URI in nsDocShell::LoadURI (PRUnichar* version) because that's the only place it's relevant. So now we report the following errors: 1) If we start with a string, we will report NS_ERROR_MALFORMED_URI as needed 2) Once we have a URI, we will report any error in attempting to create a channel (that's a recognized error as far as DisplayLoadError is concerned) 3) Once we have a channel, I suppose we could have errors in trying to open it. In fact, we have some code there to deal with port blocking (see nsDocShell::DoChannelLoad). Perhaps it would be better to put the error report around the entire call to DoURILoad in nsDocShell::InternalLoad 4) Once the channel is open, we will get state change notifications via our nsIWebProgressListener interface so we will call EndPageLoad() and its error handling. So we only need to handle errors up to the point when we have an open channel...
Assignee | ||
Comment 27•22 years ago
|
||
Attachment #106899 -
Attachment is obsolete: true
Assignee | ||
Updated•22 years ago
|
Attachment #106899 -
Flags: superreview?(darin)
Attachment #106899 -
Flags: review?(adamlock)
Assignee | ||
Updated•22 years ago
|
Attachment #106921 -
Flags: superreview?(darin)
Attachment #106921 -
Flags: review?(adamlock)
Assignee | ||
Comment 28•22 years ago
|
||
Actually, I should check the return value from the OnStartURIOpen call. Consider that fixed; it is in my local tree (using a different nsresult variable than rv so that I don't clobber rv), like so: PRBool abort = PR_FALSE; nsresult rv2 = mContentListener->OnStartURIOpen(aURI, &abort); if (NS_SUCCEEDED(rv2) && abort) { // Hey, they're handling the load for us! How convenient! return NS_OK; }
Comment 29•22 years ago
|
||
Comment on attachment 106921 [details] [diff] [review] So more like this. yeah, that makes a lot more sense to me. thanks! assuming adam is okay with this patch, sr=darin.
Attachment #106921 -
Flags: superreview?(darin) → superreview+
Comment 30•22 years ago
|
||
Comment on attachment 106899 [details] [diff] [review] Move the error reporting down into DoURILoad Shouldn't that DisplayLoadError go inside the NS_ERROR_UNKNOWN_PROTOCOL block?
Assignee | ||
Comment 31•22 years ago
|
||
Adam, did you read the last patch or the previous one? Did you read Darin's comments? The idea here is that we want to catch all errors from DoURILoad and let ReportLoadError decide whether it wants to report them.
Comment 32•22 years ago
|
||
Comment on attachment 106921 [details] [diff] [review] So more like this. Sorry, was looking at a stale copy of the bug. r=adamlock
Attachment #106921 -
Flags: review?(adamlock) → review+
Assignee | ||
Comment 33•22 years ago
|
||
All good. ;) Patch checked in; thanks for the reviews.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 34•22 years ago
|
||
VERIFIED: Mozilla 1.3a, Win 98. If anyone wants to verify for Linux and Mac before I do, click on the URL field label, and then remove the comment for the plaform you tested on...
URL: httpf:
Whiteboard: [Hixie-P0][Hixie-1.0] → [Hixie-P0][Hixie-1.0] checkmac checklinux
Assignee | ||
Comment 35•22 years ago
|
||
*** Bug 100176 has been marked as a duplicate of this bug. ***
Comment 36•22 years ago
|
||
VERIFIED: Mac OS X, Linux - Mozilla 1.3a.
Status: RESOLVED → VERIFIED
Whiteboard: [Hixie-P0][Hixie-1.0] checkmac checklinux → [Hixie-P0][Hixie-1.0]
Comment 37•20 years ago
|
||
*** Bug 140025 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•