Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

a few tweaks #1

Closed
wants to merge 2 commits into from

2 participants

@gavinsharp

I haven't tested this at all, I may have made a dumb mistake :)

One other thought I had: rather than comparing URI origins with a string compare, it would be more robust to compare nsIPrincipals (creating one for the whitelisted URL using getNoAppCodebasePrincipal, and comparing with the window.document.nodePrincipal of the windows being created using the relevant nsIPrincipal API). But getNoAppCodebasePrincipal changed recently, so you'd need to jump through some hoops to keep Firefox 10 compat), and maybe that's not worth it.

gavinsharp added some commits
@gavinsharp gavinsharp Update src/content/whitelistedDOMAPI.jsm
Use documentURIObject for originFromWindow, and adjust allContentWindows iterator to use the window's root docShell for enumeration (rather than enumerating all browsers separately).
647cfd1
@gavinsharp gavinsharp Update src/bootstrap.js
adjust whitelist to only cover sumo.mozilla.org over https
c4f0f51
@gavinsharp

Hrm, this should actually be:
browserWindows.getNext().QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDocShell);

to be on the safe side and not rely on xpconnect interface flattening.

@gavinsharp gavinsharp commented on the diff
src/content/whitelistedDOMAPI.jsm
((22 lines not shown))
getService(Ci.nsIWindowMediator).
getEnumerator("navigator:browser");
- while (browsers.hasMoreElements()) {
- let browserBrowsers = browsers.getNext().gBrowser.browsers;
- for (let i = 0; i < browserBrowsers.length; i++) {
- let contentWins =
- browserBrowsers[i].docShell.
- getDocShellEnumerator(Ci.nsIDocShellTreeItem.typeContent,
- Ci.nsIDocShell.ENUMERATE_FORWARDS);
- while (contentWins.hasMoreElements())
- yield contentWins.getNext().
- QueryInterface(Ci.nsIInterfaceRequestor).
- getInterface(Ci.nsIDOMWindow);
+ while (browserWindows.hasMoreElements()) {
+ let windowDocShell = browserWindows.getNext().getInterface(Ci.nsIDocShell);

Hrm, this should actually be:
browserWindows.getNext().QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDocShell);

to be on the safe side and not rely on xpconnect interface flattening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@0c0w3 0c0w3 commented on the diff
src/content/whitelistedDOMAPI.jsm
((28 lines not shown))
- browserBrowsers[i].docShell.
- getDocShellEnumerator(Ci.nsIDocShellTreeItem.typeContent,
- Ci.nsIDocShell.ENUMERATE_FORWARDS);
- while (contentWins.hasMoreElements())
- yield contentWins.getNext().
- QueryInterface(Ci.nsIInterfaceRequestor).
- getInterface(Ci.nsIDOMWindow);
+ while (browserWindows.hasMoreElements()) {
+ let windowDocShell = browserWindows.getNext().getInterface(Ci.nsIDocShell);
+ let contentWins =
+ windowDocShell.getDocShellEnumerator(Ci.nsIDocShellTreeItem.typeContent,
+ Ci.nsIDocShell.ENUMERATE_FORWARDS);
+ while (contentWins.hasMoreElements()) {
+ yield contentWins.getNext().
+ QueryInterface(Ci.nsIInterfaceRequestor).
+ getInterface(Ci.nsIDOMWindow);
@0c0w3 Owner
0c0w3 added a note

This was actually the way I first did it, but unfortunately when I tested it on older Firefoxes it didn't work. (At the moment I don't remember how many versions I had to go back to see it fail, but the first failing version was >= 10.) I didn't investigate what the problem was since I found a way that works on all versions >= 10.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@0c0w3
Owner

Nice, thanks. I don't know how to commit only a part of a pull request (re: my inline comment about your docshell change), so I went ahead and made a new patch based on this request and committed it with you as the author:

dcd3043

@0c0w3 0c0w3 closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 22, 2012
  1. @gavinsharp

    Update src/content/whitelistedDOMAPI.jsm

    gavinsharp authored
    Use documentURIObject for originFromWindow, and adjust allContentWindows iterator to use the window's root docShell for enumeration (rather than enumerating all browsers separately).
  2. @gavinsharp

    Update src/bootstrap.js

    gavinsharp authored
    adjust whitelist to only cover sumo.mozilla.org over https
This page is out of date. Refresh to see the latest.
Showing with 12 additions and 23 deletions.
  1. +0 −5 src/bootstrap.js
  2. +12 −18 src/content/whitelistedDOMAPI.jsm
View
5 src/bootstrap.js
@@ -5,12 +5,7 @@
const TroubleshootPropertyName = "mozTroubleshoot";
const WhitelistedOrigins = [
- "http://support.mozilla.org",
"https://support.mozilla.org",
- "http://input.mozilla.org",
- "https://input.mozilla.org",
- "http://www.mozilla.org",
- "https://www.mozilla.org",
];
const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
View
30 src/content/whitelistedDOMAPI.jsm
@@ -95,34 +95,28 @@ function originFromWindow(win) {
let doc = win.document;
if (!doc)
return null;
- let uriSpec = doc.documentURI;
try {
- let uri = Cc["@mozilla.org/network/io-service;1"].
- getService(Ci.nsIIOService).
- newURI(uriSpec, null, null);
- return uri.scheme + "://" + uri.hostPort;
+ return doc.documentURIObject.prePath;
}
catch (err) {
- log.debug("originFromWindow failed, uri=" + (uriSpec || "(none)"), err);
+ log.debug("originFromWindow failed, uri=" + (doc.documentURI || "(none)"), err);
}
return null;
}
function allContentWindows() {
- let browsers = Cc["@mozilla.org/appshell/window-mediator;1"].
+ let browserWindows = Cc["@mozilla.org/appshell/window-mediator;1"].
getService(Ci.nsIWindowMediator).
getEnumerator("navigator:browser");
- while (browsers.hasMoreElements()) {
- let browserBrowsers = browsers.getNext().gBrowser.browsers;
- for (let i = 0; i < browserBrowsers.length; i++) {
- let contentWins =
- browserBrowsers[i].docShell.
- getDocShellEnumerator(Ci.nsIDocShellTreeItem.typeContent,
- Ci.nsIDocShell.ENUMERATE_FORWARDS);
- while (contentWins.hasMoreElements())
- yield contentWins.getNext().
- QueryInterface(Ci.nsIInterfaceRequestor).
- getInterface(Ci.nsIDOMWindow);
+ while (browserWindows.hasMoreElements()) {
+ let windowDocShell = browserWindows.getNext().getInterface(Ci.nsIDocShell);

Hrm, this should actually be:
browserWindows.getNext().QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDocShell);

to be on the safe side and not rely on xpconnect interface flattening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ let contentWins =
+ windowDocShell.getDocShellEnumerator(Ci.nsIDocShellTreeItem.typeContent,
+ Ci.nsIDocShell.ENUMERATE_FORWARDS);
+ while (contentWins.hasMoreElements()) {
+ yield contentWins.getNext().
+ QueryInterface(Ci.nsIInterfaceRequestor).
+ getInterface(Ci.nsIDOMWindow);
@0c0w3 Owner
0c0w3 added a note

This was actually the way I first did it, but unfortunately when I tested it on older Firefoxes it didn't work. (At the moment I don't remember how many versions I had to go back to see it fail, but the first failing version was >= 10.) I didn't investigate what the problem was since I found a way that works on all versions >= 10.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
}
}
}
Something went wrong with that request. Please try again.