[tbb-commits] [tor-browser/tor-browser-60.2.1esr-8.5-1] Bug 680300 - Part 3: Make the client.navigate() not to reference the baseURL if it navigates to a view-source URL r=asuth

gk at torproject.org gk at torproject.org
Tue Oct 9 10:03:57 UTC 2018


commit d098b183150a7feb83f159ad731fc42537252863
Author: Tim Huang <tihuang at mozilla.com>
Date:   Mon Sep 24 18:22:26 2018 +0000

    Bug 680300 - Part 3: Make the client.navigate() not to reference the baseURL if it navigates to a view-source URL r=asuth
    
    The suppressing of the error NS_ERROR_UNKNOWN_PROTOCOL will break the
    web-platform-test 'windowclient-navigate.https.html' since navigating
    to an invalid view-source url through the client API won't receive
    any error due to the suppressing. So the test will time-out since it
    waits for an error.
    
    While navigating to an invalid view-source url with its inner url as
    relative, this will pass the validity check we have right now and
    do the navigation because of it takes account the baseURL while doing
    the check. The invalid view-source url will be resolved into a valid
    view-source url in the case. Fortunately, we won't encounter any issue
    in the test in the past since the docShell will block this loading
    because it's loading a view-source url inside an iframe and reports a
    NS_ERROR_UNKNOWN_PROTOCOL error. But, we should faild with a
    NS_ERROR_MALFORMED_URI error when doing the URL validity check.
    
    For addressing this, this patch makes the client.navigate to not take
    the baseURL into account if it is a view-source URL.
    
    Differential Revision: https://phabricator.services.mozilla.com/D6587
    
    --HG--
    extra : moz-landing-system : lando
---
 dom/clients/manager/ClientNavigateOpChild.cpp | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/dom/clients/manager/ClientNavigateOpChild.cpp b/dom/clients/manager/ClientNavigateOpChild.cpp
index b6a8e70b7356..1e6cc50da41d 100644
--- a/dom/clients/manager/ClientNavigateOpChild.cpp
+++ b/dom/clients/manager/ClientNavigateOpChild.cpp
@@ -15,6 +15,7 @@
 #include "nsIWebProgressListener.h"
 #include "nsNetUtil.h"
 #include "nsPIDOMWindow.h"
+#include "nsURLHelper.h"
 
 namespace mozilla {
 namespace dom {
@@ -185,8 +186,24 @@ ClientNavigateOpChild::DoNavigate(const ClientNavigateOpConstructorArgs& aArgs)
     return ref.forget();
   }
 
+  // There is an edge case for view-source url here. According to the wpt test
+  // windowclient-navigate.https.html, a view-source URL with a relative inner
+  // URL should be treated as an invalid URL. However, we will still resolve it
+  // into a valid view-source URL since the baseURL is involved while creating
+  // the URI. So, an invalid view-source URL will be treated as a valid URL
+  // in this case. To address this, we should not take the baseURL into account
+  // for the view-source URL.
+  bool shouldUseBaseURL = true;
+  nsAutoCString scheme;
+  if (NS_SUCCEEDED(net_ExtractURLScheme(aArgs.url(), scheme)) &&
+      scheme.LowerCaseEqualsLiteral("view-source")) {
+    shouldUseBaseURL = false;
+  }
+
   nsCOMPtr<nsIURI> url;
-  rv = NS_NewURI(getter_AddRefs(url), aArgs.url(), nullptr, baseURL);
+  rv = NS_NewURI(getter_AddRefs(url), aArgs.url(),
+                 nullptr, shouldUseBaseURL ? baseURL.get()
+                                           : nullptr);
   if (NS_FAILED(rv)) {
     ref = ClientOpPromise::CreateAndReject(rv, __func__);
     return ref.forget();



More information about the tbb-commits mailing list