Closed
Bug 1321868
Opened 8 years ago
Closed 8 years ago
Add an API to nsIDocument to determine whether a script is on the tracking protection list
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla53
Tracking | Status | |
---|---|---|
firefox53 | --- | fixed |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
Attachments
(1 file)
(deleted),
patch
|
bkelly
:
review+
|
Details | Diff | Splinter Review |
In order to be able to put timeouts in the correct bucket as soon as
they are scheduled, we need to be able to synchronously tell whether a
timeout is coming from a script that is on the tracking protection list.
But the URL Classifier API which we use for this task is asynchronous.
Because of this, and to avoid unnecessary IPC from the content to the
parent process every time we need to know where a script came from, we
cache this information in nsIDocument. The hash table mTrackingScripts
will have one entry per script loaded in the document which is on the
tracking protection list.
For performance reasons, we coalesce querying whether a script source
URL is on the tracking protection list with the load of the script from
the network. In most cases we'll have the response from the URL
Classifier service before the script load is finished, but on the off
chance that the load finishes first, we wait before finishing the script
load to get the response from the URL Classifier service.
Assignee | ||
Comment 1•8 years ago
|
||
Attachment #8816533 -
Flags: review?(bkelly)
Comment 2•8 years ago
|
||
Comment on attachment 8816533 [details] [diff] [review]
Add an API to nsIDocument to determine whether a script is on the tracking protection list
Review of attachment 8816533 [details] [diff] [review]:
-----------------------------------------------------------------
Looks reasonable. r=me with comments addressed.
Does this mean we always do two classification lookups for scripts now? One for our normal malware/phishing/tacking protection and now one here? Seems a possible future optimization would be to make the existing classification lookup mark the channel if it sees a tracking script even its only blocking malware/phishing (tp is disabled). That would avoid the need to perform two lookups.
::: dom/base/nsIDocument.h
@@ +2876,5 @@
> CreateEventTarget(const char* aName,
> mozilla::dom::TaskCategory aCategory) override;
>
> + void NoteScriptTrackingStatus(const nsACString& aURL, bool isTracking);
> + bool IsScriptTracking(const nsACString& aURL) const;
Please add comments that these are the original URLs and not the final URLs. They don't take into account any redirects that may have taken place.
I believe this is the case because:
https://dxr.mozilla.org/mozilla-central/source/dom/base/nsScriptLoader.cpp#2086
Is this what you intended? I guess it depends on what will be calling IsScriptTracking(). We should probably make sure there is a test that redirects.
Also, you should probably note that they are fully resolved URLS. Or can we just use nsIURI to avoid confusion?
::: dom/base/nsScriptLoader.cpp
@@ +2854,5 @@
> + BasePrincipal::CreateCodebasePrincipal(mRequest->mURI, attrs);
> + NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
> +
> + bool expectCallback = false;
> + uriClassifier->Classify(prin, true, this, &expectCallback);
Can you add comment describing what the "true" is here? I guess it means tracking protection.
::: dom/base/nsScriptLoader.h
@@ +706,5 @@
> // SRI data verifier.
> nsAutoPtr<mozilla::dom::SRICheckDataVerifier> mSRIDataVerifier;
>
> + // Status of the channel load.
> + nsresult mChannelStatus;
Since you are passing the entire channel now it seems that you don't need to track and pass the status separately.
Attachment #8816533 -
Flags: review?(bkelly) → review+
Assignee | ||
Comment 3•8 years ago
|
||
(In reply to Ben Kelly [:bkelly] from comment #2)
> Does this mean we always do two classification lookups for scripts now? One
> for our normal malware/phishing/tacking protection and now one here? Seems
> a possible future optimization would be to make the existing classification
> lookup mark the channel if it sees a tracking script even its only blocking
> malware/phishing (tp is disabled). That would avoid the need to perform two
> lookups.
Filed bug 1321874 for this.
> ::: dom/base/nsIDocument.h
> @@ +2876,5 @@
> > CreateEventTarget(const char* aName,
> > mozilla::dom::TaskCategory aCategory) override;
> >
> > + void NoteScriptTrackingStatus(const nsACString& aURL, bool isTracking);
> > + bool IsScriptTracking(const nsACString& aURL) const;
>
> Please add comments that these are the original URLs and not the final URLs.
> They don't take into account any redirects that may have taken place.
>
> I believe this is the case because:
>
> https://dxr.mozilla.org/mozilla-central/source/dom/base/nsScriptLoader.
> cpp#2086
>
> Is this what you intended? I guess it depends on what will be calling
> IsScriptTracking(). We should probably make sure there is a test that
> redirects.
Yes, this is what I intended. The thing that matters here isn't the pre vs post redirect URL, it's the specific URL we pass to SpiderMonkey, because we ultimately need to match it against what JS::DescribeScriptedCaller() returns. I will document this.
> Also, you should probably note that they are fully resolved URLS. Or can we
> just use nsIURI to avoid confusion?
Since the thing we have on both ends is a string, going to an nsIURI and then back to a string seems pointless. In practice we only ever call this on what JS::DescribeScriptedCaller() will return.
> ::: dom/base/nsScriptLoader.cpp
> @@ +2854,5 @@
> > + BasePrincipal::CreateCodebasePrincipal(mRequest->mURI, attrs);
> > + NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
> > +
> > + bool expectCallback = false;
> > + uriClassifier->Classify(prin, true, this, &expectCallback);
>
> Can you add comment describing what the "true" is here? I guess it means
> tracking protection.
>
> ::: dom/base/nsScriptLoader.h
> @@ +706,5 @@
> > // SRI data verifier.
> > nsAutoPtr<mozilla::dom::SRICheckDataVerifier> mSRIDataVerifier;
> >
> > + // Status of the channel load.
> > + nsresult mChannelStatus;
>
> Since you are passing the entire channel now it seems that you don't need to
> track and pass the status separately.
Sadly, the channel's status and the status passed to OnStopRequest are *not* the same thing (thanks, Necko!). See <http://searchfox.org/mozilla-central/rev/0f92c398ce929a3f3d9dad30132c218def154e39/netwerk/base/nsBaseChannel.cpp#820>. So unfortunately we'll need to pipe this variable through separately.
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/eb3ac9d2775b
Add an API to nsIDocument to determine whether a script is on the tracking protection list; r=bkelly
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → ehsan
Comment 5•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•