Closed Bug 348360 Opened 18 years ago Closed 18 years ago

jar:file: urls should not trigger a lookup

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tony, Assigned: tony)

Details

(Keywords: fixed1.8.1)

Attachments

(3 files, 3 obsolete files)

v1: check inner uri
(deleted), patch
bryner
: review+
beltzner
: approval1.8.1+
Details | Diff | Splinter Review
use nsIJARURI instead of GetPath
(deleted), patch
bzbarsky
: review+
bzbarsky
: superreview+
dbaron
: approval1.8.1+
Details | Diff | Splinter Review
v4: any nested URI
(deleted), patch
Details | Diff | Splinter Review
In bug 341946, we turned on url checks for all jar: urls. Most jar: urls are actually jar:file: urls when viewing a xul document. These shouldn't result in a lookup.
Attached patch v1: check inner uri (deleted) — Splinter Review
It would be nice to use nsINestedURI, but that's not on branch, so just do it manually.
Attachment #233257 - Flags: review?(bryner)
Flags: blocking-firefox2?
Attachment #233257 - Flags: review?(bryner) → review+
on trunk
Not going to block, but will take a patch that's well-baked.
Flags: blocking-firefox2? → blocking-firefox2-
Attachment #233257 - Flags: approval1.8.1?
Comment on attachment 233257 [details] [diff] [review] v1: check inner uri a=drivers for the mozilla181 branch
Attachment #233257 - Flags: approval1.8.1? → approval1.8.1+
on branch
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Comment on attachment 233257 [details] [diff] [review] v1: check inner uri Er... this patch is wrong. You can't use nsINestedURI on the branch, but you _CAN_ use nsIJARURI. And should. For example, the code as currently written will break on something simple like: jar:jar:http://... Please see http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/caps/src/nsScriptSecurityManager.cpp&rev=1.266.2.14&mark=263-268#262 for the right way to do this. Also, I would like to see a followup bug for doing this using nsINestedURI on trunk.
(In reply to comment #6) > (From update of attachment 233257 [details] [diff] [review] [edit]) > Er... this patch is wrong. You can't use nsINestedURI on the branch, but you > _CAN_ use nsIJARURI. And should. Ah, didn't know about that. Will post a fixed patch today. > For example, the code as currently written will break on something simple like: > > jar:jar:http://... This should work with the current patch since it recurses (I tested this case as well). > Also, I would like to see a followup bug for doing this using nsINestedURI on > trunk. Ok, will do this also.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #233908 - Flags: superreview?(bryner)
Attachment #233908 - Flags: review?(bzbarsky)
Comment on attachment 233908 [details] [diff] [review] use nsIJARURI instead of GetPath Looks good. Thanks!
Attachment #233908 - Flags: superreview?(bryner)
Attachment #233908 - Flags: superreview+
Attachment #233908 - Flags: review?(bzbarsky)
Attachment #233908 - Flags: review+
Attachment #233908 - Flags: approval1.8.1?
Attached patch use nsINestedURI (for trunk) (obsolete) (deleted) — Splinter Review
Attachment #233920 - Flags: superreview?(bzbarsky)
Attached patch v2: use nsINestedURI (for trunk) (obsolete) (deleted) — Splinter Review
Oops, failed to remove the old return in the last patch.
Attachment #233920 - Attachment is obsolete: true
Attachment #233922 - Flags: superreview?(bzbarsky)
Attachment #233920 - Flags: superreview?(bzbarsky)
Comment on attachment 233922 [details] [diff] [review] v2: use nsINestedURI (for trunk) You don't want the check for "jar" here, do you?
Attachment #233922 - Flags: superreview?(bzbarsky) → superreview-
Attached patch v3: any nested URI (obsolete) (deleted) — Splinter Review
Check any URI with a nested URI (except those that already pass our filter, like about: URIs).
Attachment #233922 - Attachment is obsolete: true
Attachment #233944 - Flags: superreview?(bzbarsky)
Comment on attachment 233944 [details] [diff] [review] v3: any nested URI >+ nsCOMPtr<nsINestedURI> nestedURI; Put the do_QI there. >+ if (nestedURI = do_QueryInterface(aURI)) { Because this will warn... sr=bzbarsky with that.
Attachment #233944 - Flags: superreview?(bzbarsky) → superreview+
Attached patch v4: any nested URI (deleted) — Splinter Review
Attachment #233944 - Attachment is obsolete: true
v4 on trunk
Comment on attachment 233908 [details] [diff] [review] use nsIJARURI instead of GetPath a=dbaron on behalf of drivers. Please land on MOZILLA_1_8_BRANCH and add the fixed1.8.1 keyword once you have done so.
Attachment #233908 - Flags: approval1.8.1? → approval1.8.1+
patch "use nsIJARURI instead of GetPath" on branch.
Status: REOPENED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → FIXED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: