Bug 619092 - Truncate wyciwyg URLs on Reload to prevent exposing them; r=bz
This change prevents URLs with wyciwyg schemes to be set as mDocumentURI.
Otherwise, in JS, document.URL returns a wyciwyg://* URL and a subsequent
call to document.write makes wycywyg URL visible in the address bar.
MozReview-Commit-ID: BaKpDkkIYbM
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -2239,16 +2239,26 @@ nsDocument::Reset(nsIChannel* aChannel,
nsCOMPtr<nsIURI> uri;
nsCOMPtr<nsIPrincipal> principal;
if (aChannel) {
// Note: this code is duplicated in XULDocument::StartDocumentLoad and
// nsScriptSecurityManager::GetChannelResultPrincipal.
// Note: this should match nsDocShell::OnLoadingSite
NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
+ bool isWyciwyg = false;
+ uri->SchemeIs("wyciwyg", &isWyciwyg);
+ if (isWyciwyg) {
+ nsCOMPtr<nsIURI> cleanURI;
+ nsresult rv = nsContentUtils::RemoveWyciwygScheme(uri, getter_AddRefs(cleanURI));
+ if (NS_SUCCEEDED(rv)) {
+ uri = cleanURI;
+ }
+ }
+
nsIScriptSecurityManager *securityManager =
nsContentUtils::GetSecurityManager();
if (securityManager) {
securityManager->GetChannelResultPrincipal(aChannel,
getter_AddRefs(principal));
}
}
--- a/dom/html/test/browser_refresh_wyciwyg_url.js
+++ b/dom/html/test/browser_refresh_wyciwyg_url.js
@@ -20,13 +20,13 @@ function test(){
is(aBrowser.contentDocument.URL, testURL, "Make sure we start at the correct URL");
// test_btn calls document.write() then reloads the document
test_btn = aBrowser.contentDocument.getElementById("test_btn");
test_btn.click();
return BrowserTestUtils.browserLoaded(aBrowser);
}).then(() => {
test_btn.click();
- todo_is(aBrowser.contentDocument.URL, testURL, "Document URL should be identical after reload");
+ is(aBrowser.contentDocument.URL, testURL, "Document URL should be identical after reload");
gBrowser.removeTab(aTab);
finish();
});
}