corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make sure the microsummary service doesn't attempt to load javascript: or data: URLs

Browse Source 
bug=339377
r=mconnor
a=mconnor for 1.8 branch
This commit is contained in:
myk@mozilla.org
2007-01-14 05:37:50 +00:00
parent 3a3011d94b
commit 0427d54a60
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
browser/components/microsummaries/src/nsMicrosummaryService.js
View File

@@ -41,6 +41,9 @@ const PERMS_FILE = 0644;
const MODE_WRONLY = 0x02;
const MODE_TRUNCATE = 0x20;
const NS_ERROR_MODULE_DOM = 2152923136;
const NS_ERROR_DOM_BAD_URI = NS_ERROR_MODULE_DOM + 1012;
// How often to update microsummaries, in milliseconds.
// XXX Make this a hidden pref so power users can modify it.
const UPDATE_INTERVAL = 30 * 60 * 1000; // 30 minutes
@@ -526,7 +529,15 @@ MicrosummaryService.prototype = {
}
};
downloadPage(pageURI, callback);
try {
downloadPage(pageURI, callback);
}
catch(e) {
// We shouldn't have to do anything if the call fails. We'll just
// return the list of microsummaries without including page-defined
// microsummaries in the list.
LOG("error downloading page to extract its microsummaries: " + e);
}
}
return microsummaries;
@@ -1464,6 +1475,11 @@ function downloadPage(pageURI, loadHandler) {
*
*/
function downloadXMLPage(pageURI, loadHandler) {
// Make sure we're not loading javascript: or data: URLs, which could
// take advantage of the load to run code with chrome: privileges.
if (pageURI.scheme != "http" && pageURI.scheme != "https")
throw NS_ERROR_DOM_BAD_URI;
LOG(pageURI.spec + " downloading as XML");
var request = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance();
@@ -1489,6 +1505,11 @@ function downloadXMLPage(pageURI, loadHandler) {
*
*/
function downloadHTMLPage(pageURI, loadHandler) {
// Make sure we're not loading javascript: or data: URLs, which could
// take advantage of the load to run code with chrome: privileges.
if (pageURI.scheme != "http" && pageURI.scheme != "https")
throw NS_ERROR_DOM_BAD_URI;
LOG(pageURI.spec + " downloading as HTML");
// We download HTML pages via hidden iframes in browser windows.