[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13346: More workarounds for additional instances of 401296 triggere (in torbutton/trunk/src: chrome/content components)
Author: mikeperry
Date: 2008-01-31 23:44:43 -0500 (Thu, 31 Jan 2008)
New Revision: 13346
Modified:
torbutton/trunk/src/chrome/content/torbutton.js
torbutton/trunk/src/components/cssblocker.js
Log:
More workarounds for additional instances of 401296 triggered
by meta-refresh.
Modified: torbutton/trunk/src/chrome/content/torbutton.js
===================================================================
--- torbutton/trunk/src/chrome/content/torbutton.js 2008-01-31 18:39:18 UTC (rev 13345)
+++ torbutton/trunk/src/chrome/content/torbutton.js 2008-02-01 04:44:43 UTC (rev 13346)
@@ -1064,6 +1064,38 @@
}
}
+// This observer is to catch some additional http load events
+// to deal with firefox bug 401296
+var torbutton_http_observer = {
+observe : function(subject, topic, data) {
+ torbutton_eclog(2, 'Examine response: '+subject.name);
+ if (!((subject instanceof Components.interfaces.nsIHttpChannel)
+ && (subject.loadFlags & Components.interfaces.nsIChannel.LOAD_DOCUMENT_URI)))
+ return;
+ if (topic == "http-on-examine-response") {
+ torbutton_eclog(3, 'Definitaly Examine response: '+subject.name);
+ torbutton_check_progress(null, subject);
+ }
+},
+register : function() {
+ var observerService =
+ Components.classes["@mozilla.org/observer-service;1"].
+ getService(Components.interfaces.nsIObserverService);
+ torbutton_log(3, "Observer register");
+
+ observerService.addObserver(this, "http-on-examine-response", false);
+ torbutton_log(3, "Observer register");
+},
+unregister : function() {
+ var observerService =
+ Components.classes["@mozilla.org/observer-service;1"].
+ getService(Components.interfaces.nsIObserverService);
+
+ observerService.removeObserver(this,"http-on-examine-response");
+}
+}
+
+
function torbutton_do_main_window_startup()
{
torbutton_log(3, "Torbutton main window startup");
@@ -1082,6 +1114,7 @@
torbutton_unique_pref_observer.register();
torbutton_uninstall_observer.register();
+ torbutton_http_observer.register();
}
function torbutton_do_onetime_startup()
@@ -1167,6 +1200,7 @@
progress.removeProgressListener(torbutton_weblistener);
torbutton_unique_pref_observer.unregister();
torbutton_uninstall_observer.unregister();
+ torbutton_http_observer.unregister();
}
}
@@ -1362,6 +1396,22 @@
torbutton_init();
}
+ var DOMWindow = null;
+
+ if(aProgress) {
+ DOMWindow = aProgress.DOMWindow;
+ } else {
+ try {
+ DOMWindow = aRequest.notificationCallbacks.QueryInterface(
+ Components.interfaces.nsIInterfaceRequestor).getInterface(
+ Components.interfaces.nsIDOMWindow);
+ } catch(e) {
+ }
+ }
+
+ // XXX if intstanceof nsIHttpChannel check headers for
+ // Content-Disposition..
+
// This noise is a workaround for firefox bugs involving
// enforcement of docShell.allowPlugins and docShell.allowJavascript
// (Bugs 401296 and 409737 respectively)
@@ -1371,14 +1421,12 @@
&& chanreq instanceof Components.interfaces.nsIChannel
&& aRequest.isPending()) {
- if(aProgress && aProgress.DOMWindow) {
- torbutton_eclog(3, 'Document: '+aProgress.DOMWindow.location);
- }
+ torbutton_eclog(3, 'Pending request: '+aRequest.name);
- if((aProgress && aProgress.DOMWindow.opener
- && m_tb_prefs.getBoolPref("extensions.torbutton.isolate_content"))) {
+ if(DOMWindow && DOMWindow.opener
+ && m_tb_prefs.getBoolPref("extensions.torbutton.isolate_content")) {
- if(!(aProgress.DOMWindow.top instanceof Components.interfaces.nsIDOMChromeWindow)) {
+ if(!(DOMWindow.top instanceof Components.interfaces.nsIDOMChromeWindow)) {
// Workaround for Firefox bug 409737
// The idea is that the content policy should stop all
// forms of javascript fetches except for popups. This
@@ -1387,15 +1435,15 @@
.getService(Components.interfaces.nsISupports)
.wrappedJSObject;
- var browser = wm.getBrowserForContentWindow(aProgress.DOMWindow.opener);
+ var browser = wm.getBrowserForContentWindow(DOMWindow.opener);
if(browser && browser.__tb_tor_fetched != m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")) {
- torbutton_eclog(3, 'Stopping document: '+aProgress.DOMWindow.location);
- aRequest.cancel(0x804b0002);
- aProgress.DOMWindow.stop();
- torbutton_eclog(3, 'Stopped document: '+aProgress.DOMWindow.location);
- aProgress.DOMWindow.document.clear();
- torbutton_eclog(3, 'Cleared document: '+aProgress.DOMWindow.location);
+ torbutton_eclog(3, 'Stopping document: '+DOMWindow.location);
+ aRequest.cancel(0x804b0002); // NS_BINDING_ABORTED
+ DOMWindow.stop();
+ torbutton_eclog(3, 'Stopped document: '+DOMWindow.location);
+ DOMWindow.document.clear();
+ torbutton_eclog(3, 'Cleared document: '+DOMWindow.location);
}
}
}
@@ -1406,26 +1454,26 @@
if((m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled")
&& m_tb_prefs.getBoolPref("extensions.torbutton.no_tor_plugins")
&& aRequest.contentType in m_tb_plugin_mimetypes)) {
- aRequest.cancel(0x804b0002);
- if(aProgress) {
+ aRequest.cancel(0x804b0002); // NS_BINDING_ABORTED
+ if(DOMWindow) {
// ZOMG DIE DIE DXIE!!!!!@
try {
- aProgress.DOMWindow.stop();
+ DOMWindow.stop();
torbutton_eclog(2, 'Stopped document');
- aProgress.DOMWindow.document.clear();
+ DOMWindow.document.clear();
torbutton_eclog(2, 'Cleared document');
- if(typeof(aProgress.DOMWindow.__tb_kill_flag) == 'undefined') {
+ if(typeof(DOMWindow.__tb_kill_flag) == 'undefined') {
// XXX: localize
window.alert("Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n");
- aProgress.DOMWindow.__tb_kill_flag = true;
+ DOMWindow.__tb_kill_flag = true;
}
// This doesn't seem to actually remove the child..
// It usually just causes an exception to be thrown,
// which strangely enough, actually does finally
// kill the plugin.
- aProgress.DOMWindow.document.removeChild(
- aProgress.DOMWindow.document.firstChild);
+ DOMWindow.document.removeChild(
+ DOMWindow.document.firstChild);
} catch(e) {
torbutton_eclog(3, 'Exception on stop/clear');
}
@@ -1437,17 +1485,21 @@
torbutton_eclog(3, 'Killed plugin document');
return 0;
}
+ } else {
+ torbutton_eclog(2, 'Nonpending: '+aRequest.name);
+ torbutton_eclog(2, 'Type: '+aRequest.contentType);
}
} catch(e) {
torbutton_eclog(3, 'Exception on request cancel');
}
- if(aProgress) {
- var doc = aProgress.DOMWindow.document;
+ // XXX: separate this from the above?
+ if(DOMWindow) {
+ var doc = DOMWindow.document;
try {
if(doc && doc.domain) {
- torbutton_update_tags(aProgress.DOMWindow.window);
- torbutton_hookdoc(aProgress.DOMWindow.window, doc);
+ torbutton_update_tags(DOMWindow.window);
+ torbutton_hookdoc(DOMWindow.window, doc);
}
} catch(e) {
torbutton_eclog(3, "Hit about:plugins? "+doc.location);
Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js 2008-01-31 18:39:18 UTC (rev 13345)
+++ torbutton/trunk/src/components/cssblocker.js 2008-02-01 04:44:43 UTC (rev 13346)
@@ -29,6 +29,8 @@
const block = Components.interfaces.nsIContentPolicy.REJECT_REQUEST;
const CPolicy = Components.interfaces.nsIContentPolicy;
const Cr = Components.results;
+const Cc = Components.classes;
+const Ci = Components.interfaces;
// Retrieves the window object for a node or returns null if it isn't possible
function getWindow(node) {
@@ -143,6 +145,22 @@
var node = wrapNode(insecNode);
var wind = getWindow(node);
+ // Block file in tor mode.
+ // XXX: Add checkbox? Only ask in tor?
+ //var scheme = contentLocation.spec.replace(/:.*/, "").toLowerCase();
+ /*
+ if(scheme == "file") {
+ var windowMediator = Cc["@mozilla.org/appshell/window-mediator;1"].
+ getService(Ci.nsIWindowMediator);
+ var nav = windowMediator.getMostRecentWindow("navigator:browser");
+ var load = nav.confirm("WARNING! Loading files allows malicious script to read+transmit files from your hard drive!\n\nAre you sure you want to do this?\n\n");
+ if(load) {
+ return ok;
+ } else {
+ return block;
+ }
+ } */
+
// Local stuff has to be eclog because otherwise debuglogger will
// get into an infinite log-loop w/ its chrome updates
if (this.isLocalScheme(unwrapURL(contentLocation.spec))) {