Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 481342 - Fix some unpacking logic. r+sr=bz
--HG--
rename : docshell/test/bug369814.zip => docshell/test/bug369814.jar
  • Loading branch information
Dave Camp committed Mar 10, 2009
1 parent d4612bd commit 39401f5
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 2 deletions.
1 change: 1 addition & 0 deletions docshell/test/Makefile.in
Expand Up @@ -61,6 +61,7 @@ _TEST_FILES = \
test_bug344861.html \
test_bug369814.html \
bug369814.zip \
bug369814.jar \
test_bug384014.html \
test_bug387979.html \
test_bug404548.html \
Expand Down
Binary file added docshell/test/bug369814.jar
Binary file not shown.
12 changes: 12 additions & 0 deletions docshell/test/test_bug369814.html
Expand Up @@ -149,6 +149,18 @@
"pokes" : { },
"func" : anchorTest,
},
{ "name" : "iframes.html loaded from view-source jar type, pref disabled",
"url" : "jar:view-source:http://localhost:8888/tests/docshell/test/bug369814.jar!/iframes.html",
"pref" : true,
"pokes" : { },
"func" : loadErrorTest
},
{ "name" : "iframes.html loaded from view-source jar type, pref enabled",
"url" : "jar:view-source:http://localhost:8888/tests/docshell/test/bug369814.jar!/iframes.html",
"pref" : true,
"pokes" : { },
"func" : loadErrorTest
},
];

var gNextTest = 0;
Expand Down
16 changes: 14 additions & 2 deletions modules/libjar/nsJARChannel.cpp
Expand Up @@ -46,6 +46,7 @@
#include "nsEscape.h"
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsIViewSourceChannel.h"
#include "nsChannelProperties.h"

#include "nsIScriptSecurityManager.h"
Expand Down Expand Up @@ -786,8 +787,11 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader,
nsCAutoString contentType;
nsCAutoString charset;
NS_ParseContentType(header, contentType, charset);
mIsUnsafe = !contentType.EqualsLiteral("application/java-archive") &&
!contentType.EqualsLiteral("application/x-jar");
nsCAutoString channelContentType;
channel->GetContentType(channelContentType);
mIsUnsafe = !(contentType.Equals(channelContentType) &&
(contentType.EqualsLiteral("application/java-archive") ||
contentType.EqualsLiteral("application/x-jar")));
rv = httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Content-Disposition"),
header);
if (NS_SUCCEEDED(rv))
Expand Down Expand Up @@ -820,6 +824,14 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader,
}
}

if (NS_SUCCEEDED(status)) {
// Refuse to unpack view-source: jars even if open-unsafe-types is set.
nsCOMPtr<nsIViewSourceChannel> viewSource = do_QueryInterface(channel);
if (viewSource) {
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
}
}

if (NS_SUCCEEDED(status)) {
mJarFile = file;

Expand Down

0 comments on commit 39401f5

Please sign in to comment.