1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/* verify that certain invalid URIs are not parsed by the resource
protocol handler */
Cu.import("resource://gre/modules/NetUtil.jsm");
Cu.import("resource://gre/modules/Services.jsm");
const specs = [
"resource://res-test//",
"resource://res-test/?foo=http:",
"resource://res-test/?foo=" + encodeURIComponent("http://example.com/"),
"resource://res-test/?foo=" + encodeURIComponent("x\\y"),
"resource://res-test/..%2F",
"resource://res-test/..%2f",
"resource://res-test/..%2F..",
"resource://res-test/..%2f..",
"resource://res-test/../../",
"resource://res-test/http://www.mozilla.org/",
"resource://res-test/file:///",
];
const error_specs = [
"resource://res-test/..\\",
"resource://res-test/..\\..\\",
"resource://res-test/..%5C",
"resource://res-test/..%5c",
];
// Create some fake principal that has not enough
// privileges to access any resource: uri.
var uri = NetUtil.newURI("http://www.example.com", null, null);
var principal = Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
function get_channel(spec)
{
var channelURI = NetUtil.newURI(spec, null, null);
var channel = NetUtil.newChannel({
uri: NetUtil.newURI(spec, null, null),
loadingPrincipal: principal,
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER
});
try {
channel.asyncOpen2(null);
ok(false, "asyncOpen2() of URI: " + spec + "should throw");
}
catch (e) {
// make sure we get the right error code in the exception
// ERROR code for NS_ERROR_DOM_BAD_URI is 1012
equal(e.code, 1012);
}
try {
channel.open2();
ok(false, "Open2() of uri: " + spec + "should throw");
}
catch (e) {
// make sure we get the right error code in the exception
// ERROR code for NS_ERROR_DOM_BAD_URI is 1012
equal(e.code, 1012);
}
return channel;
}
function check_safe_resolution(spec, rootURI)
{
do_print(`Testing URL "${spec}"`);
let channel = get_channel(spec);
ok(channel.name.startsWith(rootURI), `URL resolved safely to ${channel.name}`);
ok(!/%2f/i.test(channel.name), `URL contains no escaped / characters`);
}
function check_resolution_error(spec)
{
try {
get_channel(spec);
ok(false, "Expected an error");
} catch (e) {
equal(e.result, Components.results.NS_ERROR_MALFORMED_URI,
"Expected a malformed URI error");
}
}
function run_test() {
// resource:/// and resource://gre/ are resolved specially, so we need
// to create a temporary resource package to test the standard logic
// with.
let resProto = Cc['@mozilla.org/network/protocol;1?name=resource'].getService(Ci.nsIResProtocolHandler);
let rootFile = Services.dirsvc.get("GreD", Ci.nsIFile);
let rootURI = Services.io.newFileURI(rootFile);
resProto.setSubstitution("res-test", rootURI);
do_register_cleanup(() => {
resProto.setSubstitution("res-test", null);
});
let baseRoot = resProto.resolveURI(Services.io.newURI("resource:///", null, null));
let greRoot = resProto.resolveURI(Services.io.newURI("resource://gre/", null, null));
for (var spec of specs) {
check_safe_resolution(spec, rootURI.spec);
check_safe_resolution(spec.replace("res-test", ""), baseRoot);
check_safe_resolution(spec.replace("res-test", "gre"), greRoot);
}
for (var spec of error_specs) {
check_resolution_error(spec);
}
}
|