wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 427033 - Can't save form logins with action="javascript:..." r=gavin, a1.9=beltzner

Browse Source
This commit is contained in:
dolske@mozilla.com 2008-04-10 16:38:45 -07:00
parent ffaf94a900
commit d18af58cac
7 changed files with 127 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
toolkit/components/passwordmgr/src/nsLoginManager.js
View File

@ -876,11 +876,14 @@ LoginManager.prototype = {
*
* Get the parts of the URL we want for identification.
*/
_getPasswordOrigin : function (uriString) {
_getPasswordOrigin : function (uriString, allowJS) {
var realm = "";
try {
var uri = this._ioService.newURI(uriString, null, null);
if (allowJS && uri.scheme == "javascript")
return "javascript:"
realm = uri.scheme + "://" + uri.host;
// If the URI explicitly specified a port, only include it when
@ -894,7 +897,7 @@ LoginManager.prototype = {
} catch (e) {
// bug 159484 - disallow url types that don't support a hostPort.
// (set null to cause throw in the JS above)
// (although we handle "javascript:..." as a special case above.)
this.log("Couldn't parse origin for " + uriString);
realm = null;
}
@ -909,7 +912,7 @@ LoginManager.prototype = {
if (uriString == "")
uriString = form.baseURI; // ala bug 297761
return this._getPasswordOrigin(uriString);
return this._getPasswordOrigin(uriString, true);
},

10
toolkit/components/passwordmgr/src/storage-Legacy.js
View File

@ -699,13 +699,16 @@ LoginManagerStorage_legacy.prototype = {
var ioService = this._ioService;
var log = this.log;
function cleanupURL(aURL) {
function cleanupURL(aURL, allowJS) {
var newURL, username = null, pathname = "";
try {
var uri = ioService.newURI(aURL, null, null);
var scheme = uri.scheme;
if (allowJS && scheme == "javascript")
return ["javascript:", null, ""];
newURL = scheme + "://" + uri.host;
// If the URL explicitly specified a port, only include it when
@ -758,7 +761,8 @@ LoginManagerStorage_legacy.prototype = {
if (aLogin.formSubmitURL) {
[hostname, username, pathname] = cleanupURL(aLogin.formSubmitURL);
[hostname, username, pathname] = cleanupURL(aLogin.formSubmitURL,
true);
aLogin.formSubmitURL = hostname;
// username, if any, ignored.
}

1
toolkit/components/passwordmgr/test/Makefile.in
View File

@ -62,6 +62,7 @@ MOCHI_TESTS = \
test_bug_360493_1.html \
test_bug_360493_2.html \
test_bug_391514.html \
test_bug_427033.html \
test_prompt.html \
test_xhr.html \
test_xml_load.html \

6
toolkit/components/passwordmgr/test/test_bug_360493_1.html
View File

@ -121,9 +121,9 @@ function startTest() {
is($_(i, "pword").value, "testpass", "Checking for filled password " + i);
}
// Not sure if we spec'd how JS urls should be handled here.
todo_is($_(10, "uname"), "testuser", "Checking username w/ JS action URL");
todo_is($_(10, "pword"), "testpass", "Checking password w/ JS action URL");
// The login's formSubmitURL isn't "javascript:", so don't fill it in.
isnot($_(10, "uname"), "testuser", "Checking username w/ JS action URL");
isnot($_(10, "pword"), "testpass", "Checking password w/ JS action URL");
SimpleTest.finish();
}

74
toolkit/components/passwordmgr/test/test_bug_427033.html Normal file
View File

@ -0,0 +1,74 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for Login Manager</title>
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="pwmgr_common.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
Login Manager test: form with JS submit action
<p id="display"></p>
<div id="content" style="display: none">
<form id='form1' action='javascript:alert("never shows")'> 1
<input name="uname">
<input name="pword" type="password">
<button type='submit'>Submit</button>
<button type='reset'> Reset </button>
</form>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Login Manager: JS action URL **/
function startTest() {
checkForm(1, "jsuser", "jspass123");
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
pwmgr.removeLogin(jslogin);
SimpleTest.finish();
}
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
// Get the pwmgr service
var Cc_pwmgr = Components.classes["@mozilla.org/login-manager;1"];
ok(Cc_pwmgr != null, "Access Cc[@mozilla.org/login-manager;1]");
var Ci_pwmgr = Components.interfaces.nsILoginManager;
ok(Ci_pwmgr != null, "Access Ci.nsILoginManager");
var pwmgr = Cc_pwmgr.getService(Ci_pwmgr);
ok(pwmgr != null, "pwmgr getService()");
var jslogin = Components.classes["@mozilla.org/login-manager/loginInfo;1"].
createInstance(Components.interfaces.nsILoginInfo);
ok(jslogin != null, "create a login");
jslogin.init("http://localhost:8888", "javascript:", null,
"jsuser", "jspass123", "uname", "pword");
try {
pwmgr.addLogin(jslogin);
} catch (e) {
ok(false, "addLogin threw: " + e);
}
window.onload = startTest;
SimpleTest.waitForExplicitFinish();
</script>
</pre>
</body>
</html>

9
toolkit/components/passwordmgr/test/unit/data/signons-427033-1.txt Normal file
View File

@ -0,0 +1,9 @@
#2d
.
http://jstest.site.org
put_user_here
MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECEnlbhAkNBbBBBCexD5eaffSLGH/ORiFlQ4X
*put_pw_here
MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECHmiTaseYjkkBBAA0ILJTFSa5CnlpD5PTEYR
javascript://javascript
.

31
toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js
View File

@ -317,7 +317,7 @@ LoginTest.initStorage(storage, INDIR, "signons-2d-06.txt");
LoginTest.checkStorageData(storage, [], [testuser1, testuser2]);
/* ========== 17 ========== */
/* ========== 18 ========== */
testnum++;
testdesc = "Initialize with signons-2d-07.txt";
// Form logins could have been saved with the port number explicitly
@ -338,7 +338,7 @@ LoginTest.initStorage(storage, INDIR, "signons-2d-07.txt");
LoginTest.checkStorageData(storage, [], [testuser1, testuser2, testuser3]);
/* ========== 18 ========== */
/* ========== 19 ========== */
testnum++;
testdesc = "Initialize with signons-2d-08.txt";
// Bug 396316: Non-HTTP[S] hostnames were stored the same way for both forms
@ -357,7 +357,7 @@ LoginTest.initStorage(storage, INDIR, "signons-2d-08.txt");
LoginTest.checkStorageData(storage, [], [testuser1, testuser2, testuser3]);
/* ========== 19 ========== */
/* ========== 20 ========== */
testnum++;
testdesc = "Initialize with signons-2d-09.txt";
// Logins stored when signing into, say, an FTP server via a URL with a
@ -374,7 +374,7 @@ LoginTest.initStorage(storage, INDIR, "signons-2d-09.txt");
LoginTest.checkStorageData(storage, [], [testuser1, testuser2]);
/* ========== 20 ========== */
/* ========== 21 ========== */
testnum++;
testdesc = "Initialize with signons-2d-10.txt";
// Extensions like the eBay Companion just use an arbitrary string for the
@ -388,6 +388,29 @@ LoginTest.initStorage(storage, INDIR, "signons-2d-10.txt");
LoginTest.checkStorageData(storage, [], [testuser1, testuser2]);
/*
* ---------------------- Bug 427033 ----------------------
* Check migration of logins stored with a JS formSubmitURL
*/
/* ========== 22 ========== */
testnum++;
testdesc = "checking import of JS formSubmitURL entries"
testuser1.init("http://jstest.site.org", "javascript:", null,
"dummydude", "itsasecret", "put_user_here", "put_pw_here");
LoginTest.initStorage(storage, INDIR, "signons-427033-1.txt",
OUTDIR, "output-427033-1.txt");
LoginTest.checkStorageData(storage, [], [testuser1]);
testdesc = "[flush and reload for verification]"
LoginTest.initStorage(storage, OUTDIR, "output-427033-1.txt");
LoginTest.checkStorageData(storage, [], [testuser1]);
} catch (e) {
throw "FAILED in test #" + testnum + " -- " + testdesc + ": " + e;
}