diff options
Diffstat (limited to '')
7 files changed, 379 insertions, 0 deletions
diff --git a/browser/components/protocolhandler/WebProtocolHandlerRegistrar.sys.mjs b/browser/components/protocolhandler/WebProtocolHandlerRegistrar.sys.mjs new file mode 100644 index 0000000000..023dad6855 --- /dev/null +++ b/browser/components/protocolhandler/WebProtocolHandlerRegistrar.sys.mjs @@ -0,0 +1,177 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const STRING_BUNDLE_URI = "chrome://browser/locale/feeds/subscribe.properties"; + +export function WebProtocolHandlerRegistrar() {} + +WebProtocolHandlerRegistrar.prototype = { + get stringBundle() { + let sb = Services.strings.createBundle(STRING_BUNDLE_URI); + delete WebProtocolHandlerRegistrar.prototype.stringBundle; + return (WebProtocolHandlerRegistrar.prototype.stringBundle = sb); + }, + + _getFormattedString(key, params) { + return this.stringBundle.formatStringFromName(key, params); + }, + + _getString(key) { + return this.stringBundle.GetStringFromName(key); + }, + + /** + * See nsIWebProtocolHandlerRegistrar + */ + removeProtocolHandler(aProtocol, aURITemplate) { + let eps = Cc[ + "@mozilla.org/uriloader/external-protocol-service;1" + ].getService(Ci.nsIExternalProtocolService); + let handlerInfo = eps.getProtocolHandlerInfo(aProtocol); + let handlers = handlerInfo.possibleApplicationHandlers; + for (let i = 0; i < handlers.length; i++) { + try { + // We only want to test web handlers + let handler = handlers.queryElementAt(i, Ci.nsIWebHandlerApp); + if (handler.uriTemplate == aURITemplate) { + handlers.removeElementAt(i); + let hs = Cc["@mozilla.org/uriloader/handler-service;1"].getService( + Ci.nsIHandlerService + ); + hs.store(handlerInfo); + return; + } + } catch (e) { + /* it wasn't a web handler */ + } + } + }, + + /** + * Determines if a web handler is already registered. + * + * @param aProtocol + * The scheme of the web handler we are checking for. + * @param aURITemplate + * The URI template that the handler uses to handle the protocol. + * @return true if it is already registered, false otherwise. + */ + _protocolHandlerRegistered(aProtocol, aURITemplate) { + let eps = Cc[ + "@mozilla.org/uriloader/external-protocol-service;1" + ].getService(Ci.nsIExternalProtocolService); + let handlerInfo = eps.getProtocolHandlerInfo(aProtocol); + let handlers = handlerInfo.possibleApplicationHandlers; + for (let i = 0; i < handlers.length; i++) { + try { + // We only want to test web handlers + let handler = handlers.queryElementAt(i, Ci.nsIWebHandlerApp); + if (handler.uriTemplate == aURITemplate) { + return true; + } + } catch (e) { + /* it wasn't a web handler */ + } + } + return false; + }, + + /** + * See nsIWebProtocolHandlerRegistrar + */ + registerProtocolHandler( + aProtocol, + aURI, + aTitle, + aDocumentURI, + aBrowserOrWindow + ) { + aProtocol = (aProtocol || "").toLowerCase(); + if (!aURI || !aDocumentURI) { + return; + } + + let browser = aBrowserOrWindow; // This is the e10s case. + if (aBrowserOrWindow instanceof Ci.nsIDOMWindow) { + // In the non-e10s case, grab the browser off the same-process window. + let rootDocShell = aBrowserOrWindow.docShell.sameTypeRootTreeItem; + browser = rootDocShell.QueryInterface(Ci.nsIDocShell).chromeEventHandler; + } + + let browserWindow = browser.ownerGlobal; + try { + browserWindow.navigator.checkProtocolHandlerAllowed( + aProtocol, + aURI, + aDocumentURI + ); + } catch (ex) { + // We should have already shown the user an error. + return; + } + + // If the protocol handler is already registered, just return early. + if (this._protocolHandlerRegistered(aProtocol, aURI.spec)) { + return; + } + + // Now Ask the user and provide the proper callback + let message = this._getFormattedString("addProtocolHandlerMessage", [ + aURI.host, + aProtocol, + ]); + + let notificationIcon = aURI.prePath + "/favicon.ico"; + let notificationValue = "Protocol Registration: " + aProtocol; + let addButton = { + label: this._getString("addProtocolHandlerAddButton"), + accessKey: this._getString("addProtocolHandlerAddButtonAccesskey"), + protocolInfo: { protocol: aProtocol, uri: aURI.spec, name: aTitle }, + + callback(aNotification, aButtonInfo) { + let protocol = aButtonInfo.protocolInfo.protocol; + let name = aButtonInfo.protocolInfo.name; + + let handler = Cc[ + "@mozilla.org/uriloader/web-handler-app;1" + ].createInstance(Ci.nsIWebHandlerApp); + handler.name = name; + handler.uriTemplate = aButtonInfo.protocolInfo.uri; + + let eps = Cc[ + "@mozilla.org/uriloader/external-protocol-service;1" + ].getService(Ci.nsIExternalProtocolService); + let handlerInfo = eps.getProtocolHandlerInfo(protocol); + handlerInfo.possibleApplicationHandlers.appendElement(handler); + + // Since the user has agreed to add a new handler, chances are good + // that the next time they see a handler of this type, they're going + // to want to use it. Reset the handlerInfo to ask before the next + // use. + handlerInfo.alwaysAskBeforeHandling = true; + + let hs = Cc["@mozilla.org/uriloader/handler-service;1"].getService( + Ci.nsIHandlerService + ); + hs.store(handlerInfo); + }, + }; + let notificationBox = browser.getTabBrowser().getNotificationBox(browser); + notificationBox.appendNotification( + notificationValue, + { + label: message, + image: notificationIcon, + priority: notificationBox.PRIORITY_INFO_LOW, + }, + [addButton] + ); + }, + + /** + * See nsISupports + */ + QueryInterface: ChromeUtils.generateQI(["nsIWebProtocolHandlerRegistrar"]), +}; diff --git a/browser/components/protocolhandler/components.conf b/browser/components/protocolhandler/components.conf new file mode 100644 index 0000000000..6fd4f03595 --- /dev/null +++ b/browser/components/protocolhandler/components.conf @@ -0,0 +1,15 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Classes = [ + { + 'cid': '{efbd7b87-9b15-4684-abf0-dc2679daadb1}', + 'contract_ids': ['@mozilla.org/embeddor.implemented/web-protocol-handler-registrar;1'], + 'esModule': 'resource:///modules/WebProtocolHandlerRegistrar.sys.mjs', + 'constructor': 'WebProtocolHandlerRegistrar', + 'processes': ProcessSelector.MAIN_PROCESS_ONLY, + }, +] diff --git a/browser/components/protocolhandler/moz.build b/browser/components/protocolhandler/moz.build new file mode 100644 index 0000000000..84fd43d18a --- /dev/null +++ b/browser/components/protocolhandler/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +BROWSER_CHROME_MANIFESTS += ["test/browser/browser.ini"] + +EXTRA_JS_MODULES += [ + "WebProtocolHandlerRegistrar.sys.mjs", +] + +XPCOM_MANIFESTS += [ + "components.conf", +] + +with Files("**"): + BUG_COMPONENT = ("Firefox", "General") diff --git a/browser/components/protocolhandler/test/browser/browser.ini b/browser/components/protocolhandler/test/browser/browser.ini new file mode 100644 index 0000000000..4ed1c68974 --- /dev/null +++ b/browser/components/protocolhandler/test/browser/browser.ini @@ -0,0 +1,5 @@ +[browser_registerProtocolHandler_notification.js] +support-files = + browser_registerProtocolHandler_notification.html +skip-if = + verify diff --git a/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.html b/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.html new file mode 100644 index 0000000000..6ffacd2e85 --- /dev/null +++ b/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.html @@ -0,0 +1,15 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> +<html> + <head> + <title>Protocol registrar page</title> + <meta content="text/html;charset=utf-8" http-equiv="Content-Type"> + <meta content="utf-8" http-equiv="encoding"> + </head> + <body> + <script type="text/javascript"> + navigator.registerProtocolHandler("web+testprotocol", + "https://example.com/foobar?uri=%s", + "Test Protocol"); + </script> + </body> +</html> diff --git a/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.js b/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.js new file mode 100644 index 0000000000..0f4e41f1a3 --- /dev/null +++ b/browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.js @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const TEST_PATH = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" +); +add_task(async function () { + let notificationValue = "Protocol Registration: web+testprotocol"; + let testURI = TEST_PATH + "browser_registerProtocolHandler_notification.html"; + + BrowserTestUtils.loadURIString(window.gBrowser.selectedBrowser, testURI); + await TestUtils.waitForCondition( + function () { + // Do not start until the notification is up + let notificationBox = window.gBrowser.getNotificationBox(); + let notification = + notificationBox.getNotificationWithValue(notificationValue); + return notification; + }, + "Still can not get notification after retrying 100 times.", + 100, + 100 + ); + + let notificationBox = window.gBrowser.getNotificationBox(); + let notification = + notificationBox.getNotificationWithValue(notificationValue); + ok(notification, "Notification box should be displayed"); + if (notification == null) { + finish(); + return; + } + is( + notification.getAttribute("type"), + "info", + "We expect this notification to have the type of 'info'." + ); + + // Make sure the CSS is fully loaded... + ok( + await TestUtils.waitForCondition( + () => + notification.ownerGlobal.getComputedStyle( + notification.messageImage, + "::after" + ).content == 'url("chrome://global/skin/icons/info-filled.svg")' + ), + "We expect this notification to have an icon." + ); + + let buttons = notification.buttonContainer.getElementsByClassName( + "notification-button" + ); + is(buttons.length, 1, "We expect see one button."); + + let button = buttons[0]; + isnot(button.label, null, "We expect the add button to have a label."); + todo(button.accesskey, "We expect the add button to have a accesskey."); +}); diff --git a/browser/components/protocolhandler/test/test_registerHandler.html b/browser/components/protocolhandler/test/test_registerHandler.html new file mode 100644 index 0000000000..2eb4f7dbdc --- /dev/null +++ b/browser/components/protocolhandler/test/test_registerHandler.html @@ -0,0 +1,88 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=402788 +--> +<head> + <title>Test for Bug 402788</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=402788">Mozilla Bug 402788</a> +<p id="display"></p> +<div id="content" style="display: none"> + +</div> +<pre id="test"> +<script class="testbody" type="text/javascript"> + +/** Test for Bug 402788 */ + SimpleTest.waitForExplicitFinish(); + + // return false if an exception has been catched, true otherwise + function testRegisterHandler(aIsProtocol, aTxt, aUri, aTitle) { + try { + navigator.registerProtocolHandler(aTxt, aUri, aTitle); + } catch (e) { + return false; + } + + return true; + } + + // helper function to build URLs since hostname differs + // based on whether the test is running in a cross-origin iframe + function buildUrl(protocol="http", addFormat=true) { + return `${protocol}://${window.location.hostname}:${window.location.port}${addFormat ? "/%s" : "/"}`; + } + + async function tests() { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.registerProtocolHandler.insecure.enabled", true], + ], + }); + + // testing a generic case + is(testRegisterHandler(true, "web+foo", buildUrl(), "Foo handler"), true, "registering a web+foo protocol handler should work"); + + // testing with wrong uris + is(testRegisterHandler(true, "web+foo", buildUrl("http", false), "Foo handler"), false, "a protocol handler uri should contain %s"); + + // the spec explicitly allows relative urls to be passed + is(testRegisterHandler(true, "web+foo", "foo/%s", "Foo handler"), true, "a protocol handler uri should be valid"); + + // we should only accept to register when the handler has the same host as the current page (bug 402287) + is(testRegisterHandler(true, "fweb+oo", "http://remotehost:8888/%s", "Foo handler"), false, "registering a web+foo protocol handler with a different host should not work"); + + // restriction to http(s) for the uri of the handler (bug 401343) + // http is already tested in the generic case + // ftp should not work + is(testRegisterHandler(true, "web+foo", buildUrl("ftp"), "Foo handler"), false, "registering a web+foo protocol handler with ftp scheme should not work"); + // chrome should not work + is(testRegisterHandler(true, "web+foo", buildUrl("chrome"), "Foo handler"), false, "registering a web+foo protocol handler with chrome scheme should not work"); + // foo should not work + is(testRegisterHandler(true, "web+foo", buildUrl("foo"), "Foo handler"), false, "registering a web+foo protocol handler with foo scheme should not work"); + + // for security reasons, protocol handlers should never be registered for some schemes (chrome, vbscript, ...) (bug 402788) + is(testRegisterHandler(true, "chrome", buildUrl(), "chrome handler"), false, "registering a chrome protocol handler should not work"); + is(testRegisterHandler(true, "vbscript", buildUrl(), "vbscript handler"), false, "registering a vbscript protocol handler should not work"); + is(testRegisterHandler(true, "javascript", buildUrl(), "javascript handler"), false, "registering a javascript protocol handler should not work"); + is(testRegisterHandler(true, "moz-icon", buildUrl(), "moz-icon handler"), false, "registering a moz-icon protocol handler should not work"); + + // registering anything not on the list of safe schemes and unprefixed by web+ shouldn't work + is(testRegisterHandler(true, "foo", buildUrl(), "chrome handler"), false, "registering a foo protocol handler should not work"); + is(testRegisterHandler(true, "web+", buildUrl(), "chrome handler"), false, "registering a 'web+' protocol handler should not work"); + is(testRegisterHandler(true, "web+1", buildUrl(), "chrome handler"), false, "registering a 'web+1' protocol handler should not work"); + + + SimpleTest.finish(); + } + + tests(); + +</script> +</pre> +</body> +</html> |