Bug 481342 - Fix some unpacking logic. r+sr=bz, a1.9.0.8=dveditz

git-svn-id: svn://10.0.0.236/trunk@256563 18797224-902f-48f8-a5cc-f745e15eee43
2009-03-17 21:53:51 +00:00 · 2009-03-17 21:53:51 +00:00 · 3983d7f317
commit 3983d7f317
parent 567673e3cf
3 changed files with 27 additions and 2 deletions
--- a/mozilla/docshell/test/Makefile.in
+++ b/mozilla/docshell/test/Makefile.in
@ -59,6 +59,7 @@ _TEST_FILES = \
 		test_bug344861.html \
 		test_bug369814.html \
 		bug369814.zip       \
+		bug369814.jar       \
 		test_bug384014.html \
 		test_bug387979.html \
 		test_bug404548.html \
--- a/mozilla/docshell/test/test_bug369814.html
+++ b/mozilla/docshell/test/test_bug369814.html
@ -149,6 +149,18 @@ var gTests = [
    "pokes" : { },
    "func" : anchorTest,
  },
+  { "name" : "iframes.html loaded from view-source jar type, pref disabled",
+    "url" : "jar:view-source:http://localhost:8888/tests/docshell/test/bug369814.jar!/iframes.html",
+    "pref" : true,
+    "pokes" : { },
+    "func" : loadErrorTest
+  },
+  { "name" : "iframes.html loaded from view-source jar type, pref enabled",
+    "url" : "jar:view-source:http://localhost:8888/tests/docshell/test/bug369814.jar!/iframes.html",
+    "pref" : true,
+    "pokes" : { },
+    "func" : loadErrorTest
+  },
 ];

 var gNextTest = 0;
--- a/mozilla/modules/libjar/nsJARChannel.cpp
+++ b/mozilla/modules/libjar/nsJARChannel.cpp
@ -46,6 +46,7 @@
 #include "nsEscape.h"
 #include "nsIPrefService.h"
 #include "nsIPrefBranch.h"
+#include "nsIViewSourceChannel.h"
 #include "nsChannelProperties.h"

 #include "nsIScriptSecurityManager.h"
@ -775,8 +776,11 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader,
            nsCAutoString contentType;
            nsCAutoString charset;
            NS_ParseContentType(header, contentType, charset);
-            mIsUnsafe = !contentType.EqualsLiteral("application/java-archive") &&
-                        !contentType.EqualsLiteral("application/x-jar");
+            nsCAutoString channelContentType;
+            channel->GetContentType(channelContentType);
+            mIsUnsafe = !(contentType.Equals(channelContentType) &&
+                          (contentType.EqualsLiteral("application/java-archive") ||
+                           contentType.EqualsLiteral("application/x-jar")));
            rv = httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Content-Disposition"),
                                                header);
            if (NS_SUCCEEDED(rv))
@ -809,6 +813,14 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader,
        }
    }

+    if (NS_SUCCEEDED(status)) {
+        // Refuse to unpack view-source: jars even if open-unsafe-types is set.
+        nsCOMPtr<nsIViewSourceChannel> viewSource = do_QueryInterface(channel);
+        if (viewSource) {
+            status = NS_ERROR_UNSAFE_CONTENT_TYPE;
+        }
+    }
+
    if (NS_SUCCEEDED(status)) {
        mJarFile = file;