Loading toolkit/mozapps/extensions/amInstallTrigger.jsm +14 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ const MSG_INSTALL_ENABLED = "WebInstallerIsInstallEnabled"; const MSG_INSTALL_ADDON = "WebInstallerInstallAddonFromWebpage"; const MSG_INSTALL_CALLBACK = "WebInstallerInstallCallback"; const SUPPORTED_XPI_SCHEMES = ["http", "https"]; var log = Log.repository.getLogger("AddonManager.InstallTrigger"); log.level = Log.Level[ Loading Loading @@ -142,6 +144,18 @@ InstallTrigger.prototype = { ); } if (!SUPPORTED_XPI_SCHEMES.includes(url.scheme)) { Cu.reportError( `InstallTrigger call disallowed on install url with unsupported scheme: ${JSON.stringify( { installPrincipal: this._principal.spec, installURL: url.spec, } )}` ); throw new this._window.Error(`Unsupported scheme`); } let iconUrl = null; if (item.IconURL) { iconUrl = this._resolveURL(item.IconURL); Loading toolkit/mozapps/extensions/test/xpcshell/test_installtrigger_schemes.js 0 → 100644 +57 −0 Original line number Diff line number Diff line /* Any copyright is dedicated to the Public Domain. * http://creativecommons.org/publicdomain/zero/1.0/ */ "use strict"; createHttpServer({ hosts: ["example.com"] }); AddonTestUtils.createAppInfo( "xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2" ); async function assertInstallTriggetRejected(page, xpi_url, expectedError) { await Assert.rejects( page.spawn([xpi_url], async url => { this.content.eval(`InstallTrigger.install({extension: '${url}'});`); }), expectedError, `InstallTrigger.install expected to throw on xpi url "${xpi_url}"` ); } add_task( async function test_InstallTriggerThrows_on_unsupported_xpi_schemesì_blob() { const page = await ExtensionTestUtils.loadContentPage("http://example.com"); const blob_url = await page.spawn([], () => { return this.content.eval(`(function () { const blob = new Blob(['fakexpicontent']); return URL.createObjectURL(blob); })()`); }); await assertInstallTriggetRejected(page, blob_url, /Unsupported scheme/); await page.close(); } ); add_task( async function test_InstallTriggerThrows_on_unsupported_xpi_schemes_data() { const page = await ExtensionTestUtils.loadContentPage("http://example.com"); const data_url = "data:;,fakexpicontent"; // This is actually rejected by the checkLoadURIWithPrincipal, which fails with // NS_ERROR_DOM_BAD_URI triggered by CheckLoadURIWithPrincipal's call to // // DenyAccessIfURIHasFlags(aTargetURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) // // and so it is not a site permission that the user can actually grant, unlike the error // raised may suggest. await assertInstallTriggetRejected( page, data_url, /Insufficient permissions to install/ ); await page.close(); } ); toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini +1 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ skip-if = appname != "firefox" || (os == "win" && processor == "aarch64") # bug [test_installOrigins.js] [test_install_cancel.js] [test_install_icons.js] [test_installtrigger_schemes.js] [test_isDebuggable.js] [test_isReady.js] [test_locale.js] Loading Loading
toolkit/mozapps/extensions/amInstallTrigger.jsm +14 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ const MSG_INSTALL_ENABLED = "WebInstallerIsInstallEnabled"; const MSG_INSTALL_ADDON = "WebInstallerInstallAddonFromWebpage"; const MSG_INSTALL_CALLBACK = "WebInstallerInstallCallback"; const SUPPORTED_XPI_SCHEMES = ["http", "https"]; var log = Log.repository.getLogger("AddonManager.InstallTrigger"); log.level = Log.Level[ Loading Loading @@ -142,6 +144,18 @@ InstallTrigger.prototype = { ); } if (!SUPPORTED_XPI_SCHEMES.includes(url.scheme)) { Cu.reportError( `InstallTrigger call disallowed on install url with unsupported scheme: ${JSON.stringify( { installPrincipal: this._principal.spec, installURL: url.spec, } )}` ); throw new this._window.Error(`Unsupported scheme`); } let iconUrl = null; if (item.IconURL) { iconUrl = this._resolveURL(item.IconURL); Loading
toolkit/mozapps/extensions/test/xpcshell/test_installtrigger_schemes.js 0 → 100644 +57 −0 Original line number Diff line number Diff line /* Any copyright is dedicated to the Public Domain. * http://creativecommons.org/publicdomain/zero/1.0/ */ "use strict"; createHttpServer({ hosts: ["example.com"] }); AddonTestUtils.createAppInfo( "xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2" ); async function assertInstallTriggetRejected(page, xpi_url, expectedError) { await Assert.rejects( page.spawn([xpi_url], async url => { this.content.eval(`InstallTrigger.install({extension: '${url}'});`); }), expectedError, `InstallTrigger.install expected to throw on xpi url "${xpi_url}"` ); } add_task( async function test_InstallTriggerThrows_on_unsupported_xpi_schemesì_blob() { const page = await ExtensionTestUtils.loadContentPage("http://example.com"); const blob_url = await page.spawn([], () => { return this.content.eval(`(function () { const blob = new Blob(['fakexpicontent']); return URL.createObjectURL(blob); })()`); }); await assertInstallTriggetRejected(page, blob_url, /Unsupported scheme/); await page.close(); } ); add_task( async function test_InstallTriggerThrows_on_unsupported_xpi_schemes_data() { const page = await ExtensionTestUtils.loadContentPage("http://example.com"); const data_url = "data:;,fakexpicontent"; // This is actually rejected by the checkLoadURIWithPrincipal, which fails with // NS_ERROR_DOM_BAD_URI triggered by CheckLoadURIWithPrincipal's call to // // DenyAccessIfURIHasFlags(aTargetURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) // // and so it is not a site permission that the user can actually grant, unlike the error // raised may suggest. await assertInstallTriggetRejected( page, data_url, /Insufficient permissions to install/ ); await page.close(); } );
toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini +1 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ skip-if = appname != "firefox" || (os == "win" && processor == "aarch64") # bug [test_installOrigins.js] [test_install_cancel.js] [test_install_icons.js] [test_installtrigger_schemes.js] [test_isDebuggable.js] [test_isReady.js] [test_locale.js] Loading
