首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 55

wangjunqiang/firefox

forked from src-openEuler/firefox 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
CVE-2020-26963-2.patch 4.53 KB
一键复制 编辑 原始数据 按行查看 历史
wangxiao65 提交于 2021-01-07 15:15 . fix cves
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
# HG changeset patch

# User pbz <pbz@mozilla.com>

# Date 1600689297 0

#      Mon Sep 21 11:54:57 2020 +0000

# Node ID ff5164e4aec8cd7a86df0b5f97842fb1f6f765a6

# Parent  efcefed227f304781326e7c8a52633559a79b6ad

Bug 1314912 - Added test for location change rate limit. r=smaug



Differential Revision: https://phabricator.services.mozilla.com/D90137



diff -r efcefed227f3 -r ff5164e4aec8 docshell/test/navigation/mochitest.ini

--- a/docshell/test/navigation/mochitest.ini	Mon Sep 21 11:54:50 2020 +0000

+++ b/docshell/test/navigation/mochitest.ini	Mon Sep 21 11:54:57 2020 +0000

@@ -97,3 +97,4 @@

 [test_triggeringprincipal_parent_iframe_window_open.html]

 [test_triggeringprincipal_iframe_iframe_window_open.html]

 [test_contentpolicy_block_window.html]

+[test_rate_limit_location_change.html]

diff -r efcefed227f3 -r ff5164e4aec8 docshell/test/navigation/test_rate_limit_location_change.html

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000

+++ b/docshell/test/navigation/test_rate_limit_location_change.html	Mon Sep 21 11:54:57 2020 +0000

@@ -0,0 +1,96 @@

+<!DOCTYPE HTML>

+<html>

+<!--

+https://bugzilla.mozilla.org/show_bug.cgi?id=1314912

+-->

+<head>

+  <meta charset="utf-8">

+  <title>Test for Bug 1314912</title>

+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>

+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

+  <script type="application/javascript">

+

+  /** Test for Bug 1314912 **/

+

+  const RATE_LIMIT_COUNT = 90;

+  const RATE_LIMIT_TIME_SPAN = 3;

+

+  async function setup() {

+    await SpecialPowers.pushPrefEnv({set: [

+      ["dom.navigation.locationChangeRateLimit.count", RATE_LIMIT_COUNT],

+      ["dom.navigation.locationChangeRateLimit.timespan", RATE_LIMIT_TIME_SPAN]]});

+  }

+

+  let inc = 0;

+

+  const rateLimitedFunctions = (win) => ({

+    "history.replaceState": () => win.history.replaceState(null, "test", `${win.location.href}#${inc++}`),

+    "history.pushState":  () => win.history.pushState(null, "test", `${win.location.href}#${inc++}`),

+    "history.back": () => win.history.back(),

+    "history.forward": () => win.history.forward(),

+    "history.go": () => win.history.go(-1),

+    "location.hash": () => win.location.hash = inc++,

+    "location.host": () => win.location.host = win.location.host + "",

+    "location.hostname": () => win.location.hostname = win.location.hostname + "",

+    "location.pathname": () => win.location.pathname = win.location.pathname + "",

+    "location.port": () => win.location.port = win.location.port + "",

+    "location.protocol": () => win.location.protocol = win.location.protocol + "",

+    "location.search": () => win.location.search = win.location.search + "",

+  });

+

+  async function test() {

+    await setup();

+

+    // Open new window and wait for it to load

+    let win = window.open("blank.html");

+    await new Promise((resolve) => SimpleTest.waitForFocus(resolve, win))

+

+    // Execute the history and location functions

+    Object.entries(rateLimitedFunctions(win)).forEach(([name, fn]) => {

+      // Reset the rate limit for the next run.

+      info("Reset rate limit.");

+      SpecialPowers.wrap(win).browsingContext.resetLocationChangeRateLimit();

+

+      info(`Calling ${name} ${RATE_LIMIT_COUNT} times to reach the rate limit.`);

+      for(let i = 0; i< RATE_LIMIT_COUNT; i++) {

+        fn.call(this);

+      }

+      // Next calls should throw because we're above the rate limit

+      for(let i = 0; i < 5; i++)  {

+        SimpleTest.doesThrow(() => fn.call(this), `Call #${RATE_LIMIT_COUNT + i + 1} to ${name} should throw.`);

+      }

+    })

+

+    // We didn't reset the rate limit after the last loop iteration above.

+    // Wait for the rate limit timer to expire.

+    SimpleTest.requestFlakyTimeout("Waiting to trigger rate limit reset.");

+    await new Promise((resolve) => setTimeout(resolve, 5000));

+

+    // Calls should be allowed again.

+    Object.entries(rateLimitedFunctions(win)).forEach(([name, fn]) => {

+      let didThrow = false;

+      try {

+        fn.call(this);

+      } catch(error) {

+        didThrow = true;

+      }

+      is(didThrow, false, `Call to ${name} must not throw.`)

+    });

+

+    // Cleanup

+    win.close();

+    SpecialPowers.wrap(win).browsingContext.resetLocationChangeRateLimit();

+    SimpleTest.finish();

+  }

+

+  </script>

+</head>

+<body onload="setTimeout(test, 0);">

+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1314912">Mozilla Bug 1314912</a>

+<p id="display"></p>

+<div id="content" style="display: none">

+</div>

+<pre id="test">

+</pre>

+</body>

+</html>
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化