KotJohansson
/
UXP
mirror of https://github.com/roytam1/UXP
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make the Auth prompt DOS protection a browser-element opt-in feature.

Browse Source
pull/7/head
wolfbeast 3 years ago committed by Roy Tam
parent 7b71e22bee
commit 1e6b075d1d
6 changed files with 40 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      application/basilisk/base/content/browser.xul
  2. 6
      application/basilisk/base/content/tabbrowser.xml
  3. 3
      application/palemoon/base/content/browser.xul
  4. 6
      application/palemoon/base/content/tabbrowser.xml
  5. 32
      toolkit/components/passwordmgr/nsLoginManagerPrompter.js
  6. 4
      toolkit/content/widgets/browser.xml

3
application/basilisk/base/content/browser.xul
Unescape View File

@ -999,7 +999,8 @@
contentcontextmenu="contentAreaContextMenu"
autocompletepopup="PopupAutoComplete"
selectmenulist="ContentSelectDropdown"
datetimepicker="DateTimePickerPanel"/>
datetimepicker="DateTimePickerPanel"
authdosprotected="true" />
</vbox>
<vbox id="browser-border-end" hidden="true" layer="true"/>
</hbox>

6
application/basilisk/base/content/tabbrowser.xml
Unescape View File

@ -25,7 +25,7 @@
<xul:vbox flex="1" class="browserContainer">
<xul:stack flex="1" class="browserStack" anonid="browserStack">
<xul:browser anonid="initialBrowser" type="content-primary" message="true" messagemanagergroup="browsers"
xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker"/>
xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker,authdosprotected"/>
</xul:stack>
</xul:vbox>
</xul:hbox>
@ -1952,6 +1952,10 @@
if (this.hasAttribute("datetimepicker")) {
b.setAttribute("datetimepicker", this.getAttribute("datetimepicker"));
}
if (this.hasAttribute("authdosprotected")) {
b.setAttribute("authdosprotected", this.getAttribute("authdosprotected"));
}
b.setAttribute("autoscrollpopup", this._autoScrollPopup.id);

3
application/palemoon/base/content/browser.xul
Unescape View File

@ -965,7 +965,8 @@
tabcontainer="tabbrowser-tabs"
contentcontextmenu="contentAreaContextMenu"
autocompletepopup="PopupAutoComplete"
datetimepicker="DateTimePickerPanel"/>
datetimepicker="DateTimePickerPanel"
authdosprotected="true"/>
<chatbar id="pinnedchats" layer="true" mousethrough="always" hidden="true"/>
<statuspanel id="statusbar-display" inactive="true"/>
</vbox>

6
application/palemoon/base/content/tabbrowser.xml
Unescape View File

@ -30,7 +30,7 @@
<xul:vbox flex="1" class="browserContainer">
<xul:stack flex="1" class="browserStack" anonid="browserStack">
<xul:browser anonid="initialBrowser" type="content-primary" message="true" disablehistory="true"
xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker"/>
xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker,authdosprotected"/>
</xul:stack>
</xul:vbox>
</xul:hbox>
@ -1588,6 +1588,10 @@
if (this.hasAttribute("datetimepicker")) {
b.setAttribute("datetimepicker", this.getAttribute("datetimepicker"));
}
if (this.hasAttribute("authdosprotected")) {
b.setAttribute("authdosprotected", this.getAttribute("authdosprotected"));
}
// Create the browserStack container
var stack = document.createElementNS(NS_XUL, "stack");

32
toolkit/components/passwordmgr/nsLoginManagerPrompter.js
Unescape View File

@ -103,7 +103,7 @@ LoginManagerPromptFactory.prototype = {
// cancel the prompt until we stop showing it.
let browser = prompter._browser;
let baseDomain = null;
if (browser) {
if (browser && browser.isAuthDOSProtected) {
try {
baseDomain = Services.eTLD.getBaseDomainFromHost(hostname);
} catch (e) {
@ -145,7 +145,7 @@ LoginManagerPromptFactory.prototype = {
prompt.inProgress = false;
self._asyncPromptInProgress = false;
if (browser) {
if (browser && browser.isAuthDOSProtected) {
// Reset the counter state if the user replied to a prompt and actually
// tried to login (vs. simply clicking any button to get out).
if (ok && (prompt.authInfo.username || prompt.authInfo.password)) {
@ -177,15 +177,27 @@ LoginManagerPromptFactory.prototype = {
var cancelDialogLimit = Services.prefs.getIntPref("prompts.authentication_dialog_abuse_limit");
let cancelationCounter = browser.authPromptCounter[baseDomain];
this.log("cancelationCounter =", cancelationCounter);
if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
delete this._asyncPrompts[hashKey];
// just make the runnable cancel all consumers
runnable.cancel = true;
// Block the auth prompt if:
// - There is an attached browser element
// - The browser element has opted-in to DOS protection
// - The dialog cancellation limit is not 0 (= feature disabled)
// - The amount of cancellations >= the set abuse limit
if (browser && browser.isAuthDOSProtected) {
let cancelationCounter = browser.authPromptCounter[baseDomain];
this.log("cancelationCounter =", cancelationCounter);
if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
delete this._asyncPrompts[hashKey];
// just make the runnable cancel all consumers
runnable.cancel = true;
} else {
this._asyncPromptInProgress = true;
prompt.inProgress = true;
}
} else {
// No DOS protection: prompt
this._asyncPromptInProgress = true;
prompt.inProgress = true;
}

4
toolkit/content/widgets/browser.xml
Unescape View File

@ -899,6 +899,10 @@
<field name="mIconURL">null</field>
<property name="isAuthDOSProtected"
onget="return (this.getAttribute('authdosprotected') == 'true');"
readonly="true"/>
<!-- This is managed by the tabbrowser -->
<field name="lastURI">null</field>

Write Preview
Loading…
Cancel
Save