[HTTPS-Everywhere] https-everywhere bug with channels not attached to a window
Loic J. Duros
lduros at gnu.org
Tue May 8 11:25:17 PDT 2012
Hello:
I'd like to report an issue with Https Everywhere. I'm not sure if I can
report it to a bug tracker directly, and whether this can be reproduced
for any url switched from http to https.
Https-Everywhere seems to assume that there is a DOM window attached to
all channels, and it fails (returning null) when that's not the case. It
will log "DOMWindow exploded" when that's the case.
To reproduce this issue, you must make an xhr request directly from code
that is not attached to a window. This is common practice, and is the
case if an extension is performing a request to fetch data without a DOM
window using nsIXMLHttpRequest:
https://developer.mozilla.org/en/nsIXMLHttpRequest
Attempting to perform an xhr request on such a url as:
http://pagead2.googlesyndication.com/pagead/show_ads.js will never get
through:
var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Ci.nsIXMLHttpRequest);
// request made synchronous for the sake of the demo
req.open('GET',
'http://pagead2.googlesyndication.com/pagead/show_ads.js', false);
req.send(null);
My extension (GNU LibreJS) relies on such XHR requests to analyze
JavaScript before a response even gets parsed, and as a temporary fix
I've added a 15 second time out to cancel the piece of code that
analyzes the script, since it's not being returned at all. Since we are
planning on adding LibreJS to GNU IceCat and that GNU IceCat runs
https-everywhere, it is for us an important issue, and if you know of a
potential way to address this, it would be very helpful! :-)
Thanks,
Loic
More information about the HTTPS-everywhere
mailing list