Community
Participate
Working Groups
When we use Helios M6 in our office, we see security warnings for every initial use of a browser widget, every time Eclipse is run. Maybe our company has somewhat restrictive IE security settings for our intranet? All of these standard features bring up an IE security warning and completely block the UI: -- Help > Welcome (!) -- JDT/CDT Hover help -- Opening an *.htm file in an editor The alert is: "Security warning: The current Web page is trying to open a site in your Intranet [[or Trusted sites list]]. Do you want to allow this? // Current site: about:blank Trusted site: about:blank" I've looked for other bugs mentioning this, but it seems only we are victims to it. Everyone in our office sees this. It seems perhaps related to <https://bugs.eclipse.org/bugs/show_bug.cgi?id=278299>, which is why I filed it here. This never happened in Eclipses 3.1 through 3.5, and still doesn't. I'm calling this "major" because it blocks the welcome page for new users. In a clean workspace, this dialog comes up *behind* the Welcome page, and is invisible for whatever Z-ordering reasons; thus a new user will not be able to click anything on that page at all. He can only close the view and *then* he'll see the dialog. Further, all the confirmations for these dialogs are zapped on a new launch of Eclipse... sigh. I tried following the guidelines here: <http://msdn.microsoft.com/en-us/library/dd565663%28VS.85%29.aspx> to disable the "zone elevation" warnings for local or intranet sites, and also disabling the network protection in Symantec Endpoint Protection, but it has no effect.
I don't think this is related to bug 278299, because (in theory) that change should not affect invokers of Browser.setText(String), such as the Welcome page. However since I don't see this problem and have not heard of it before, I'll need you to do some trials. For starters you could prove/disprove the bug 278299 theory by seeing if the problems happens for you with 3.6M4 but not with 3.6M3. And if this is not the case, it would be helpful to know which of the 3.6M builds introduced the problem, in order to isolate the set of changes that may have introduced this.
(In reply to comment #1) > > However since I don't see this problem and have not heard of it before, I'll > need you to do some trials. For starters you could prove/disprove the bug > 278299 theory by seeing if the problems happens for you with 3.6M4 but not with > 3.6M3. And if this is not the case, it would be helpful to know which of the > 3.6M builds introduced the problem, in order to isolate the set of changes that > may have introduced this. Okay, after fetching several older milestone builds for Eclipse SDK for Win/x86, I found that the behavior appeared between M2 and M3. I don't see any other builds available between those times, though. In M3, the only place I see this is when clicking on buttons in the Help > Welcome page. The buttons do nothing and when I close the view, I see the dialog. (It gives the strong impression the dialog was behind the view, but it may be something triggered on closing the view.) In M2, the buttons also do nothing -- so maybe I don't know what's causing what here ;) In M4 and M5, the behavior is not present on hover help in JDT (either automatic or triggered by F2), but in M6, the behavior appears. In M6, also, there are two new such dialogs when opening via Help > Contents. This is why I thought #278299 might be the culprit -- commentary on the bug indicates that the intent of the change is to mark uses of browser UI in the platform as "untrusted", which seems to directly relate to why the IE dialog comes up. Could it be that other clients in the Eclipse SDK migrated to the #setText(..., false) variant of the call after the API was added?
Created attachment 165966 [details] one of the dialogs
Created attachment 165967 [details] another dialog (second one when seeing help > contents)
Looking at the changes between 3.6M2 and M3 it's not obvious what could have introduced this. Are there any UNC paths being used anywhere in or around your problem scenarios? Also, I notice one of your screenshots mentions trusted sites, do you have some of these set in your external IE? (In stand-alone IE go to Tools > Internet Options > Secutity, select Trusted Sites).
(In reply to comment #5) > Looking at the changes between 3.6M2 and M3 it's not obvious what could have > introduced this. Are there any UNC paths being used anywhere in or around your > problem scenarios? I'm not using them directly... Eclipse and the workspace are on local drives. > Also, I notice one of your screenshots mentions trusted sites, do you have some > of these set in your external IE? (In stand-alone IE go to Tools > Internet > Options > Secutity, select Trusted Sites). I didn't originally, and tried adding them, to quell the warnings (re: the original summary ;) I had added about:blank to Trusted Sites, thinking it would suppress warnings, and just removed it -- no effect. I also unchecked all the options about what sites are included in Local sites -- no effect (except the dialog changes from "... in your Trusted Sites" to "... in your intranet" ... but about:blank is not listed in the settings). Note: the Intranet list includes entries like http://...foo.bar, some wildcards, e.g. "*.nokia.com", and a file://.... entry pointing to a local server. And Trusted sites includes one https:// entry for a non-wildcard address.
Hi Ed, I'd like to determine which change introduced this and figure out a fix for RC1 if possible (this week). However I don't see the problem on this end, so could you help with some experiments on your end? Can you try the following: - in any eclipse 3.6 milestone release that shows the problem - retrieve swt from HEAD into your workspace and compile for win32 (steps: http://www.eclipse.org/swt/cvs.php ) - experiment #1: - in the IE class comment out line: site.addEventListener(NavigateError, oleListener); - self-host (Run > Run As > Eclipse Application) - is the prompter still shown in the self-hosted workspace? If so try #2 below - experiment #2: - in the IE class comment out field "uncRedirect" - this will introduce some compile errors, but they're easily fixed by just commenting out the references to this field and any conditional blocks they lead into (eg.- for "if (uncRedirect != null) {" just comment out the if's whole block) - self-host (Run > Run As > Eclipse Application) - is the prompter still shown in the self-hosted workspace?
(In reply to comment #7) > - experiment #1: > - in the IE class comment out line: > site.addEventListener(NavigateError, oleListener); > - is the prompter still shown in the self-hosted workspace? If so try #2 > below Yes, the prompt still shows up. > > - experiment #2: > - in the IE class comment out field "uncRedirect" > - is the prompter still shown in the self-hosted workspace? Yes, it's still displayed here too.
Ok, thanks for trying these. Here are a couple more you can try with the same workspace as the previous experiments: #3: In IE.setText() comment out all of the following, then self-host, any better? if (getUrl().equals(ABOUT_BLANK)) { Runnable runnable = new Runnable() { public void run() { if (browser.isDisposed()) return; LocationEvent newEvent = new LocationEvent(browser); newEvent.display = browser.getDisplay(); newEvent.widget = browser; newEvent.location = ABOUT_BLANK; newEvent.doit = true; for (int i = 0; i < locationListeners.length; i++) { locationListeners[i].changing(newEvent); } boolean doit = newEvent.doit && !browser.isDisposed(); if (doit) setHTML(html); } }; if (delaySetText) { delaySetText = false; browser.getDisplay().asyncExec(runnable); } else { runnable.run(); } return true; } #4: Launch eclipse 3.6M2 since it was the last known milestone without the prompters and point it at the workspace you've been experimenting with, since it has an swt that has been showing the prompters. Self-host, any bad prompters on Help > Welcome or elsewhere?
(In reply to comment #9) > Ok, thanks for trying these. Here are a couple more you can try with the same > workspace as the previous experiments: > > #3: In IE.setText() comment out all of the following, then self-host, any > better? Nope :( > #4: Launch eclipse 3.6M2 since it was the last known milestone without the > prompters and point it at the workspace you've been experimenting with, since > it has an swt that has been showing the prompters. Self-host, any bad > prompters on Help > Welcome or elsewhere? Still the same situation. The oddest thing, I should repeat, is that some of the dialogs show up when I *close* the Help > Welcome page, not before. And lo, now that I'm actually debugging with SWT and sources, I get this stack trace when I see the dialog in Help > Welcome: Thread [main] (Suspended) COM.VtblCall(int, int, int, GUID, int, int, DISPPARAMS, int, EXCEPINFO, int[]) line: not available [native method] IDispatch.Invoke(int, GUID, int, int, DISPPARAMS, int, EXCEPINFO, int[]) line: 64 OleAutomation.invoke(int, int, Variant[], int[], Variant) line: 570 OleAutomation.invoke(int, Variant[], int[]) line: 533 IE.execute(String) line: 1090 IE$5.handleEvent(Event) line: 293 EventTable.sendEvent(Event) line: 84 Browser(Widget).sendEvent(Event) line: 1052 Browser(Widget).sendEvent(int, Event, boolean) line: 1076 Browser(Widget).sendEvent(int) line: 1057 Browser(Widget).release(boolean) line: 807 Composite.releaseChildren(boolean) line: 872 Composite(Widget).release(boolean) line: 810 Composite.releaseChildren(boolean) line: 872 Composite(Widget).release(boolean) line: 810 Composite.releaseChildren(boolean) line: 872 Composite(Widget).release(boolean) line: 810 Composite(Widget).dispose() line: 445 ViewPane(PartPane).dispose() line: 180 ViewPane.dispose() line: 193 ViewReference(WorkbenchPartReference).dispose() line: 681 WorkbenchPage.disposePart(WorkbenchPartReference) line: 1715 WorkbenchPage.partRemoved(WorkbenchPartReference) line: 1707 ViewFactory.releaseView(IViewReference) line: 257 Perspective.hideView(IViewReference) line: 607 WorkbenchPage.hideView(IViewReference) line: 2381 ViewPane.doHide() line: 213 ViewStack(PartStack).close(IPresentablePart) line: 543 ViewStack(PartStack).close(IPresentablePart[]) line: 526 PartStack$1.close(IPresentablePart[]) line: 122 TabbedStackPresentation$1.handleEvent(TabFolderEvent) line: 83 DefaultTabFolder(AbstractTabFolder).fireEvent(TabFolderEvent) line: 270 DefaultTabFolder(AbstractTabFolder).fireEvent(int, AbstractTabItem) line: 279 DefaultTabFolder.access$1(DefaultTabFolder, int, AbstractTabItem) line: 1 DefaultTabFolder$1.closeButtonPressed(CTabItem) line: 70 PaneFolder.notifyCloseListeners(CTabItem) line: 626 PaneFolder$3.close(CTabFolderEvent) line: 206 CTabFolder.onMouse(Event) line: 1590 CTabFolder$1.handleEvent(Event) line: 261 EventTable.sendEvent(Event) line: 84 CTabFolder(Widget).sendEvent(Event) line: 1052 Display.runDeferredEvents() line: 4066 Display.readAndDispatch() line: 3657 Workbench.runEventLoop(Window$IExceptionHandler, Display) line: 2405 Workbench.runUI() line: 2369 Workbench.access$4(Workbench) line: 2221 Workbench$5.run() line: 500 Realm.runWithDefault(Realm, Runnable) line: 332 Workbench.createAndRunWorkbench(Display, WorkbenchAdvisor) line: 493 PlatformUI.createAndRunWorkbench(Display, WorkbenchAdvisor) line: 149 IDEApplication.start(IApplicationContext) line: 113 EclipseAppHandle.run(Object) line: 194 EclipseAppLauncher.runApplication(Object) line: 110 EclipseAppLauncher.start(Object) line: 79 EclipseStarter.run(Object) line: 367 EclipseStarter.run(String[], Runnable) line: 179 NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method] NativeMethodAccessorImpl.invoke(Object, Object[]) line: not available DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: not available Method.invoke(Object, Object...) line: not available Main.invokeFramework(String[], URL[]) line: 610 Main.basicRun(String[]) line: 565 Main.run(String[]) line: 1362 Main.main(String[]) line: 1338 In IE.execute(), it's invoking onbeforeunload handlers and running the script: "window.location.href='about:blank'". In the Help > Contents dialog, where the dialog comes up immediately on opening the window, there's nothing obvious in the main UI thread but the Help Browser UI thread is stuck dispatching this message, so I assume it's the responsible party: Daemon Thread [Help Browser UI] (Suspended) OS.DispatchMessageW(MSG) line: not available [native method] OS.DispatchMessage(MSG) line: 2459 Display.readAndDispatch() line: 3655 EmbeddedBrowserAdapter$UIThread2.run() line: 40 lpmsg MSG (id=162) hwnd 3085174 lParam 0 message 32770 time 336834421 wParam 0 x 658 y 418 Anything useful here?
So presumably if you comment out the execute ("window.location.href='about:blank'"); line then the prompter is no longer shown, right? (In the Help > Contents case it creates and immediately destroys a Browser for some reason and then shows a second Browser with the content, which would explain why it seems like you see the prompter up-front). If commenting this line makes all prompters go away then at least we know the change that introduced the problem. Please give this a try.
BTW which version of IE do you have?
(In reply to comment #11) > So presumably if you comment out the > > execute ("window.location.href='about:blank'"); > > line then the prompter is no longer shown, right? Yup, that fixes it. > (In the Help > Contents case > it creates and immediately destroys a Browser for some reason and then shows a > second Browser with the content, which would explain why it seems like you see > the prompter up-front). But I still see the other prompter in Help > Contents after commenting out the line. > If commenting this line makes all prompters go away > then at least we know the change that introduced the problem. Please give this > a try. The Help > Welcome one goes away, not the Help > Contents one. I didn't see any when using hovers, etc., though. I would need to investigate later to see if any come up in our full product workspace, too. (In reply to comment #12) > BTW which version of IE do you have? It's 6.0.2900.2180.
Ok, now for the Help > Contents case. There were not many groups of changes between 3.6M5 and 3.6M6. Can you: - retrieve SWT from HEAD into an eclipse 3.6M6 - in the IE class: -> comment out the "execute ("window.location.href='about:blank'");" line -> change line "navigate(ABOUT_BLANK, null, null, true);" to "initialNavigateComplete = true;" - self-host, any prompters?
(In reply to comment #14) > Ok, now for the Help > Contents case. There were not many groups of changes > between 3.6M5 and 3.6M6. Can you: > > - retrieve SWT from HEAD into an eclipse 3.6M6 > - in the IE class: > -> comment out the "execute ("window.location.href='about:blank'");" line > -> change line "navigate(ABOUT_BLANK, null, null, true);" to > "initialNavigateComplete = true;" > - self-host, any prompters? Well... there are no prompters, but the help window stays blank the whole time too. :/
Oops, wait, I futzed the change (forgot the "initialNavigateComplete = true;"). But there is no such field in the class either...? Description Resource Path Location Type initialNavigateComplete cannot be resolved to a variable IE.java /org.eclipse.swt/Eclipse SWT Browser/win32/org/eclipse/swt/browser line 1443 Java Problem
Sorry, I was looking at the 3.6M6 code but then told you to get SWT from HEAD. In HEAD comment out the full block surrounding the "navigate(ABOUT_BLANK...": //pendingText = null; //pendingUrl = new Object[] {url, postData, headers}; //performingInitialNavigate = true; //navigate (ABOUT_BLANK, null, null, true); //return true;
(In reply to comment #17) > Sorry, I was looking at the 3.6M6 code but then told you to get SWT from HEAD. > In HEAD comment out the full block surrounding the "navigate(ABOUT_BLANK...": > > //pendingText = null; > //pendingUrl = new Object[] {url, postData, headers}; > //performingInitialNavigate = true; > //navigate (ABOUT_BLANK, null, null, true); > //return true; Yup, that removes the prompters here.
Ok, getting there. Can you now: 1. replace the previous set of commented-out lines with: pendingText = null; pendingUrl = new Object[] {url, postData, headers}; performingInitialNavigate = true; site.ignoreAllMessages = true; navigate (ABOUT_BLANK, null, null, true); site.ignoreAllMessages = false; return true; - self-host, any prompters? If so: 2. search in the IE class for line: setUrl((String)pendingUrl[0], (String)pendingUrl[1], (String[])pendingUrl[2]); and insert immediately before it: site.ignoreAllMessages = false; - self-host, any prompters? Also, a separate question. Do the machines in your office that see this problem have to go through a proxy? This is set in stand-alone IE in Tools > Internet Options... > Connections tab > LAN Settings... button
To clarify the last comment, if #1 does not make the prompters go away, still keep these changes from #1 when adding the line specified in #2.
Hmm, the prompters in Help > Contents are unchanged with the last two changes. Total diffs below for verification. And yes, we all use a proxy in the office. In IE we're autoconfigured to use an automatic configuration script via http ("http://proxyconf/proxy.pac"). If it matters, in Eclipse, I usually manually set up the proxy via the General > Network settings to the actual IP/port that the script gives us. ### Eclipse Workspace Patch 1.0 #P org.eclipse.swt Index: Eclipse SWT Browser/win32/org/eclipse/swt/browser/IE.java =================================================================== RCS file: /cvsroot/eclipse/org.eclipse.swt/Eclipse SWT Browser/win32/org/eclipse/swt/browser/IE.java,v retrieving revision 1.79 diff -u -r1.79 IE.java --- Eclipse SWT Browser/win32/org/eclipse/swt/browser/IE.java 20 Apr 2010 20:49:03 -0000 1.79 +++ Eclipse SWT Browser/win32/org/eclipse/swt/browser/IE.java 11 May 2010 14:27:16 -0000 @@ -483,6 +483,7 @@ if (pendingText != null) { setText((String)pendingText[0], ((Boolean)pendingText[1]).booleanValue()); } else if (pendingUrl != null) { + site.ignoreAllMessages = false; setUrl((String)pendingUrl[0], (String)pendingUrl[1], (String[])pendingUrl[2]); } pendingText = pendingUrl = null; @@ -1437,10 +1438,13 @@ */ if (_getUrl().length() == 0) { pendingText = null; - pendingUrl = new Object[] {url, postData, headers}; - performingInitialNavigate = true; - navigate (ABOUT_BLANK, null, null, true); + pendingUrl = new Object[] {url, postData, headers}; + performingInitialNavigate = true; + site.ignoreAllMessages = true; + navigate (ABOUT_BLANK, null, null, true); + site.ignoreAllMessages = false; return true; + } /*
Your patch made me realize that #2 in comment 19 is a bit wrong. Can you try commenting out the "site.ignoreAllMessages = false;" line that follows the "navigate (ABOUT_BLANK, null, null, true);" line?
No change... I still get the prompter during Help > Contents.
Thanks for your responsiveness to all of these requests. Here are two last ones (hopefully :) ). 1. - replace class IE with its HEAD content - self-host, then in the self-hosted workspace invoke Window > Show View > Other... - select General - Internal Web Browser, OK - in this view navigate to http://www.eclipse.org, any prompter? 2. - change the implementation of method WebSite.MapUrlToZone(...) to just be: COM.MoveMemory(pdwZone, new int[] {IE.URLZONE_INTRANET}, 4); return COM.S_OK; - self-host, any prompters anywhere?
(In reply to comment #24) > Thanks for your responsiveness to all of these requests. Here are two last > ones (hopefully :) ). > > 1. > - replace class IE with its HEAD content > - self-host, then in the self-hosted workspace invoke Window > Show View > > Other... > - select General - Internal Web Browser, OK > - in this view navigate to http://www.eclipse.org, any prompter? Nope. (I'm not sure if there was a prompter here before, though.) > > 2. > - change the implementation of method WebSite.MapUrlToZone(...) to just be: > > COM.MoveMemory(pdwZone, new int[] {IE.URLZONE_INTRANET}, 4); > return COM.S_OK; > > - self-host, any prompters anywhere? The one when launching Help > Contents is gone (yay!), but there's still the script-related one when closing the Help > Welcome page.
A search on "The current web page is trying to open a site" finds various hits that all advise that these prompters can be bypassed by changing the setting at Tools > Internet Options... > Security > pick a zone > Custom Level... > Miscellaneous category > "Websites in less priviledged web content zone can navigate into this zone". In my IE6 I don't have this option available, but I'm on Windows 2000. Assuming you're on XP, you may have this option. If you do, does changing it to Enable for each of the zones help? This isn't to imply that this is the "fix", this is just to try to understand what's happening a bit better.
Well, that's the most irritating part about this issue. I did the same searches before logging the bug and tried some things, none of which worked. For the Intranet zone, the value of that setting is "Prompt". I can change those settings to "Enable" all I want, but when I go back, they've been reset to "Prompt" again. I suspect the IT department have configured our Symantec Endpoint Protection installations to "safeguard" me by changing this option back. Thus, I'm not sure if the setting is ever applied so I can test whether it affects anything. :/
Created attachment 168169 [details] patch Ok, I've been able to change the configuration on an available newer machine here to show the problems in and around the Welcome page, including its links not working. Your machines have tighter-than-usual zone elevation restrictions in place, and these combined with the IE settings that you cannot change are triggering the situation. The only scenario that I couldn't reproduce was the showing of the prompter when invoking the Help contents. Here is a patch that I will get reviewed for inclusion in 3.6RC1. It fixes the issues around the Welcome page, and similar cases that you may not have been aware of (eg.- clicking a link in a javadoc view was failing similarly). It may or may not fix the Help contents case. Ed can you: - revert your IE and WebSite classes to their HEAD content - apply this patch, then self-host - confirm that Welcome page is now working, links work, no prompters - Help > Help Contents (?)
Very very close :) The Welcome page works a lot better (i.e., at all ;) now. And Javadoc links work too. I do still get a prompter from Help > Contents, whether I launch directly from the menu or via a hyperlink in the welcome content (e.g. "What's New > Migration from the previous release"). (It's weird, after I first applied the patch, self-hosted, and went to Help > Contents, I got no prompters. But after restarting that instance, now I see them as I did before. Sigh.)
The Help Contents case is now in bug 312701.
fixed > 20100512
Thanks for the quick fix -- the current behavior from HEAD is quite satisfactory compared to before :)
Comment on attachment 165966 [details] one of the dialogs No problem, and thanks for your responsiveness throughout the process. The Help Contents case will be investigated, but not for 3.6RC1.
Comment on attachment 165967 [details] another dialog (second one when seeing help > contents) (clearing the iplog- flags from the images to keep the lawyers away)