diff options
| author | bbudge@google.com <bbudge@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-02 17:57:14 +0000 |
|---|---|---|
| committer | bbudge@google.com <bbudge@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-02 17:57:14 +0000 |
| commit | c1f64e1917a91e5e1cb374bddb957543a1d51513 (patch) | |
| tree | a026c049d99a17b7d6d329bf4480ed38b3cd5649 | |
| parent | 1ca76b51f7b785e9dd99197f855dc8ed11394fc2 (diff) | |
| download | chromium_src-c1f64e1917a91e5e1cb374bddb957543a1d51513.zip chromium_src-c1f64e1917a91e5e1cb374bddb957543a1d51513.tar.gz chromium_src-c1f64e1917a91e5e1cb374bddb957543a1d51513.tar.bz2 | |
Don't allow Pepper URL requests to have Javascript URLs. Modify PPB_URLRequestInfo_Impl::SetStringProperty to reject Javascript URLs.
Review URL: http://codereview.chromium.org/7006004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87629 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/plugins/npapi/webplugin_impl.cc | 4 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppb_url_request_info_impl.cc | 4 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/url_request_info_unittest.cc | 6 |
3 files changed, 13 insertions, 1 deletions
diff --git a/webkit/plugins/npapi/webplugin_impl.cc b/webkit/plugins/npapi/webplugin_impl.cc index 687809f..22a5d9c 100644 --- a/webkit/plugins/npapi/webplugin_impl.cc +++ b/webkit/plugins/npapi/webplugin_impl.cc @@ -11,6 +11,7 @@ #include "base/stringprintf.h" #include "base/utf_string_conversions.h" #include "googleurl/src/gurl.h" +#include "googleurl/src/url_util.h" #include "net/base/escape.h" #include "net/base/net_errors.h" #include "net/http/http_response_headers.h" @@ -1056,7 +1057,8 @@ void WebPluginImpl::HandleURLRequestInternal(const char* url, // case in that the request is a javascript url and the target is "_self", // in which case we route the output to the plugin rather than routing it // to the plugin's frame. - bool is_javascript_url = StartsWithASCII(url, "javascript:", false); + bool is_javascript_url = url_util::FindAndCompareScheme( + url, strlen(url), "javascript", NULL); RoutingStatus routing_status = RouteToFrame( url, is_javascript_url, popups_allowed, method, target, buf, len, notify_id, referrer_flag); diff --git a/webkit/plugins/ppapi/ppb_url_request_info_impl.cc b/webkit/plugins/ppapi/ppb_url_request_info_impl.cc index 90a0ec6..5d8adfa 100644 --- a/webkit/plugins/ppapi/ppb_url_request_info_impl.cc +++ b/webkit/plugins/ppapi/ppb_url_request_info_impl.cc @@ -7,6 +7,7 @@ #include "base/logging.h" #include "base/string_util.h" #include "googleurl/src/gurl.h" +#include "googleurl/src/url_util.h" #include "net/http/http_util.h" #include "ppapi/c/pp_var.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebData.h" @@ -288,6 +289,9 @@ bool PPB_URLRequestInfo_Impl::SetStringProperty(PP_URLRequestProperty property, // TODO(darin): Validate input. Perhaps at a different layer? switch (property) { case PP_URLREQUESTPROPERTY_URL: + // Don't allow Javascript URLs. + if (url_util::FindAndCompareScheme(value, "javascript", NULL)) + return false; url_ = value; // NOTE: This may be a relative URL. return true; case PP_URLREQUESTPROPERTY_METHOD: diff --git a/webkit/plugins/ppapi/url_request_info_unittest.cc b/webkit/plugins/ppapi/url_request_info_unittest.cc index cc56abc..e3af414 100644 --- a/webkit/plugins/ppapi/url_request_info_unittest.cc +++ b/webkit/plugins/ppapi/url_request_info_unittest.cc @@ -194,6 +194,12 @@ TEST_F(URLRequestInfoTest, SetURL) { ASSERT_TRUE(IsExpected(GetURL(), url)); } +TEST_F(URLRequestInfoTest, SetInvalidURL) { + const char* url = "javascript:foo = bar"; + ASSERT_FALSE(info_->SetStringProperty( + PP_URLREQUESTPROPERTY_URL, url)); +} + TEST_F(URLRequestInfoTest, SetMethod) { // Test default method is "GET". ASSERT_TRUE(IsExpected(GetMethod(), "GET")); |