Merge to 2564 "[DevTools] Whitelist remoteBase and loadNetworkResource schemes."

> [DevTools] Whitelist remoteBase and loadNetworkResource schemes. > > BUG=571121 > > Review URL: https://codereview.chromium.org/1586903002 > > Cr-Commit-Position: refs/heads/master@{#369327} TBR=pfeldman (cherry picked from commit e8ecfb59d4f906e0ab40b6046406b8af1366cb10) Review URL: https://codereview.chromium.org/1619743004 . Cr-Commit-Position: refs/branch-heads/2564@{#601} Cr-Branched-From: 1283eca15bd9f772387f75241576cde7bdec7f54-refs/heads/master@{#359700}
author: Dmitry Gozman <dgozman@chromium.org> 2016-01-21 13:47:00 -0800
committer: Dmitry Gozman <dgozman@chromium.org> 2016-01-21 21:49:52 +0000
commit: 8de9add52c3d869f582acf0a3ca212f0402a7978 (patch)
tree: 705c212fd7d6122c2d34c3efc2995d8b45ef2bd9
parent: c7e9214e992eaa2695ad57bf48c6dee67e9b5baa (diff)
download: chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.zip
chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.tar.gz
chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.tar.bz2
2 files changed, 9 insertions, 1 deletions
diff --git a/chrome/browser/devtools/devtools_ui_bindings.cc b/chrome/browser/devtools/devtools_ui_bindings.cc
index ce151fb..425a045 100644
--- a/chrome/browser/devtools/devtools_ui_bindings.cc
+++ b/chrome/browser/devtools/devtools_ui_bindings.cc
@@ -633,7 +633,10 @@ void DevToolsUIBindings::LoadNetworkResource(const DispatchCallback& callback,
                                              const std::string& headers,
                                              int stream_id) {
   GURL gurl(url);
-  if (!gurl.is_valid()) {
+  bool schemeIsAllowed = gurl.is_valid() &&
+      (gurl.SchemeIs(url::kHttpScheme) || gurl.SchemeIs(url::kHttpsScheme) ||
+       gurl.SchemeIs(url::kDataScheme) || gurl.SchemeIs(url::kFtpScheme));
+  if (!gurl.is_valid() || !schemeIsAllowed) {
     base::DictionaryValue response;
     response.SetInteger("statusCode", 404);
     callback.Run(&response);
diff --git a/third_party/WebKit/Source/devtools/front_end/Runtime.js b/third_party/WebKit/Source/devtools/front_end/Runtime.js
index 9056bd1..01cc904 100644
--- a/third_party/WebKit/Source/devtools/front_end/Runtime.js
+++ b/third_party/WebKit/Source/devtools/front_end/Runtime.js
@@ -1097,6 +1097,11 @@ Runtime.experiments = new Runtime.ExperimentsSupport();
  * @type {?string}
  */
 Runtime._remoteBase = Runtime.queryParam("remoteBase");
+{(function validateRemoteBase()
+{
+    if (Runtime._remoteBase && !Runtime._remoteBase.startsWith("https://chrome-devtools-frontend.appspot.com/"))
+        Runtime._remoteBase = null;
+})();}
 
 /** @type {!Runtime} */
 var runtime;
author	Dmitry Gozman <dgozman@chromium.org>	2016-01-21 13:47:00 -0800
committer	Dmitry Gozman <dgozman@chromium.org>	2016-01-21 21:49:52 +0000
commit	8de9add52c3d869f582acf0a3ca212f0402a7978 (patch)
tree	705c212fd7d6122c2d34c3efc2995d8b45ef2bd9
parent	c7e9214e992eaa2695ad57bf48c6dee67e9b5baa (diff)
download	chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.zip chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.tar.gz chromium_src-8de9add52c3d869f582acf0a3ca212f0402a7978.tar.bz2