summaryrefslogtreecommitdiffstats
path: root/storage/common
diff options
context:
space:
mode:
authormgiuca <mgiuca@chromium.org>2015-06-23 20:59:47 -0700
committerCommit bot <commit-bot@chromium.org>2015-06-24 04:00:16 +0000
commit7c2cbc445a81424c7df48ebe61ec4d0dcadd5dff (patch)
tree642631bd7e3f95b16804d92a99f55ee3321d8aab /storage/common
parent1d40cc1e1c6dc12d350bf0da668f2ddcac4f5976 (diff)
downloadchromium_src-7c2cbc445a81424c7df48ebe61ec4d0dcadd5dff.zip
chromium_src-7c2cbc445a81424c7df48ebe61ec4d0dcadd5dff.tar.gz
chromium_src-7c2cbc445a81424c7df48ebe61ec4d0dcadd5dff.tar.bz2
Added characters that look like padlocks to URL unescaping blacklist.
This blacklists the following Unicode characters: - U+1F50F LOCK WITH INK PEN - U+1F510 CLOSED LOCK WITH KEY - U+1F512 LOCK - U+1F513 OPEN LOCK This prevents LOCK characters from appearing in a URL in the Chrome UI, potentially looking like an SSL padlock icon (e.g., "google.com/🔒" is now displayed as "google.com/%F0%9F%94%92"). This presented a spoofing risk due to a few complications: 1. In RTL mode, the end of the URL (path/query) is aligned right up against the right edge of the Omnibox, where the SSL padlock is usually displayed. 2. On Mac, ChromeOS, and Android, LOCK characters are displayed in colour, making them more convincing. Note: These characters will still be unescaped when using the SPOOFING_AND_CONTROL_CHARS unescape rule (used for decoding data URLs, previously known as CONTROL_CHARS). BUG=495934,421332 TBR=jam@chromium.org Review URL: https://codereview.chromium.org/1180393003 Cr-Commit-Position: refs/heads/master@{#335870}
Diffstat (limited to 'storage/common')
-rw-r--r--storage/common/fileapi/file_system_util.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/storage/common/fileapi/file_system_util.cc b/storage/common/fileapi/file_system_util.cc
index f67c864..98b6cc8 100644
--- a/storage/common/fileapi/file_system_util.cc
+++ b/storage/common/fileapi/file_system_util.cc
@@ -182,7 +182,7 @@ bool ParseFileSystemSchemeURL(const GURL& url,
std::string path = net::UnescapeURLComponent(url.path(),
net::UnescapeRule::SPACES | net::UnescapeRule::URL_SPECIAL_CHARS |
- net::UnescapeRule::CONTROL_CHARS);
+ net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS);
// Ensure the path is relative.
while (!path.empty() && path[0] == '/')