diff options
| author | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-03 21:21:35 +0000 |
|---|---|---|
| committer | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-03 21:21:35 +0000 |
| commit | 45172e6e478a359eba9c05bc72dd0b4c241a65c8 (patch) | |
| tree | 00c8a15240c6af03b59710151facdf4bb740c167 /url/url_canon_relative.cc | |
| parent | fc3fe9dc64bc6ebaa3c9767e1eef54142f9fb46a (diff) | |
| download | chromium_src-45172e6e478a359eba9c05bc72dd0b4c241a65c8.zip chromium_src-45172e6e478a359eba9c05bc72dd0b4c241a65c8.tar.gz chromium_src-45172e6e478a359eba9c05bc72dd0b4c241a65c8.tar.bz2 | |
Prevent URLs with invalid schemes from resolving as relative to data: URLs.
There is a missing bit of logic when the scheme is invalid that is
present in the case where the scheme is empty. Either way, we can't
consider this a relative URL if the base scheme isn't heirarchical.
BUG=346132
Review URL: https://codereview.chromium.org/177093008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254565 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'url/url_canon_relative.cc')
| -rw-r--r-- | url/url_canon_relative.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/url/url_canon_relative.cc b/url/url_canon_relative.cc index 33b814c..c210587 100644 --- a/url/url_canon_relative.cc +++ b/url/url_canon_relative.cc @@ -121,6 +121,10 @@ bool DoIsRelativeURL(const char* base, int scheme_end = scheme.end(); for (int i = scheme.begin; i < scheme_end; i++) { if (!CanonicalSchemeChar(url[i])) { + if (!is_base_hierarchical) { + // Don't allow relative URLs if the base scheme doesn't support it. + return false; + } *relative_component = url_parse::MakeRange(begin, url_len); *is_relative = true; return true; |