summaryrefslogtreecommitdiffstats
path: root/webkit/appcache/manifest_parser.cc
diff options
context:
space:
mode:
authorinferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-30 23:52:47 +0000
committerinferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-30 23:52:47 +0000
commita51fb7ab1e5867c907ac37e675bdb9ed4f19aa1b (patch)
treed95390a7c55111b9cd74c01647c55065642b1f3c /webkit/appcache/manifest_parser.cc
parent26d2f47eba267fc034ae77d0ca1fefdc7cb86135 (diff)
downloadchromium_src-a51fb7ab1e5867c907ac37e675bdb9ed4f19aa1b.zip
chromium_src-a51fb7ab1e5867c907ac37e675bdb9ed4f19aa1b.tar.gz
chromium_src-a51fb7ab1e5867c907ac37e675bdb9ed4f19aa1b.tar.bz2
Appcache Manifest Parsing Rule. If the manifest's <scheme> is secure, and the resulting absolute URL does not have the same origin as the manifest's URL, then don't process that url.
BUG=31935 TEST=ManifestParserTest.DifferentOriginUrlWithSecureScheme Review URL: http://codereview.chromium.org/1521006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43148 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/appcache/manifest_parser.cc')
-rw-r--r--webkit/appcache/manifest_parser.cc7
1 files changed, 7 insertions, 0 deletions
diff --git a/webkit/appcache/manifest_parser.cc b/webkit/appcache/manifest_parser.cc
index 0f794f6..cbd1c68 100644
--- a/webkit/appcache/manifest_parser.cc
+++ b/webkit/appcache/manifest_parser.cc
@@ -154,6 +154,13 @@ bool ParseManifest(const GURL& manifest_url, const char* data, int length,
continue;
}
+ // If the manifest's scheme is https:, then manifest URL must have same
+ // origin as resulting absolute URL.
+ if (mode == EXPLICIT && manifest_url.SchemeIsSecure() &&
+ manifest_url.GetOrigin() != url.GetOrigin()) {
+ continue;
+ }
+
if (mode == EXPLICIT) {
manifest.explicit_urls.insert(url.spec());
} else {
generated by cgit v1.1 at 2025-01-21 22:08:49 +0000