summaryrefslogtreecommitdiffstats
path: root/dom/security/nsCSPUtils.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-12-22 01:23:56 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-12-22 01:26:49 +0100
commit54091ecab46c93c2e1b2c689e9179a980beaabe6 (patch)
tree5cead66d889007e1b06c5dbb8e3d37b2538d0557 /dom/security/nsCSPUtils.cpp
parentc1013e9122456b342d65e4eb4c38a7281d8d83d2 (diff)
parent492624a7106ecbc18994b465ca1dd23fa472bf7e (diff)
downloadUXP-54091ecab46c93c2e1b2c689e9179a980beaabe6.tar
UXP-54091ecab46c93c2e1b2c689e9179a980beaabe6.tar.gz
UXP-54091ecab46c93c2e1b2c689e9179a980beaabe6.tar.lz
UXP-54091ecab46c93c2e1b2c689e9179a980beaabe6.tar.xz
UXP-54091ecab46c93c2e1b2c689e9179a980beaabe6.zip
Forward to new tree structure.
Diffstat (limited to 'dom/security/nsCSPUtils.cpp')
-rw-r--r--dom/security/nsCSPUtils.cpp32
1 files changed, 18 insertions, 14 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index 71c8e3433..d07ad7945 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -641,13 +641,22 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected
// just a specific scheme, the parser should generate a nsCSPSchemeSource.
NS_ASSERTION((!mHost.IsEmpty()), "host can not be the empty string");
+ // Before we can check if the host matches, we have to
+ // extract the host part from aUri.
+ nsAutoCString uriHost;
+ nsresult rv = aUri->GetAsciiHost(uriHost);
+ NS_ENSURE_SUCCESS(rv, false);
+
+ nsString decodedUriHost;
+ CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriHost), decodedUriHost);
+
// 2) host matching: Enforce a single *
if (mHost.EqualsASCII("*")) {
// The single ASTERISK character (*) does not match a URI's scheme of a type
// designating a globally unique identifier (such as blob:, data:, or filesystem:)
- // At the moment firefox does not support filesystem; but for future compatibility
+ // At the moment UXP does not support "filesystem:" but for future compatibility
// we support it in CSP according to the spec, see: 4.2.2 Matching Source Expressions
- // Note, that whitelisting any of these schemes would call nsCSPSchemeSrc::permits().
+ // Note: whitelisting any of these schemes would call nsCSPSchemeSrc::permits().
bool isBlobScheme =
(NS_SUCCEEDED(aUri->SchemeIs("blob", &isBlobScheme)) && isBlobScheme);
bool isDataScheme =
@@ -658,20 +667,15 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected
if (isBlobScheme || isDataScheme || isFileScheme) {
return false;
}
- return true;
- }
-
- // Before we can check if the host matches, we have to
- // extract the host part from aUri.
- nsAutoCString uriHost;
- nsresult rv = aUri->GetAsciiHost(uriHost);
- NS_ENSURE_SUCCESS(rv, false);
-
- nsString decodedUriHost;
- CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriHost), decodedUriHost);
+ // If no scheme is present there also won't be a port and folder to check
+ // which means we can return early.
+ if (mScheme.IsEmpty()) {
+ return true;
+ }
+ }
// 4.5) host matching: Check if the allowed host starts with a wilcard.
- if (mHost.First() == '*') {
+ else if (mHost.First() == '*') {
NS_ASSERTION(mHost[1] == '.', "Second character needs to be '.' whenever host starts with '*'");
// Eliminate leading "*", but keeping the FULL STOP (.) thereafter before checking