summaryrefslogtreecommitdiffstats
path: root/uriloader
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2020-07-09 13:01:36 +0000
committerMoonchild <moonchild@palemoon.org>2020-07-09 13:01:36 +0000
commit1409983d2d8bbae86e573e072fdc115f0762e74d (patch)
treec552b1d48c7727e1874aa4154e4d0fabdc8df07d /uriloader
parent64be1dc3291b4335f4496a9f57c856c5c192947d (diff)
downloadUXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar
UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.gz
UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.lz
UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.xz
UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.zip
[AppCache] Add check for disallowed encoded path separators
Diffstat (limited to 'uriloader')
-rw-r--r--uriloader/prefetch/nsOfflineCacheUpdate.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/uriloader/prefetch/nsOfflineCacheUpdate.cpp b/uriloader/prefetch/nsOfflineCacheUpdate.cpp
index 4b6cd4d0c..8a4183429 100644
--- a/uriloader/prefetch/nsOfflineCacheUpdate.cpp
+++ b/uriloader/prefetch/nsOfflineCacheUpdate.cpp
@@ -948,6 +948,14 @@ nsOfflineManifestItem::HandleManifestLine(const nsCString::const_iterator &aBegi
mStrictFileOriginPolicy))
break;
+ // Check fallback path for disallowed encoded path separators
+ nsAutoCString path;
+ fallbackURI->GetFilePath(path);
+ if (path.Find("%2f") != kNotFound || path.Find("%2F") != kNotFound) {
+ LogToConsole("Offline cache manifest bad fallback path", this);
+ break;
+ }
+
mFallbackURIs.AppendObject(fallbackURI);
AddNamespace(nsIApplicationCacheNamespace::NAMESPACE_FALLBACK,