diff options
author | Moonchild <moonchild@palemoon.org> | 2020-07-09 13:01:36 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-07-09 13:01:36 +0000 |
commit | 1409983d2d8bbae86e573e072fdc115f0762e74d (patch) | |
tree | c552b1d48c7727e1874aa4154e4d0fabdc8df07d /uriloader | |
parent | 64be1dc3291b4335f4496a9f57c856c5c192947d (diff) | |
download | UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.gz UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.lz UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.tar.xz UXP-1409983d2d8bbae86e573e072fdc115f0762e74d.zip |
[AppCache] Add check for disallowed encoded path separators
Diffstat (limited to 'uriloader')
-rw-r--r-- | uriloader/prefetch/nsOfflineCacheUpdate.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/uriloader/prefetch/nsOfflineCacheUpdate.cpp b/uriloader/prefetch/nsOfflineCacheUpdate.cpp index 4b6cd4d0c..8a4183429 100644 --- a/uriloader/prefetch/nsOfflineCacheUpdate.cpp +++ b/uriloader/prefetch/nsOfflineCacheUpdate.cpp @@ -948,6 +948,14 @@ nsOfflineManifestItem::HandleManifestLine(const nsCString::const_iterator &aBegi mStrictFileOriginPolicy)) break; + // Check fallback path for disallowed encoded path separators
+ nsAutoCString path;
+ fallbackURI->GetFilePath(path);
+ if (path.Find("%2f") != kNotFound || path.Find("%2F") != kNotFound) {
+ LogToConsole("Offline cache manifest bad fallback path", this);
+ break;
+ }
+ mFallbackURIs.AppendObject(fallbackURI); AddNamespace(nsIApplicationCacheNamespace::NAMESPACE_FALLBACK, |