diff options
| author | Moonchild <moonchild@palemoon.org> | 2020-07-09 13:01:36 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2020-07-10 18:32:35 +0000 |
| commit | 5e2b3d1d8979c2bda01fa336a0c0548f3457a084 (patch) | |
| tree | 66ef89476a51ec651c96c63cfd60b638ab860102 /uriloader | |
| parent | 0c5a41e89412fb441318327157abc75c670898d5 (diff) | |
| download | UXP-5e2b3d1d8979c2bda01fa336a0c0548f3457a084.tar UXP-5e2b3d1d8979c2bda01fa336a0c0548f3457a084.tar.gz UXP-5e2b3d1d8979c2bda01fa336a0c0548f3457a084.tar.lz UXP-5e2b3d1d8979c2bda01fa336a0c0548f3457a084.tar.xz UXP-5e2b3d1d8979c2bda01fa336a0c0548f3457a084.zip | |
[AppCache] Add check for disallowed encoded path separators
Diffstat (limited to 'uriloader')
| -rw-r--r-- | uriloader/prefetch/nsOfflineCacheUpdate.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/uriloader/prefetch/nsOfflineCacheUpdate.cpp b/uriloader/prefetch/nsOfflineCacheUpdate.cpp index 4b6cd4d0c..8a4183429 100644 --- a/uriloader/prefetch/nsOfflineCacheUpdate.cpp +++ b/uriloader/prefetch/nsOfflineCacheUpdate.cpp @@ -948,6 +948,14 @@ nsOfflineManifestItem::HandleManifestLine(const nsCString::const_iterator &aBegi mStrictFileOriginPolicy)) break; + // Check fallback path for disallowed encoded path separators
+ nsAutoCString path;
+ fallbackURI->GetFilePath(path);
+ if (path.Find("%2f") != kNotFound || path.Find("%2F") != kNotFound) {
+ LogToConsole("Offline cache manifest bad fallback path", this);
+ break;
+ }
+ mFallbackURIs.AppendObject(fallbackURI); AddNamespace(nsIApplicationCacheNamespace::NAMESPACE_FALLBACK, |