diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-06-03 17:04:14 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-06-22 18:23:27 +0000 |
| commit | c643145a35e519c38f89bf1282ecc5c1fdb82ade (patch) | |
| tree | ecd5fd463c9dbf5d1264515245eeb67108fef7b7 | |
| parent | 989a1ef9ff6b90cd349ad3f4f4c0669ad991ca15 (diff) | |
| download | qtwebengine-chromium-c643145a35e519c38f89bf1282ecc5c1fdb82ade.tar.gz | |
FIXUP: Fix url_utils for QtWebEngine
Allow redirects from local schemes to local schemes, and clean up
the general logic. We still allow almost anything from custom url
schemes.
Fixes: QTBUG-99207
Change-Id: I7d1b7edc91f82064edbf6c1a41682d5874b42d12
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 3a4c9ba6936ec8b11a97ea0b3c684b3002f01a12)
| -rw-r--r-- | chromium/content/public/common/url_utils.cc | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/chromium/content/public/common/url_utils.cc b/chromium/content/public/common/url_utils.cc index 5afd2911cf3..8d6bfe584c3 100644 --- a/chromium/content/public/common/url_utils.cc +++ b/chromium/content/public/common/url_utils.cc @@ -8,6 +8,7 @@ #include <string> #include "base/check_op.h" +#include "base/containers/contains.h" #include "base/containers/flat_set.h" #include "base/feature_list.h" #include "base/no_destructor.h" @@ -18,6 +19,7 @@ #include "third_party/blink/public/common/chrome_debug_urls.h" #include "url/gurl.h" #include "url/url_util.h" +#include "url/url_util_qt.h" namespace content { @@ -77,6 +79,17 @@ bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { url::kContentScheme, #endif })); + if (from_url.is_empty()) + return false; + if (base::Contains(url::GetLocalSchemes(), to_url.scheme_piece())) { +#if defined(TOOLKIT_QT) + if (auto *cs = url::CustomScheme::FindScheme(from_url.scheme_piece())) { + if (cs->flags & (url::CustomScheme::Local | url::CustomScheme::LocalAccessAllowed)) + return true; + } +#endif + return base::Contains(url::GetLocalSchemes(), from_url.scheme_piece()); + } #if defined(TOOLKIT_QT) if (from_url.IsCustom()) return true; @@ -85,13 +98,6 @@ bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { return false; if (kUnsafeSchemes->contains(to_url.scheme_piece())) return false; - if (from_url.is_empty()) - return false; - for (const auto& local_scheme : url::GetLocalSchemes()) { - if (to_url.SchemeIs(local_scheme)) { - return from_url.SchemeIs(local_scheme); - } - } if (to_url.SchemeIsFileSystem()) return from_url.SchemeIsFileSystem(); return true; |