diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-06-03 17:04:14 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-06-10 08:26:26 +0000 |
| commit | 3a4c9ba6936ec8b11a97ea0b3c684b3002f01a12 (patch) | |
| tree | f707b176b3e35b4138c4db3ea59bfb0825bd99ae | |
| parent | 0547533a515c4a1641f51800fd771c65b255e04b (diff) | |
| download | qtwebengine-chromium-3a4c9ba6936ec8b11a97ea0b3c684b3002f01a12.tar.gz | |
FIXUP: Fix url_utils for QtWebEngine
Allow redirects from local schemes to local schemes, and clean up
the general logic. We still allow almost anything from custom url
schemes.
Pick-to: 94-based 90-based 87-based
Fixes: QTBUG-99207
Change-Id: I7d1b7edc91f82064edbf6c1a41682d5874b42d12
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/content/public/common/url_utils.cc | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/chromium/content/public/common/url_utils.cc b/chromium/content/public/common/url_utils.cc index 4156854f3f9..99d10344dfd 100644 --- a/chromium/content/public/common/url_utils.cc +++ b/chromium/content/public/common/url_utils.cc @@ -8,6 +8,7 @@ #include <string> #include "base/check_op.h" +#include "base/containers/contains.h" #include "base/containers/fixed_flat_set.h" #include "base/feature_list.h" #include "base/strings/string_piece.h" @@ -18,6 +19,7 @@ #include "third_party/blink/public/common/chrome_debug_urls.h" #include "url/gurl.h" #include "url/url_util.h" +#include "url/url_util_qt.h" namespace content { @@ -67,7 +69,7 @@ bool IsURLHandledByNetworkStack(const GURL& url) { bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { static const auto kUnsafeSchemes = base::MakeFixedFlatSet<base::StringPiece>({ - url::kAboutScheme, url::kFileScheme, + url::kAboutScheme, url::kJavaScriptScheme, url::kBlobScheme, #if !defined(CHROMECAST_BUILD) url::kDataScheme, @@ -76,6 +78,17 @@ bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { url::kContentScheme, #endif }); + if (from_url.is_empty()) + return false; + if (base::Contains(url::GetLocalSchemes(), to_url.scheme_piece())) { +#if defined(TOOLKIT_QT) + if (auto *cs = url::CustomScheme::FindScheme(from_url.scheme_piece())) { + if (cs->flags & (url::CustomScheme::Local | url::CustomScheme::LocalAccessAllowed)) + return true; + } +#endif + return base::Contains(url::GetLocalSchemes(), from_url.scheme_piece()); + } #if defined(TOOLKIT_QT) if (from_url.IsCustom()) return true; @@ -84,13 +97,6 @@ bool IsSafeRedirectTarget(const GURL& from_url, const GURL& to_url) { return false; if (kUnsafeSchemes.contains(to_url.scheme_piece())) return false; - if (from_url.is_empty()) - return false; - for (const auto& local_scheme : url::GetLocalSchemes()) { - if (to_url.SchemeIs(local_scheme)) { - return from_url.SchemeIs(local_scheme); - } - } if (to_url.SchemeIsFileSystem()) return from_url.SchemeIsFileSystem(); return true; |