diff options
| -rw-r--r-- | src/core/renderer/user_resource_controller.cpp | 9 | ||||
| -rw-r--r-- | src/core/user_script.cpp | 11 | ||||
| -rw-r--r-- | src/core/user_script.h | 2 | ||||
| -rw-r--r-- | tests/auto/quick/qmltests/data/script-with-bad-match-metadata.js | 9 | ||||
| -rw-r--r-- | tests/auto/quick/qmltests/data/tst_userScripts.qml | 17 |
5 files changed, 34 insertions, 14 deletions
diff --git a/src/core/renderer/user_resource_controller.cpp b/src/core/renderer/user_resource_controller.cpp index 09451b83e..860f94a52 100644 --- a/src/core/renderer/user_resource_controller.cpp +++ b/src/core/renderer/user_resource_controller.cpp @@ -67,6 +67,11 @@ static content::RenderView * const globalScriptsIndex = 0; // Scripts meant to run after the load event will be run 500ms after DOMContentLoaded if the load event doesn't come within that delay. static const int afterLoadTimeout = 500; +static int validUserScriptSchemes() +{ + return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE; +} + static bool regexMatchesURL(const std::string &pat, const GURL &url) { QRegularExpression qre(QtWebEngineCore::toQt(pat)); qre.setPatternOptions(QRegularExpression::CaseInsensitiveOption); @@ -95,8 +100,8 @@ static bool scriptMatchesURL(const UserScriptData &scriptData, const GURL &url) if (!scriptData.urlPatterns.empty()) { matchFound = false; for (auto it = scriptData.urlPatterns.begin(), end = scriptData.urlPatterns.end(); it != end; ++it) { - URLPattern urlPattern(QtWebEngineCore::UserScript::validUserScriptSchemes(), *it); - if (urlPattern.MatchesURL(url)) + URLPattern urlPattern(validUserScriptSchemes()); + if (urlPattern.Parse(*it) == URLPattern::PARSE_SUCCESS && urlPattern.MatchesURL(url)) matchFound = true; } if (!matchFound) diff --git a/src/core/user_script.cpp b/src/core/user_script.cpp index 9b9d66d55..bdd6524ca 100644 --- a/src/core/user_script.cpp +++ b/src/core/user_script.cpp @@ -38,7 +38,6 @@ ****************************************************************************/ #include "common/user_script_data.h" -#include "extensions/common/url_pattern.h" #include "user_script.h" #include "type_conversion.h" @@ -66,11 +65,6 @@ bool GetDeclarationValue(const base::StringPiece& line, namespace QtWebEngineCore { -int UserScript::validUserScriptSchemes() -{ - return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE; -} - ASSERT_ENUMS_MATCH(UserScript::AfterLoad, UserScriptData::AfterLoad) ASSERT_ENUMS_MATCH(UserScript::DocumentLoadFinished, UserScriptData::DocumentLoadFinished) ASSERT_ENUMS_MATCH(UserScript::DocumentElementCreation, UserScriptData::DocumentElementCreation) @@ -222,8 +216,6 @@ void UserScript::parseMetadataHeader() // support @noframes rule, we have to change the current default behavior. // static const base::StringPiece kNoFramesDeclaration("// @noframes"); - static URLPattern urlPatternParser(validUserScriptSchemes()); - while (line_start < script_text.length()) { line_end = script_text.find('\n', line_start); @@ -260,8 +252,7 @@ void UserScript::parseMetadataHeader() } scriptData->excludeGlobs.push_back(value); } else if (GetDeclarationValue(line, kMatchDeclaration, &value)) { - if (URLPattern::PARSE_SUCCESS == urlPatternParser.Parse(value)) - scriptData->urlPatterns.push_back(value); + scriptData->urlPatterns.push_back(value); } else if (GetDeclarationValue(line, kRunAtDeclaration, &value)) { if (value == kRunAtDocumentStartValue) scriptData->injectionPoint = DocumentElementCreation; diff --git a/src/core/user_script.h b/src/core/user_script.h index e44efd3e9..93cde9aa6 100644 --- a/src/core/user_script.h +++ b/src/core/user_script.h @@ -85,8 +85,6 @@ public: bool operator==(const UserScript &) const; - static int validUserScriptSchemes(); - private: void initData(); UserScriptData &data() const; diff --git a/tests/auto/quick/qmltests/data/script-with-bad-match-metadata.js b/tests/auto/quick/qmltests/data/script-with-bad-match-metadata.js new file mode 100644 index 000000000..c9a811e5c --- /dev/null +++ b/tests/auto/quick/qmltests/data/script-with-bad-match-metadata.js @@ -0,0 +1,9 @@ +// ==UserScript== +// @name Test bad match script +// @homepageURL http://www.qt.io/ +// @description Test script with metadata block with an invalid match directive +// @match some:junk +// @run-at document-end +// ==/UserScript== + +document.title = "New title for some:junk"; diff --git a/tests/auto/quick/qmltests/data/tst_userScripts.qml b/tests/auto/quick/qmltests/data/tst_userScripts.qml index d7c7d5983..f4fcc30ab 100644 --- a/tests/auto/quick/qmltests/data/tst_userScripts.qml +++ b/tests/auto/quick/qmltests/data/tst_userScripts.qml @@ -54,6 +54,11 @@ Item { sourceUrl: Qt.resolvedUrl("script-with-metadata.js") } + WebEngineScript { + id: scriptWithBadMatchMetadata + sourceUrl: Qt.resolvedUrl("script-with-bad-match-metadata.js") + } + TestWebEngineView { id: webEngineView width: 400 @@ -191,6 +196,18 @@ Item { tryCompare(webEngineView, "title", "Test page with huge link area and iframe"); } + function test_dontInjectBadUrlPatternsEverywhere() { + compare(scriptWithBadMatchMetadata.name, "Test bad match script"); + compare(scriptWithBadMatchMetadata.injectionPoint, WebEngineScript.DocumentReady); + + webEngineView.userScripts = [ scriptWithBadMatchMetadata ]; + + // @match some:junk + webEngineView.url = Qt.resolvedUrl("test2.html"); + webEngineView.waitForLoadSucceeded(); + tryCompare(webEngineView, "title", "Test page with huge link area"); + } + function test_profileWideScript() { webEngineView.profile.userScripts = [ changeDocumentTitleScript ]; |