Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(487)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/web_request/form_data_parser.cc

Issue 1180393003: Added characters that look like padlocks to URL unescaping blacklist. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rename NON_DISPLAY_CHARS to SPOOFING_AND_CONTROL_CHARS. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/web_contents/web_drag_source_mac.mm ('k') | net/base/data_url.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/web_request/form_data_parser.h" 5 #include "extensions/browser/api/web_request/form_data_parser.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/lazy_instance.h" 9 #include "base/lazy_instance.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after
343 case ERROR_CHOICE: 343 case ERROR_CHOICE:
344 return scoped_ptr<FormDataParser>(); 344 return scoped_ptr<FormDataParser>();
345 } 345 }
346 NOTREACHED(); // Some compilers do not believe this is unreachable. 346 NOTREACHED(); // Some compilers do not believe this is unreachable.
347 return scoped_ptr<FormDataParser>(); 347 return scoped_ptr<FormDataParser>();
348 } 348 }
349 349
350 FormDataParser::FormDataParser() {} 350 FormDataParser::FormDataParser() {}
351 351
352 const net::UnescapeRule::Type FormDataParserUrlEncoded::unescape_rules_ = 352 const net::UnescapeRule::Type FormDataParserUrlEncoded::unescape_rules_ =
353 net::UnescapeRule::URL_SPECIAL_CHARS | net::UnescapeRule::CONTROL_CHARS | 353 net::UnescapeRule::URL_SPECIAL_CHARS |
354 net::UnescapeRule::SPACES | net::UnescapeRule::REPLACE_PLUS_WITH_SPACE; 354 net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS | net::UnescapeRule::SPACES |
355 net::UnescapeRule::REPLACE_PLUS_WITH_SPACE;
355 356
356 FormDataParserUrlEncoded::FormDataParserUrlEncoded() 357 FormDataParserUrlEncoded::FormDataParserUrlEncoded()
357 : source_(NULL), 358 : source_(NULL),
358 source_set_(false), 359 source_set_(false),
359 source_malformed_(false), 360 source_malformed_(false),
360 arg_name_(&name_), 361 arg_name_(&name_),
361 arg_value_(&value_), 362 arg_value_(&value_),
362 patterns_(g_patterns.Pointer()) { 363 patterns_(g_patterns.Pointer()) {
363 args_[0] = &arg_name_; 364 args_[0] = &arg_name_;
364 args_[1] = &arg_value_; 365 args_[1] = &arg_value_;
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after
509 // dash-boundary. 510 // dash-boundary.
510 bool return_value; 511 bool return_value;
511 if (value_assigned && source_.empty()) { // Wait for a new source? 512 if (value_assigned && source_.empty()) { // Wait for a new source?
512 return_value = true; 513 return_value = true;
513 state_ = STATE_SUSPEND; 514 state_ = STATE_SUSPEND;
514 } else { 515 } else {
515 return_value = FinishReadingPart(value_assigned ? NULL : &value); 516 return_value = FinishReadingPart(value_assigned ? NULL : &value);
516 } 517 }
517 518
518 std::string unescaped_name = net::UnescapeURLComponent( 519 std::string unescaped_name = net::UnescapeURLComponent(
519 name.as_string(), 520 name.as_string(), net::UnescapeRule::URL_SPECIAL_CHARS |
520 net::UnescapeRule::URL_SPECIAL_CHARS | net::UnescapeRule::CONTROL_CHARS); 521 net::UnescapeRule::SPOOFING_AND_CONTROL_CHARS);
521 result->set_name(unescaped_name); 522 result->set_name(unescaped_name);
522 result->set_value(value); 523 result->set_value(value);
523 524
524 return return_value; 525 return return_value;
525 } 526 }
526 527
527 bool FormDataParserMultipart::SetSource(base::StringPiece source) { 528 bool FormDataParserMultipart::SetSource(base::StringPiece source) {
528 if (source.data() == NULL || !source_.empty()) 529 if (source.data() == NULL || !source_.empty())
529 return false; 530 return false;
530 source_.set(source.data(), source.size()); 531 source_.set(source.data(), source.size());
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 if (value_pattern().Match(header, 587 if (value_pattern().Match(header,
587 kContentDispositionLength, header.size(), 588 kContentDispositionLength, header.size(),
588 RE2::UNANCHORED, groups, 2)) { 589 RE2::UNANCHORED, groups, 2)) {
589 value->set(groups[1].data(), groups[1].size()); 590 value->set(groups[1].data(), groups[1].size());
590 *value_assigned = true; 591 *value_assigned = true;
591 } 592 }
592 return true; 593 return true;
593 } 594 }
594 595
595 } // namespace extensions 596 } // namespace extensions
OLDNEW
« no previous file with comments | « content/browser/web_contents/web_drag_source_mac.mm ('k') | net/base/data_url.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698