Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(206)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/data_url.cc

Issue 1180393003: Added characters that look like padlocks to URL unescaping blacklist. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rename NON_DISPLAY_CHARS to SPOOFING_AND_CONTROL_CHARS. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « extensions/browser/api/web_request/form_data_parser.cc ('k') | net/base/escape.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // NOTE: based loosely on mozilla's nsDataChannel.cpp 5 // NOTE: based loosely on mozilla's nsDataChannel.cpp
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "net/base/data_url.h" 9 #include "net/base/data_url.h"
10 10
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 // spaces now are wrong. People expect to be able to enter them in the URL 92 // spaces now are wrong. People expect to be able to enter them in the URL
93 // bar for text, and it can't hurt, so we allow it.) 93 // bar for text, and it can't hurt, so we allow it.)
94 std::string temp_data = std::string(comma + 1, end); 94 std::string temp_data = std::string(comma + 1, end);
95 95
96 // For base64, we may have url-escaped whitespace which is not part 96 // For base64, we may have url-escaped whitespace which is not part
97 // of the data, and should be stripped. Otherwise, the escaped whitespace 97 // of the data, and should be stripped. Otherwise, the escaped whitespace
98 // could be part of the payload, so don't strip it. 98 // could be part of the payload, so don't strip it.
99 if (base64_encoded) { 99 if (base64_encoded) {
100 temp_data = UnescapeURLComponent(temp_data, 100 temp_data = UnescapeURLComponent(temp_data,
101 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS | 101 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS |
102 UnescapeRule::CONTROL_CHARS); 102 UnescapeRule::SPOOFING_AND_CONTROL_CHARS);
103 } 103 }
104 104
105 // Strip whitespace. 105 // Strip whitespace.
106 if (base64_encoded || !(mime_type->compare(0, 5, "text/") == 0 || 106 if (base64_encoded || !(mime_type->compare(0, 5, "text/") == 0 ||
107 mime_type->find("xml") != std::string::npos)) { 107 mime_type->find("xml") != std::string::npos)) {
108 temp_data.erase(std::remove_if(temp_data.begin(), temp_data.end(), 108 temp_data.erase(std::remove_if(temp_data.begin(), temp_data.end(),
109 IsAsciiWhitespace<wchar_t>), 109 IsAsciiWhitespace<wchar_t>),
110 temp_data.end()); 110 temp_data.end());
111 } 111 }
112 112
113 if (!base64_encoded) { 113 if (!base64_encoded) {
114 temp_data = UnescapeURLComponent(temp_data, 114 temp_data = UnescapeURLComponent(temp_data,
115 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS | 115 UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS |
116 UnescapeRule::CONTROL_CHARS); 116 UnescapeRule::SPOOFING_AND_CONTROL_CHARS);
117 } 117 }
118 118
119 if (base64_encoded) { 119 if (base64_encoded) {
120 size_t length = temp_data.length(); 120 size_t length = temp_data.length();
121 size_t padding_needed = 4 - (length % 4); 121 size_t padding_needed = 4 - (length % 4);
122 // If the input wasn't padded, then we pad it as necessary until we have a 122 // If the input wasn't padded, then we pad it as necessary until we have a
123 // length that is a multiple of 4 as required by our decoder. We don't 123 // length that is a multiple of 4 as required by our decoder. We don't
124 // correct if the input was incorrectly padded. If |padding_needed| == 3, 124 // correct if the input was incorrectly padded. If |padding_needed| == 3,
125 // then the input isn't well formed and decoding will fail with or without 125 // then the input isn't well formed and decoding will fail with or without
126 // padding. 126 // padding.
127 if ((padding_needed == 1 || padding_needed == 2) && 127 if ((padding_needed == 1 || padding_needed == 2) &&
128 temp_data[length - 1] != '=') { 128 temp_data[length - 1] != '=') {
129 temp_data.resize(length + padding_needed, '='); 129 temp_data.resize(length + padding_needed, '=');
130 } 130 }
131 return base::Base64Decode(temp_data, data); 131 return base::Base64Decode(temp_data, data);
132 } 132 }
133 133
134 temp_data.swap(*data); 134 temp_data.swap(*data);
135 return true; 135 return true;
136 } 136 }
137 137
138 } // namespace net 138 } // namespace net
OLDNEW
« no previous file with comments | « extensions/browser/api/web_request/form_data_parser.cc ('k') | net/base/escape.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698