Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/escape.h

Issue 1180393003: Added characters that look like padlocks to URL unescaping blacklist. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rename NON_DISPLAY_CHARS to SPOOFING_AND_CONTROL_CHARS. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/data_url.cc ('k') | net/base/escape.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_ESCAPE_H_ 5 #ifndef NET_BASE_ESCAPE_H_
6 #define NET_BASE_ESCAPE_H_ 6 #define NET_BASE_ESCAPE_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 // by other applications. 85 // by other applications.
86 SPACES = 2, 86 SPACES = 2,
87 87
88 // Unescapes various characters that will change the meaning of URLs, 88 // Unescapes various characters that will change the meaning of URLs,
89 // including '%', '+', '&', '/', '#'. If we unescaped these characters, the 89 // including '%', '+', '&', '/', '#'. If we unescaped these characters, the
90 // resulting URL won't be the same as the source one. This flag is used when 90 // resulting URL won't be the same as the source one. This flag is used when
91 // generating final output like filenames for URLs where we won't be 91 // generating final output like filenames for URLs where we won't be
92 // interpreting as a URL and want to do as much unescaping as possible. 92 // interpreting as a URL and want to do as much unescaping as possible.
93 URL_SPECIAL_CHARS = 4, 93 URL_SPECIAL_CHARS = 4,
94 94
95 // Unescapes control characters such as %01. This INCLUDES NULLs. This is 95 // Unescapes characters that can be used in spoofing attempts (such as LOCK)
96 // used for rare cases such as data: URL decoding where the result is binary 96 // and control characters (such as BiDi control characters and %01). This
97 // data. This flag also unescapes BiDi control characters. 97 // INCLUDES NULLs. This is used for rare cases such as data: URL decoding
98 // where the result is binary data.
98 // 99 //
99 // DO NOT use CONTROL_CHARS if the URL is going to be displayed in the UI 100 // DO NOT use SPOOFING_AND_CONTROL_CHARS if the URL is going to be displayed
100 // for security reasons. 101 // in the UI for security reasons.
101 CONTROL_CHARS = 8, 102 SPOOFING_AND_CONTROL_CHARS = 8,
102 103
103 // URL queries use "+" for space. This flag controls that replacement. 104 // URL queries use "+" for space. This flag controls that replacement.
104 REPLACE_PLUS_WITH_SPACE = 16, 105 REPLACE_PLUS_WITH_SPACE = 16,
105 }; 106 };
106 }; 107 };
107 108
108 // Unescapes |escaped_text| and returns the result. 109 // Unescapes |escaped_text| and returns the result.
109 // Unescaping consists of looking for the exact pattern "%XX", where each X is 110 // Unescaping consists of looking for the exact pattern "%XX", where each X is
110 // a hex digit, and converting to the character with the numerical value of 111 // a hex digit, and converting to the character with the numerical value of
111 // those digits. Thus "i%20=%203%3b" unescapes to "i = 3;". 112 // those digits. Thus "i%20=%203%3b" unescapes to "i = 3;".
(...skipping 23 matching lines...) Expand all
135 UnescapeRule::Type rules, 136 UnescapeRule::Type rules,
136 base::OffsetAdjuster::Adjustments* adjustments); 137 base::OffsetAdjuster::Adjustments* adjustments);
137 138
138 // Unescapes the following ampersand character codes from |text|: 139 // Unescapes the following ampersand character codes from |text|:
139 // &lt; &gt; &amp; &quot; &#39; 140 // &lt; &gt; &amp; &quot; &#39;
140 NET_EXPORT base::string16 UnescapeForHTML(const base::string16& text); 141 NET_EXPORT base::string16 UnescapeForHTML(const base::string16& text);
141 142
142 } // namespace net 143 } // namespace net
143 144
144 #endif // NET_BASE_ESCAPE_H_ 145 #endif // NET_BASE_ESCAPE_H_
OLDNEW
« no previous file with comments | « net/base/data_url.cc ('k') | net/base/escape.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698