Chromium Code Reviews Chromium Code Reviews
Issue 1260003003:
Move Service Worker %2f validation logic from browser into Blink (2) (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| Index: Source/modules/serviceworkers/ServiceWorkerContainer.cpp |
| diff --git a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp |
| index cbb117f1608a182fa1b5eb6f6cb283d14054f27d..191613a41f1b138229370d689124e77ae0b53bea 100644 |
| --- a/Source/modules/serviceworkers/ServiceWorkerContainer.cpp |
| +++ b/Source/modules/serviceworkers/ServiceWorkerContainer.cpp |
| @@ -35,6 +35,7 @@ |
| #include "bindings/core/v8/ScriptState.h" |
| #include "bindings/core/v8/SerializedScriptValue.h" |
| #include "bindings/core/v8/SerializedScriptValueFactory.h" |
| +#include "bindings/core/v8/V8ThrowException.h" |
| #include "core/dom/DOMException.h" |
| #include "core/dom/Document.h" |
| #include "core/dom/ExceptionCode.h" |
| @@ -246,6 +247,15 @@ ScriptPromise ServiceWorkerContainer::registerServiceWorker(ScriptState* scriptS |
| return promise; |
| } |
| + WTF::String path = scriptURL.path(); |
| + WTF::String scopePath = patternURL.path(); |
| + if (path.findIgnoringCase("%2f") != WTF::kNotFound || path.findIgnoringCase("%5c") != WTF::kNotFound || scopePath.findIgnoringCase("%2f") != WTF::kNotFound || scopePath.findIgnoringCase("%5c") != WTF::kNotFound) { |
|
nhiroki
2015/07/28 07:04:36
To dedup code, how about providing path check func
|
| + resolver->reject(V8ThrowException::createTypeError( |
| + scriptState->isolate(), |
| + "Failed to register a ServiceWorker: The provided scope ('" + patternURL.string() + "') or scriptURL ('" + scriptURL.string() + "') includes a disallowed escape character.")); |
|
nhiroki
2015/07/28 07:04:36
In blink, you don't have to wrap at 80-column.
|
| + return promise; |
| + } |
| + |
| m_provider->registerServiceWorker(patternURL, scriptURL, new RegistrationCallback(resolver)); |
| return promise; |
