Index: Source/platform/weborigin/SecurityOrigin.cpp |
diff --git a/Source/platform/weborigin/SecurityOrigin.cpp b/Source/platform/weborigin/SecurityOrigin.cpp |
index c979d83d7b2bf463fa237768070d6e553b813264..5404ee5b95b9f9c665feeef3e0c11f9bb9e494a1 100644 |
--- a/Source/platform/weborigin/SecurityOrigin.cpp |
+++ b/Source/platform/weborigin/SecurityOrigin.cpp |
@@ -97,19 +97,24 @@ static bool shouldTreatAsUniqueOrigin(const KURL& url) |
return true; |
// FIXME: Do we need to unwrap the URL further? |
- KURL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url; |
- |
- // FIXME: Check whether innerURL is valid. |
+ KURL relevantURL; |
+ if (SecurityOrigin::shouldUseInnerURL(url)) { |
+ relevantURL = SecurityOrigin::extractInnerURL(url); |
+ if (!relevantURL.isValid()) |
+ return true; |
+ } else { |
+ relevantURL = url; |
+ } |
// For edge case URLs that were probably misparsed, make sure that the origin is unique. |
// FIXME: Do we really need to do this? This looks to be a hack around a |
// security bug in CFNetwork that might have been fixed. |
- if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty()) |
+ if (schemeRequiresAuthority(relevantURL) && relevantURL.host().isEmpty()) |
sof
2015/08/25 13:39:52
If relevantURL is now checked for validity, is thi
michaeln
2015/08/25 22:47:42
hmmm... good question... i'm not sure?
|
return true; |
// SchemeRegistry needs a lower case protocol because it uses HashMaps |
// that assume the scheme has already been canonicalized. |
- String protocol = innerURL.protocol().lower(); |
+ String protocol = relevantURL.protocol().lower(); |
if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol)) |
return true; |