Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(891)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/escape.h

Issue 1704163003: FileURLToFilePath: Don't unescape '/' and '\\'. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Made comment less scary Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/base/escape.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/escape.h
diff --git a/net/base/escape.h b/net/base/escape.h
index c31dcf9aa2250899e76da977b168a9aafc82c596..759631ae3e8fc048401d77b840d702540765f1e0 100644
--- a/net/base/escape.h
+++ b/net/base/escape.h
@@ -78,20 +78,36 @@ class UnescapeRule {
// just the absence of them). All other unescape rules imply "normal" in
// addition to their special meaning. Things like escaped letters, digits,
// and most symbols will get unescaped with this mode.
- NORMAL = 1,
+ NORMAL = 1 << 0,
// Convert %20 to spaces. In some places where we're showing URLs, we may
// want this. In places where the URL may be copied and pasted out, then
// you wouldn't want this since it might not be interpreted in one piece
// by other applications.
- SPACES = 2,
+ SPACES = 1 << 1,
+
+ // Unescapes '/' and '\\'. If these characters were unescaped, the resulting
+ // URL won't be the same as the source one. Moreover, they are dangerous to
+ // unescape in strings that will be used as file paths or names. This value
+ // should only be used when slashes don't have special meaning, like data
+ // URLs.
+ PATH_SEPARATORS = 1 << 2,
// Unescapes various characters that will change the meaning of URLs,
- // including '%', '+', '&', '/', '#'. If we unescaped these characters, the
- // resulting URL won't be the same as the source one. This flag is used when
- // generating final output like filenames for URLs where we won't be
- // interpreting as a URL and want to do as much unescaping as possible.
- URL_SPECIAL_CHARS = 4,
+ // including '%', '+', '&', '#'. Does not unescape path separators.
+ // If these characters were unescaped, the resulting URL won't be the same
+ // as the source one. This flag is used when generating final output like
+ // filenames for URLs where we won't be interpreting as a URL and want to do
+ // as much unescaping as possible.
+ URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS = 1 << 3,
+
+ // A combination of URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS and
+ // PATH_SEPARATORS. Warning about the use of PATH_SEPARATORS also apply
+ // here.
+ // TODO(mmenke): Audit all uses of this and replace with the above values,
+ // as needed.
+ URL_SPECIAL_CHARS =
+ PATH_SEPARATORS | URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS,
// Unescapes characters that can be used in spoofing attempts (such as LOCK)
// and control characters (such as BiDi control characters and %01). This
@@ -100,10 +116,10 @@ class UnescapeRule {
//
// DO NOT use SPOOFING_AND_CONTROL_CHARS if the URL is going to be displayed
// in the UI for security reasons.
- SPOOFING_AND_CONTROL_CHARS = 8,
+ SPOOFING_AND_CONTROL_CHARS = 1 << 4,
// URL queries use "+" for space. This flag controls that replacement.
- REPLACE_PLUS_WITH_SPACE = 16,
+ REPLACE_PLUS_WITH_SPACE = 1 << 5,
};
};
« no previous file with comments | « no previous file | net/base/escape.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698