Index: net/proxy/proxy_service.cc |
diff --git a/net/proxy/proxy_service.cc b/net/proxy/proxy_service.cc |
index 5373a34a9ce73c52baf3ae719abcebbc94358388..e6468ddb49a5af20f231286d74d26f8dc78c06ed 100644 |
--- a/net/proxy/proxy_service.cc |
+++ b/net/proxy/proxy_service.cc |
@@ -937,7 +937,8 @@ ProxyService::ProxyService( |
net_log_(net_log), |
stall_proxy_auto_config_delay_( |
TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), |
- quick_check_enabled_(true) { |
+ quick_check_enabled_(true), |
+ sanitize_url_policy_(SanitizeUrlPolicy::SAFE) { |
NetworkChangeNotifier::AddIPAddressObserver(this); |
NetworkChangeNotifier::AddDNSObserver(this); |
ResetConfigService(std::move(config_service)); |
@@ -1050,9 +1051,11 @@ int ProxyService::ResolveProxyHelper(const GURL& raw_url, |
if (current_state_ == STATE_NONE) |
ApplyProxyConfigIfAvailable(); |
- // Strip away any reference fragments and the username/password, as they |
- // are not relevant to proxy resolution. |
- GURL url = SimplifyUrlForRequest(raw_url); |
+ // Sanitize the URL before passing it on to the proxy resolver (i.e. PAC |
+ // script). The goal is to remove sensitive data (like embedded user names |
+ // and password), and local data (i.e. reference fragment) which does not need |
+ // to be disclosed to the resolver. |
+ GURL url = SanitizeUrl(raw_url, sanitize_url_policy_); |
// Check if the request can be completed right away. (This is the case when |
// using a direct connection for example). |
@@ -1559,6 +1562,21 @@ ProxyService::CreateDefaultPacPollPolicy() { |
return std::unique_ptr<PacPollPolicy>(new DefaultPollPolicy()); |
} |
+GURL ProxyService::SanitizeUrl(const GURL& url, SanitizeUrlPolicy policy) { |
+ DCHECK(url.is_valid()); |
mmenke
2016/05/20 17:40:23
optional: Suggest a blank line between input sani
eroman
2016/05/20 21:23:53
Done.
|
+ GURL::Replacements replacements; |
+ replacements.ClearUsername(); |
+ replacements.ClearPassword(); |
+ replacements.ClearRef(); |
+ |
+ if (policy == SanitizeUrlPolicy::SAFE && url.SchemeIsCryptographic()) { |
+ replacements.ClearPath(); |
+ replacements.ClearQuery(); |
+ } |
+ |
+ return url.ReplaceComponents(replacements); |
+} |
+ |
void ProxyService::OnProxyConfigChanged( |
const ProxyConfig& config, |
ProxyConfigService::ConfigAvailability availability) { |