third_party/WebKit/Source/devtools/front_end/devtools.js - Issue 2065823004: [DevTools] Whitelist remoteFrontendUrl and remoteBase params. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(79)

My Issues | Starred Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/devtools/front_end/devtools.js

Issue 2065823004: [DevTools] Whitelist remoteFrontendUrl and remoteBase params. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/devtools/front_end/Runtime.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 /* eslint-disable indent */	5 /* eslint-disable indent */

6 (function(window) {	6 (function(window) {

7	7

8 // DevToolsAPI ----------------------------------------------------------------	8 // DevToolsAPI ----------------------------------------------------------------

9	9

10 /**	10 /**

(...skipping 967 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
978 }	978 }

979	979

980 window.Object.observe = objectObserve;	980 window.Object.observe = objectObserve;

981 }	981 }

982	982

983 /**	983 /**

984 * @suppressGlobalPropertiesCheck	984 * @suppressGlobalPropertiesCheck

985 */	985 */

986 function sanitizeRemoteFrontendUrl()	986 function sanitizeRemoteFrontendUrl()

987 {	987 {

	988 var remoteBaseRegexp = /^https:\/\/chrome-devtools-frontend\.appspot\.com\/s erve_file\/@[0-9a-zA-Z]+\/?$/;
	caseq 2016/06/16 12:51:16 nit: consider extracting a constant. also, perhaps nit: consider extracting a constant. also, perhaps just use [\w] for brevity? dgozman 2016/06/20 19:05:56 These two files cannot share any code. Show quoted text On 2016/06/16 12:51:16, caseq wrote: > nit: consider extracting a constant. also, perhaps just use [\w] for brevity? These two files cannot share any code.
	989 var remoteFrontendUrlRegexp = /^https:\/\/chrome-devtools-frontend\.appspot\ .com\/serve_rev\/@?[0-9a-zA-Z]+\/(devtools\|inspector)\.html$/;

988 var queryParams = location.search;	990 var queryParams = location.search;

989 if (!queryParams)	991 if (!queryParams)

990 return;	992 return;

991 var params = queryParams.substring(1).split("&");	993 var params = queryParams.substring(1).split("&");

992 for (var i = 0; i < params.length; ++i) {	994 for (var i = 0; i < params.length; ++i) {

993 var pair = params[i].split("=");	995 var pair = params[i].split("=");

994 var name = pair.shift();	996 var name = pair.shift();

995 var value = pair.join("=");	997 var value = pair.join("=");

996 if (name === "remoteFrontendUrl" && !value.startsWith("https://chrome-de vtools-frontend.appspot.com/"))	998 if (name === "remoteFrontendUrl" && !remoteFrontendUrlRegexp.test(value) )

	999 location.search = "";

	1000 if (name === "remoteBase" && !remoteBaseRegexp.test(value))

997 location.search = "";	1001 location.search = "";

998 }	1002 }

999 }	1003 }

1000	1004

1001 /**	1005 /**

1002 * @suppressGlobalPropertiesCheck	1006 * @suppressGlobalPropertiesCheck

1003 */	1007 */

1004 function installBackwardsCompatibility()	1008 function installBackwardsCompatibility()

1005 {	1009 {

1006 sanitizeRemoteFrontendUrl();	1010 sanitizeRemoteFrontendUrl();

(...skipping 64 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1071	1075

1072 if (!DOMTokenList.prototype.__originalDOMTokenListToggle) {	1076 if (!DOMTokenList.prototype.__originalDOMTokenListToggle) {

1073 DOMTokenList.prototype.__originalDOMTokenListToggle = DOMTokenList.prototype .toggle;	1077 DOMTokenList.prototype.__originalDOMTokenListToggle = DOMTokenList.prototype .toggle;

1074 DOMTokenList.prototype.toggle = function(token, force)	1078 DOMTokenList.prototype.toggle = function(token, force)

1075 {	1079 {

1076 if (arguments.length === 1)	1080 if (arguments.length === 1)

1077 force = !this.contains(token);	1081 force = !this.contains(token);

1078 return this.__originalDOMTokenListToggle(token, !!force);	1082 return this.__originalDOMTokenListToggle(token, !!force);

1079 }	1083 }

1080 }	1084 }

OLD	NEW

« no previous file with comments | « third_party/WebKit/Source/devtools/front_end/Runtime.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698