| Index: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| diff --git a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| index 0d317bdbad102559cf8eb1f140562f7d9fb094c0..7f0d8513e892d31ebe5231379c46b17b209acd18 100644
|
| --- a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| +++ b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| @@ -138,6 +138,26 @@ enum HeaderValueCategoryByRFC7230 {
|
| HeaderValueCategoryByRFC7230End
|
| };
|
|
|
| +bool validateOpenArguments(const AtomicString& method, const KURL& url, ExceptionState& exceptionState)
|
| +{
|
| + if (!isValidHTTPToken(method)) {
|
| + exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a valid HTTP method.");
|
| + return false;
|
| + }
|
| +
|
| + if (FetchUtils::isForbiddenMethod(method)) {
|
| + exceptionState.throwSecurityError("'" + method + "' HTTP method is unsupported.");
|
| + return false;
|
| + }
|
| +
|
| + if (!url.isValid()) {
|
| + exceptionState.throwDOMException(SyntaxError, "Invalid URL");
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| } // namespace
|
|
|
| class XMLHttpRequest::BlobLoader final : public GarbageCollectedFinalized<XMLHttpRequest::BlobLoader>, public FileReaderLoaderClient {
|
| @@ -536,12 +556,19 @@ void XMLHttpRequest::setWithCredentials(bool value, ExceptionState& exceptionSta
|
|
|
| void XMLHttpRequest::open(const AtomicString& method, const String& urlString, ExceptionState& exceptionState)
|
| {
|
| - open(method, getExecutionContext()->completeURL(urlString), true, exceptionState);
|
| + KURL url(getExecutionContext()->completeURL(urlString));
|
| + if (!validateOpenArguments(method, url, exceptionState))
|
| + return;
|
| +
|
| + open(method, url, true, exceptionState);
|
| }
|
|
|
| void XMLHttpRequest::open(const AtomicString& method, const String& urlString, bool async, const String& username, const String& password, ExceptionState& exceptionState)
|
| {
|
| KURL url(getExecutionContext()->completeURL(urlString));
|
| + if (!validateOpenArguments(method, url, exceptionState))
|
| + return;
|
| +
|
| if (!username.isNull())
|
| url.setUser(username);
|
| if (!password.isNull())
|
| @@ -554,6 +581,8 @@ void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool asyn
|
| {
|
| NETWORK_DVLOG(1) << this << " open(" << method << ", " << url.elidedString() << ", " << async << ")";
|
|
|
| + DCHECK(validateOpenArguments(method, url, exceptionState));
|
| +
|
| if (!internalAbort())
|
| return;
|
|
|
| @@ -562,16 +591,6 @@ void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool asyn
|
| m_error = false;
|
| m_uploadComplete = false;
|
|
|
| - if (!isValidHTTPToken(method)) {
|
| - exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a valid HTTP method.");
|
| - return;
|
| - }
|
| -
|
| - if (FetchUtils::isForbiddenMethod(method)) {
|
| - exceptionState.throwSecurityError("'" + method + "' HTTP method is unsupported.");
|
| - return;
|
| - }
|
| -
|
| if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
|
| // We can safely expose the URL to JavaScript, as these checks happen synchronously before redirection. JavaScript receives no new information.
|
| exceptionState.throwSecurityError("Refused to connect to '" + url.elidedString() + "' because it violates the document's Content Security Policy.");
|
|
|
Chromium Code Reviews
Issue 2297483002:
Make XMLHttpRequest.open() throw for invalid URLs (Closed)
