OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
104 } | 104 } |
105 | 105 |
106 bool DOMFilePath::isValidPath(const String& path) { | 106 bool DOMFilePath::isValidPath(const String& path) { |
107 if (path.isEmpty() || path == DOMFilePath::root) | 107 if (path.isEmpty() || path == DOMFilePath::root) |
108 return true; | 108 return true; |
109 | 109 |
110 // Embedded NULs are not allowed. | 110 // Embedded NULs are not allowed. |
111 if (path.find(static_cast<UChar>(0)) != WTF::kNotFound) | 111 if (path.find(static_cast<UChar>(0)) != WTF::kNotFound) |
112 return false; | 112 return false; |
113 | 113 |
114 // While not [yet] restricted by the spec, '\\' complicates implementation for
Chromium. | 114 // While not [yet] restricted by the spec, '\\' complicates implementation for |
| 115 // Chromium. |
115 if (path.find('\\') != WTF::kNotFound) | 116 if (path.find('\\') != WTF::kNotFound) |
116 return false; | 117 return false; |
117 | 118 |
118 // This method is only called on fully-evaluated absolute paths. Any sign of "
.." or "." is likely an attempt to break out of the sandbox. | 119 // This method is only called on fully-evaluated absolute paths. Any sign of |
| 120 // ".." or "." is likely an attempt to break out of the sandbox. |
119 Vector<String> components; | 121 Vector<String> components; |
120 path.split(DOMFilePath::separator, components); | 122 path.split(DOMFilePath::separator, components); |
121 for (size_t i = 0; i < components.size(); ++i) { | 123 for (size_t i = 0; i < components.size(); ++i) { |
122 if (components[i] == ".") | 124 if (components[i] == ".") |
123 return false; | 125 return false; |
124 if (components[i] == "..") | 126 if (components[i] == "..") |
125 return false; | 127 return false; |
126 } | 128 } |
127 return true; | 129 return true; |
128 } | 130 } |
129 | 131 |
130 bool DOMFilePath::isValidName(const String& name) { | 132 bool DOMFilePath::isValidName(const String& name) { |
131 if (name.isEmpty()) | 133 if (name.isEmpty()) |
132 return true; | 134 return true; |
133 // '/' is not allowed in name. | 135 // '/' is not allowed in name. |
134 if (name.contains('/')) | 136 if (name.contains('/')) |
135 return false; | 137 return false; |
136 return isValidPath(name); | 138 return isValidPath(name); |
137 } | 139 } |
138 | 140 |
139 } // namespace blink | 141 } // namespace blink |
OLD | NEW |