Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(222)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp

Issue 2411733002: Check the format of an applicationServerKey when used to register a push subscription. (Closed)
Patch Set: More formatting Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/push_messaging/subscribe-failure-no-manifest-in-service-worker.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
diff --git a/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp b/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
index c86b1683cb63b5019f479e7b0bd5b4fe82f92206..8059999da762797ba2bc5826fb9134df30361dc2 100644
--- a/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
+++ b/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
@@ -10,6 +10,7 @@
#include "modules/push_messaging/PushSubscriptionOptionsInit.h"
#include "public/platform/WebString.h"
#include "public/platform/modules/push_messaging/WebPushSubscriptionOptions.h"
+#include "third_party/WebKit/Source/wtf/ASCIICType.h"
#include "wtf/Assertions.h"
#include "wtf/text/WTFString.h"
@@ -21,10 +22,9 @@ const int kMaxApplicationServerKeyLength = 255;
String bufferSourceToString(
const ArrayBufferOrArrayBufferView& applicationServerKey,
ExceptionState& exceptionState) {
- // Check the validity of the sender info. It must be a 65-byte uncompressed
- // key, which has the byte 0x04 as the first byte as a marker.
unsigned char* input;
int length;
+ // Convert the input array into a string of bytes.
if (applicationServerKey.isArrayBuffer()) {
input = static_cast<unsigned char*>(
applicationServerKey.getAsArrayBuffer()->data());
@@ -39,9 +39,16 @@ String bufferSourceToString(
return String();
}
- // If the key is valid, just treat it as a string of bytes and pass it to
- // the push service.
- if (length <= kMaxApplicationServerKeyLength)
+ // Check the validity of the sender info. It must either be a 65-byte
+ // uncompressed VAPID key, which has the byte 0x04 as the first byte or a
+ // numeric sender ID.
+ const bool isVapid = length == 65 && *input == 0x04;
+ const bool isSenderId =
+ length > 0 && length < kMaxApplicationServerKeyLength &&
+ (std::find_if_not(input, input + length,
+ &WTF::isASCIIDigit<unsigned char>) == input + length);
+
+ if (isVapid || isSenderId)
return WebString::fromLatin1(input, length);
exceptionState.throwDOMException(
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/push_messaging/subscribe-failure-no-manifest-in-service-worker.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698