Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(556)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp

Issue 2411733002: Check the format of an applicationServerKey when used to register a push subscription. (Closed)
Patch Set: Convert tests to LayoutTests Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/http/tests/push_messaging/resources/test-helpers.js ('K') | « third_party/WebKit/LayoutTests/http/tests/push_messaging/subscribe-failure-no-manifest-in-service-worker.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
diff --git a/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp b/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
index c86b1683cb63b5019f479e7b0bd5b4fe82f92206..2bfc0c94c6d7f0ba7b9aed01242a9cf028253560 100644
--- a/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
+++ b/third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp
@@ -10,6 +10,7 @@
#include "modules/push_messaging/PushSubscriptionOptionsInit.h"
#include "public/platform/WebString.h"
#include "public/platform/modules/push_messaging/WebPushSubscriptionOptions.h"
+#include "third_party/WebKit/Source/wtf/ASCIICType.h"
#include "wtf/Assertions.h"
#include "wtf/text/WTFString.h"
@@ -21,10 +22,9 @@ const int kMaxApplicationServerKeyLength = 255;
String bufferSourceToString(
const ArrayBufferOrArrayBufferView& applicationServerKey,
ExceptionState& exceptionState) {
- // Check the validity of the sender info. It must be a 65-byte uncompressed
- // key, which has the byte 0x04 as the first byte as a marker.
unsigned char* input;
int length;
+ // Convert the input array into a string of bytes.
if (applicationServerKey.isArrayBuffer()) {
input = static_cast<unsigned char*>(
applicationServerKey.getAsArrayBuffer()->data());
@@ -39,9 +39,16 @@ String bufferSourceToString(
return String();
}
- // If the key is valid, just treat it as a string of bytes and pass it to
- // the push service.
- if (length <= kMaxApplicationServerKeyLength)
+ // Check the validity of the sender info. It must either be a 65-byte
+ // uncompressed VAPID key, which has the byte 0x04 as the first byte or a
+ // numeric sender ID.
+ const bool isVapid = length == 65 && input && *input == 0x04;
Peter Beverloo 2016/10/14 14:36:30 Is checking for |input| required? When would lengt
harkness 2016/10/14 15:13:47 Done.
+ const bool isSenderId =
+ (length > 0) && (length < kMaxApplicationServerKeyLength) &&
Peter Beverloo 2016/10/14 14:36:30 No parenthesis around the two comparisons on this
harkness 2016/10/14 15:13:47 Done.
+ (std::find_if_not(input, input + length,
+ &WTF::isASCIIDigit<unsigned char>) == input + length);
+
+ if (isVapid || isSenderId)
return WebString::fromLatin1(input, length);
exceptionState.throwDOMException(
« third_party/WebKit/LayoutTests/http/tests/push_messaging/resources/test-helpers.js ('K') | « third_party/WebKit/LayoutTests/http/tests/push_messaging/subscribe-failure-no-manifest-in-service-worker.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698