Index: content/browser/service_worker/service_worker_dispatcher_host.cc |
diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc |
index 802ea30c83ba4dc27301cd75e9dd7945346223aa..cfce1a8a871fee3d6e8b2511730aa603edbc324c 100644 |
--- a/content/browser/service_worker/service_worker_dispatcher_host.cc |
+++ b/content/browser/service_worker/service_worker_dispatcher_host.cc |
@@ -52,21 +52,38 @@ bool OriginCanAccessServiceWorkers(const GURL& url) { |
return url.SchemeIsSecure() || net::IsLocalhost(url.host()); |
} |
+bool CheckPatternIsUnderTheScriptDirectory(const GURL& pattern, |
+ const GURL& script_url) { |
+ size_t slash_pos = script_url.spec().rfind('/'); |
+ if (slash_pos == std::string::npos) |
+ return false; |
+ return pattern.spec().compare( |
+ 0, slash_pos + 1, script_url.spec(), 0, slash_pos + 1) == 0; |
+} |
+ |
bool CanRegisterServiceWorker(const GURL& document_url, |
const GURL& pattern, |
const GURL& script_url) { |
+ DCHECK(document_url.is_valid()); |
+ DCHECK(pattern.is_valid()); |
+ DCHECK(script_url.is_valid()); |
return AllOriginsMatch(document_url, pattern, script_url) && |
- OriginCanAccessServiceWorkers(document_url); |
+ OriginCanAccessServiceWorkers(document_url) && |
+ CheckPatternIsUnderTheScriptDirectory(pattern, script_url); |
} |
bool CanUnregisterServiceWorker(const GURL& document_url, |
const GURL& pattern) { |
+ DCHECK(document_url.is_valid()); |
+ DCHECK(pattern.is_valid()); |
return document_url.GetOrigin() == pattern.GetOrigin() && |
OriginCanAccessServiceWorkers(document_url); |
} |
bool CanGetRegistration(const GURL& document_url, |
const GURL& given_document_url) { |
+ DCHECK(document_url.is_valid()); |
+ DCHECK(given_document_url.is_valid()); |
return document_url.GetOrigin() == given_document_url.GetOrigin() && |
OriginCanAccessServiceWorkers(document_url); |
} |
@@ -236,6 +253,10 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker( |
base::ASCIIToUTF16(kShutdownErrorMessage))); |
return; |
} |
+ if (!pattern.is_valid() || !script_url.is_valid()) { |
+ BadMessageReceived(); |
+ return; |
+ } |
ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( |
render_process_id_, provider_id); |
@@ -299,6 +320,10 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker( |
base::ASCIIToUTF16(kShutdownErrorMessage))); |
return; |
} |
+ if (!pattern.is_valid()) { |
+ BadMessageReceived(); |
+ return; |
+ } |
ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( |
render_process_id_, provider_id); |
@@ -358,6 +383,10 @@ void ServiceWorkerDispatcherHost::OnGetRegistration( |
base::ASCIIToUTF16(kShutdownErrorMessage))); |
return; |
} |
+ if (!document_url.is_valid()) { |
+ BadMessageReceived(); |
+ return; |
+ } |
ServiceWorkerProviderHost* provider_host = GetContext()->GetProviderHost( |
render_process_id_, provider_id); |