mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1032303 - CSP: Keep full stop (.) when matching *.foo.com to disallow loads from foo.com (r=sstamm)
--HG-- extra : rebase_source : 1e6db1451eedeb73348ec37f8b292ff5ba1893ae
This commit is contained in:
parent
22c97b8e24
commit
29617c35fb
@ -327,11 +327,12 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce) const
|
||||
|
||||
// Check it the allowed host starts with a wilcard.
|
||||
if (mHost.First() == '*') {
|
||||
// Eliminate leading "*." and check if uriHost ends with defined mHost.
|
||||
NS_ASSERTION(mHost[1] == '.', "Second character needs to be '.' whenever host starts with '*'");
|
||||
|
||||
// Eliminate leading "*", but keeping the FULL STOP (.) thereafter before checking
|
||||
// if the remaining characters match: see http://www.w3.org/TR/CSP11/#matching
|
||||
nsString wildCardHost = mHost;
|
||||
wildCardHost = Substring(wildCardHost, 2, wildCardHost.Length() - 2);
|
||||
wildCardHost = Substring(wildCardHost, 1, wildCardHost.Length() - 1);
|
||||
if (!StringEndsWith(NS_ConvertUTF8toUTF16(uriHost), wildCardHost)) {
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user