wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1032303 - CSP: Keep full stop (.) when matching *.foo.com to disallow loads from foo.com (r=sstamm)

Browse Source 
--HG--
extra : rebase_source : 1e6db1451eedeb73348ec37f8b292ff5ba1893ae
This commit is contained in:
Christoph Kerschbaumer 2014-06-30 10:53:17 -07:00
parent 22c97b8e24
commit 29617c35fb
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/base/src/nsCSPUtils.cpp
View File

@ -327,11 +327,12 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce) const
// Check it the allowed host starts with a wilcard.
if (mHost.First() == '*') {
// Eliminate leading "*." and check if uriHost ends with defined mHost.
NS_ASSERTION(mHost[1] == '.', "Second character needs to be '.' whenever host starts with '*'");
// Eliminate leading "*", but keeping the FULL STOP (.) thereafter before checking
// if the remaining characters match: see http://www.w3.org/TR/CSP11/#matching
nsString wildCardHost = mHost;
wildCardHost = Substring(wildCardHost, 2, wildCardHost.Length() - 2);
wildCardHost = Substring(wildCardHost, 1, wildCardHost.Length() - 1);
if (!StringEndsWith(NS_ConvertUTF8toUTF16(uriHost), wildCardHost)) {
return false;
}