Feodor2
/
Mypal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[AppCache] Add check for disallowed encoded path separators.

master
Fedor 2020-07-16 03:50:17 +03:00
parent c8fc4f8bb5
commit 136ab69fb3
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
uriloader/prefetch/nsOfflineCacheUpdate.cpp
View File

@ -948,6 +948,14 @@ nsOfflineManifestItem::HandleManifestLine(const nsCString::const_iterator &aBegi
mStrictFileOriginPolicy))
break;
// Check fallback path for disallowed encoded path separators
nsAutoCString path;
fallbackURI->GetFilePath(path);
if (path.Find("%2f") != kNotFound || path.Find("%2F") != kNotFound) {
LogToConsole("Offline cache manifest bad fallback path", this);
break;
}
mFallbackURIs.AppendObject(fallbackURI);
AddNamespace(nsIApplicationCacheNamespace::NAMESPACE_FALLBACK,