diff options
| author | Shinichi Morimoto <shnmorimoto@gmail.com> | 2019-11-13 15:37:53 +0900 |
|---|---|---|
| committer | Shinichi Morimoto <shnmorimoto@gmail.com> | 2019-11-18 22:44:07 +0900 |
| commit | 2d995ba41a73e42c9710e1fec132b5d3b501581e (patch) | |
| tree | 175b43d9eea2f059c41fd8a0d59e34b954f2b63a | |
| parent | dfa78986a6f74176bc36f4ba29969ec421a8730c (diff) | |
| download | servo-2d995ba41a73e42c9710e1fec132b5d3b501581e.tar.gz servo-2d995ba41a73e42c9710e1fec132b5d3b501581e.zip | |
check same-origin and url against the blob beign revoked
| -rw-r--r-- | components/net_traits/blob_url_store.rs | 12 | ||||
| -rw-r--r-- | components/script/dom/url.rs | 16 | ||||
| -rw-r--r-- | tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini | 27 | ||||
| -rw-r--r-- | tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini | 12 |
4 files changed, 19 insertions, 48 deletions
diff --git a/components/net_traits/blob_url_store.rs b/components/net_traits/blob_url_store.rs index c9bb670ee29..16d6b620108 100644 --- a/components/net_traits/blob_url_store.rs +++ b/components/net_traits/blob_url_store.rs @@ -40,9 +40,17 @@ pub struct BlobBuf { /// <https://w3c.github.io/FileAPI/#DefinitionOfScheme> pub fn parse_blob_url(url: &ServoUrl) -> Result<(Uuid, FileOrigin), ()> { let url_inner = Url::parse(url.path()).map_err(|_| ())?; + let segs = url_inner + .path_segments() + .map(|c| c.collect::<Vec<_>>()) + .ok_or(())?; + + if url.query().is_some() || segs.len() > 1 { + return Err(()); + } + let id = { - let mut segs = url_inner.path_segments().ok_or(())?; - let id = segs.nth(0).ok_or(())?; + let id = segs.first().ok_or(())?; Uuid::from_str(id).map_err(|_| ())? }; Ok((id, get_blob_origin(&ServoUrl::from_url(url_inner)))) diff --git a/components/script/dom/url.rs b/components/script/dom/url.rs index 9952739243b..cc6c83e2c18 100644 --- a/components/script/dom/url.rs +++ b/components/script/dom/url.rs @@ -129,13 +129,15 @@ impl URL { let origin = get_blob_origin(&global.get_url()); if let Ok(url) = ServoUrl::parse(&url) { - if let Ok((id, _)) = parse_blob_url(&url) { - let resource_threads = global.resource_threads(); - let (tx, rx) = ipc::channel(global.time_profiler_chan().clone()).unwrap(); - let msg = FileManagerThreadMsg::RevokeBlobURL(id, origin, tx); - let _ = resource_threads.send(CoreResourceMsg::ToFileManager(msg)); - - let _ = rx.recv().unwrap(); + if url.fragment().is_none() && origin == get_blob_origin(&url) { + if let Ok((id, _)) = parse_blob_url(&url) { + let resource_threads = global.resource_threads(); + let (tx, rx) = ipc::channel(global.time_profiler_chan().clone()).unwrap(); + let msg = FileManagerThreadMsg::RevokeBlobURL(id, origin, tx); + let _ = resource_threads.send(CoreResourceMsg::ToFileManager(msg)); + + let _ = rx.recv().unwrap(); + } } } } diff --git a/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini b/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini index 3b874fc1748..abf0d50aff3 100644 --- a/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini +++ b/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini @@ -1,36 +1,9 @@ [url-with-fetch.any.worker.html] - [url-with-fetch] - expected: FAIL - - [Only exact matches should revoke URLs, using fetch] - expected: FAIL - - [Appending a query string should cause fetch to fail] - expected: FAIL - - [Appending a path should cause fetch to fail] - expected: FAIL - [Revoke blob URL after creating Request, will fetch] expected: FAIL [url-with-fetch.any.html] - [Untitled] - expected: FAIL - - [url-with-fetch] - expected: FAIL - - [Only exact matches should revoke URLs, using fetch] - expected: FAIL - - [Appending a query string should cause fetch to fail] - expected: FAIL - - [Appending a path should cause fetch to fail] - expected: FAIL - [Revoke blob URL after creating Request, will fetch] expected: FAIL diff --git a/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini b/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini index b68c09be5c6..2cf5cb71ac7 100644 --- a/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini +++ b/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini @@ -1,21 +1,9 @@ [url-with-xhr.any.html] - [Only exact matches should revoke URLs, using XHR] - expected: FAIL - [Appending a query string should cause XHR to fail] - expected: FAIL - [Appending a path should cause XHR to fail] - expected: FAIL [Revoke blob URL after open(), will fetch] expected: FAIL [url-with-xhr.any.worker.html] - [Only exact matches should revoke URLs, using XHR] - expected: FAIL - [Appending a query string should cause XHR to fail] - expected: FAIL - [Appending a path should cause XHR to fail] - expected: FAIL [Revoke blob URL after open(), will fetch] expected: FAIL |