aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--components/net/chrome_loader.rs6
-rw-r--r--components/style/selector_matching.rs4
-rw-r--r--resources/badcert.html2
-rw-r--r--tests/unit/net/chrome_loader.rs18
4 files changed, 20 insertions, 10 deletions
diff --git a/components/net/chrome_loader.rs b/components/net/chrome_loader.rs
index 07367ce5367..31a52913929 100644
--- a/components/net/chrome_loader.rs
+++ b/components/net/chrome_loader.rs
@@ -8,14 +8,18 @@ use net_traits::{LoadConsumer, LoadData, NetworkError};
use resource_thread::{CancellationListener, send_error};
use std::sync::Arc;
use url::Url;
+use url::percent_encoding::percent_decode;
use util::resource_files::resources_dir_path;
pub fn resolve_chrome_url(url: &Url) -> Result<Url, ()> {
assert_eq!(url.scheme(), "chrome");
+ if url.host_str() != Some("resources") {
+ return Err(())
+ }
let resources = resources_dir_path();
let mut path = resources.clone();
for segment in url.path_segments().unwrap() {
- path.push(segment)
+ path.push(&*try!(percent_decode(segment.as_bytes()).decode_utf8().map_err(|_| ())))
}
// Don't allow chrome URLs access to files outside of the resources directory.
if !(path.starts_with(resources) && path.exists()) {
diff --git a/components/style/selector_matching.rs b/components/style/selector_matching.rs
index 73a48fa7375..167d3277c42 100644
--- a/components/style/selector_matching.rs
+++ b/components/style/selector_matching.rs
@@ -42,7 +42,7 @@ lazy_static! {
Ok(res) => {
let ua_stylesheet = Stylesheet::from_bytes(
&res,
- Url::parse(&format!("chrome:///{:?}", filename)).unwrap(),
+ Url::parse(&format!("chrome://resources/{:?}", filename)).unwrap(),
None,
None,
Origin::UserAgent,
@@ -69,7 +69,7 @@ lazy_static! {
Ok(res) => {
Stylesheet::from_bytes(
&res,
- Url::parse("chrome:///quirks-mode.css").unwrap(),
+ Url::parse("chrome://resources/quirks-mode.css").unwrap(),
None,
None,
Origin::UserAgent,
diff --git a/resources/badcert.html b/resources/badcert.html
index 5c4a158c1c0..9bb98db2148 100644
--- a/resources/badcert.html
+++ b/resources/badcert.html
@@ -3,6 +3,6 @@
<title>Certificate error</title>
</head>
<body>
- <img src="chrome:/badcert.jpg">
+ <img src="chrome://resources/badcert.jpg">
</body>
</html>
diff --git a/tests/unit/net/chrome_loader.rs b/tests/unit/net/chrome_loader.rs
index 5226f411d3e..2b335651272 100644
--- a/tests/unit/net/chrome_loader.rs
+++ b/tests/unit/net/chrome_loader.rs
@@ -7,40 +7,46 @@ use url::Url;
#[test]
fn test_relative() {
- let url = Url::parse("chrome:/../something").unwrap();
+ let url = Url::parse("chrome://resources/../something").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test]
fn test_relative_2() {
- let url = Url::parse("chrome:/subdir/../something").unwrap();
+ let url = Url::parse("chrome://resources/subdir/../something").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test]
#[cfg(not(target_os = "windows"))]
fn test_absolute() {
- let url = Url::parse("chrome:/etc/passwd").unwrap();
+ let url = Url::parse("chrome://resources/etc/passwd").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test]
#[cfg(target_os = "windows")]
fn test_absolute_2() {
- let url = Url::parse("chrome:/C:\\Windows").unwrap();
+ let url = Url::parse("chrome://resources/C:\\Windows").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test]
#[cfg(target_os = "windows")]
fn test_absolute_3() {
- let url = Url::parse("chrome:/\\\\server/C$").unwrap();
+ let url = Url::parse("chrome://resources/\\\\server/C$").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test]
fn test_valid() {
- let url = Url::parse("chrome:/badcert.jpg").unwrap();
+ let url = Url::parse("chrome://resources/badcert.jpg").unwrap();
let resolved = resolve_chrome_url(&url).unwrap();
assert_eq!(resolved.scheme(), "file");
}
+
+#[test]
+fn test_incorrect_host() {
+ let url = Url::parse("chrome://not-resources/badcert.jpg").unwrap();
+ assert!(resolve_chrome_url(&url).is_err());
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-15 13:07:26 +0000