aboutsummaryrefslogtreecommitdiffstats
path: root/components/net/chrome_loader.rs
diff options
context:
space:
mode:
Diffstat (limited to 'components/net/chrome_loader.rs')
-rw-r--r--components/net/chrome_loader.rs19
1 files changed, 7 insertions, 12 deletions
diff --git a/components/net/chrome_loader.rs b/components/net/chrome_loader.rs
index f18792de021..07367ce5367 100644
--- a/components/net/chrome_loader.rs
+++ b/components/net/chrome_loader.rs
@@ -6,26 +6,21 @@ use file_loader;
use mime_classifier::MIMEClassifier;
use net_traits::{LoadConsumer, LoadData, NetworkError};
use resource_thread::{CancellationListener, send_error};
-use std::path::Path;
use std::sync::Arc;
use url::Url;
use util::resource_files::resources_dir_path;
pub fn resolve_chrome_url(url: &Url) -> Result<Url, ()> {
- assert_eq!(url.scheme, "chrome");
- // Skip the initial //
- let non_relative_scheme_data = &url.non_relative_scheme_data().unwrap()[2..];
- let relative_path = Path::new(non_relative_scheme_data);
+ assert_eq!(url.scheme(), "chrome");
+ let resources = resources_dir_path();
+ let mut path = resources.clone();
+ for segment in url.path_segments().unwrap() {
+ path.push(segment)
+ }
// Don't allow chrome URLs access to files outside of the resources directory.
- if non_relative_scheme_data.find("..").is_some() ||
- relative_path.is_absolute() ||
- relative_path.has_root() {
+ if !(path.starts_with(resources) && path.exists()) {
return Err(());
}
-
- let mut path = resources_dir_path();
- path.push(non_relative_scheme_data);
- assert!(path.exists());
return Ok(Url::from_file_path(&*path).unwrap());
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-02 20:44:27 +0000