mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-25 11:15:34 +00:00
Bug 784315 - fix CSP parser to handle single-token hosts via regex correctly. r=geekboy
This commit is contained in:
parent
cee90e8d4f
commit
eb3d6bdd0a
@ -45,7 +45,7 @@ const R_HOSTCHAR = new RegExp ("[a-zA-Z0-9\\-]", 'i');
|
||||
|
||||
// host = "*" / [ "*." ] 1*host-char *( "." 1*host-char )
|
||||
const R_HOST = new RegExp ("\\*|(((\\*\\.)?" + R_HOSTCHAR.source +
|
||||
"+)(\\." + R_HOSTCHAR.source +"+)+)",'i');
|
||||
"+)(\\." + R_HOSTCHAR.source +"+)*)",'i');
|
||||
// port = ":" ( 1*DIGIT / "*" )
|
||||
const R_PORT = new RegExp ("(\\:([0-9]+|\\*))", 'i');
|
||||
|
||||
@ -996,19 +996,26 @@ CSPSource.fromString = function(aStr, self, enforceSelfChecks) {
|
||||
}
|
||||
|
||||
// check for host-source or ext-host-source match
|
||||
if (R_HOSTSRC.test(aStr) || R_EXTHOSTSRC.test(aStr)){
|
||||
if (R_HOSTSRC.test(aStr) || R_EXTHOSTSRC.test(aStr)) {
|
||||
var schemeMatch = R_GETSCHEME.exec(aStr);
|
||||
if (!schemeMatch)
|
||||
// check that the scheme isn't accidentally matching the host. There should
|
||||
// be '://' if there is a valid scheme in an (EXT)HOSTSRC
|
||||
if (!schemeMatch || aStr.indexOf("://") == -1) {
|
||||
sObj._scheme = self.scheme;
|
||||
else {
|
||||
schemeMatch = null;
|
||||
} else {
|
||||
sObj._scheme = schemeMatch[0];
|
||||
}
|
||||
|
||||
// get array of matches to the R_HOST regular expression
|
||||
var hostMatch = R_HOST.exec(aStr);
|
||||
if (!hostMatch) {
|
||||
if (!hostMatch){
|
||||
CSPError(CSPLocalizer.getFormatStr("couldntParseInvalidSource", [aStr]));
|
||||
return null;
|
||||
}
|
||||
// host regex gets scheme, so remove scheme from aStr. Add 3 for '://'
|
||||
if (schemeMatch)
|
||||
hostMatch = R_HOST.exec(aStr.substring(schemeMatch[0].length + 3));
|
||||
sObj._host = CSPHost.fromString(hostMatch[0]);
|
||||
var portMatch = R_PORT.exec(aStr);
|
||||
if (!portMatch) {
|
||||
|
@ -508,6 +508,28 @@ test(function test_FrameAncestor_defaults() {
|
||||
do_check_false(cspr.permits("http://subd.self.com:34", SD.FRAME_ANCESTORS));
|
||||
});
|
||||
|
||||
test(function test_FrameAncestor_TLD_defaultPorts() {
|
||||
var cspr;
|
||||
var SD = CSPRep.SRC_DIRECTIVES;
|
||||
var self = "http://self"; //TLD only, no .com or anything.
|
||||
|
||||
cspr = CSPRep.fromString("allow 'self'; frame-ancestors 'self' http://foo:80 bar:80 http://three", URI(self));
|
||||
|
||||
//"frame-ancestors should default to * not 'allow' value"
|
||||
do_check_true(cspr.permits("http://self", SD.FRAME_ANCESTORS));
|
||||
do_check_true(cspr.permits("http://self:80", SD.FRAME_ANCESTORS));
|
||||
do_check_true(cspr.permits("http://foo", SD.FRAME_ANCESTORS));
|
||||
do_check_true(cspr.permits("http://foo:80", SD.FRAME_ANCESTORS));
|
||||
do_check_true(cspr.permits("http://bar", SD.FRAME_ANCESTORS));
|
||||
do_check_true(cspr.permits("http://three:80", SD.FRAME_ANCESTORS));
|
||||
|
||||
do_check_false(cspr.permits("https://foo:400", SD.FRAME_ANCESTORS));
|
||||
do_check_false(cspr.permits("https://self:34", SD.FRAME_ANCESTORS));
|
||||
do_check_false(cspr.permits("https://bar", SD.FRAME_ANCESTORS));
|
||||
do_check_false(cspr.permits("http://three:81", SD.FRAME_ANCESTORS));
|
||||
do_check_false(cspr.permits("https://three:81", SD.FRAME_ANCESTORS));
|
||||
});
|
||||
|
||||
test(function test_CSP_ReportURI_parsing() {
|
||||
var cspr;
|
||||
var SD = CSPRep.SRC_DIRECTIVES;
|
||||
|
Loading…
Reference in New Issue
Block a user