mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1337629 - Restrict allowed hostname characters r=mcmanus
MozReview-Commit-ID: H8u2C5oSiT9
This commit is contained in:
parent
83ba7c63ab
commit
f2fd6230e6
@ -620,7 +620,7 @@ nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length)
|
|||||||
}
|
}
|
||||||
|
|
||||||
const char *end = host + length;
|
const char *end = host + length;
|
||||||
if (end != net_FindCharInSet(host, end, "\t\n\v\f\r #/:?@[\\]")) {
|
if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"")) {
|
||||||
// We still allow % because it is in the ID of addons.
|
// We still allow % because it is in the ID of addons.
|
||||||
// Any percent encoded ASCII characters that are not allowed in the
|
// Any percent encoded ASCII characters that are not allowed in the
|
||||||
// hostname are not percent decoded, and will be parsed just fine.
|
// hostname are not percent decoded, and will be parsed just fine.
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
"use strict";
|
||||||
|
|
||||||
const StandardURL = Components.Constructor("@mozilla.org/network/standard-url;1",
|
const StandardURL = Components.Constructor("@mozilla.org/network/standard-url;1",
|
||||||
"nsIStandardURL",
|
"nsIStandardURL",
|
||||||
"init");
|
"init");
|
||||||
@ -14,7 +16,7 @@ function symmetricEquality(expect, a, b)
|
|||||||
/* We don't check port in the loop, because it can be defaulted in
|
/* We don't check port in the loop, because it can be defaulted in
|
||||||
some cases. */
|
some cases. */
|
||||||
["spec", "prePath", "scheme", "userPass", "username", "password",
|
["spec", "prePath", "scheme", "userPass", "username", "password",
|
||||||
"hostPort", "host", "path", "filePath", "param", "query",
|
"hostPort", "host", "path", "filePath", "query",
|
||||||
"ref", "directory", "fileName", "fileBaseName", "fileExtension"]
|
"ref", "directory", "fileName", "fileBaseName", "fileExtension"]
|
||||||
.map(function(prop) {
|
.map(function(prop) {
|
||||||
dump("Testing '"+ prop + "'\n");
|
dump("Testing '"+ prop + "'\n");
|
||||||
@ -438,3 +440,17 @@ add_test(function test_ipv4Normalize()
|
|||||||
|
|
||||||
run_next_test();
|
run_next_test();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
add_test(function test_invalidHostChars() {
|
||||||
|
var url = stringToURL("http://example.org/");
|
||||||
|
for (let i = 0; i <= 0x20; i++) {
|
||||||
|
Assert.throws(() => { url.host = "a" + String.fromCharCode(i) + "b"; }, "Trying to set hostname containing char code: " + i);
|
||||||
|
}
|
||||||
|
for (let c of "@[]*<>|:\"") {
|
||||||
|
Assert.throws(() => { url.host = "a" + c; }, "Trying to set hostname containing char: " + c);
|
||||||
|
}
|
||||||
|
|
||||||
|
// It also can't contain /, \, #, ?, but we treat these characters as
|
||||||
|
// hostname separators, so there is no way to set them and fail.
|
||||||
|
run_next_test();
|
||||||
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user