Fix handling of bad @match directives

User scripts with parse errors in their @match patterns were included
on all pages. Don't allow to fallback to "@include *" in this case.

Task-number: QTBUG-67726
Change-Id: I8172184e79fe3e515f391bc6cc8274a624e67a19
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/core/renderer/user_resource_controller.cpp b/src/core/renderer/user_resource_controller.cpp
index 09451b83e..860f94a52 100644
--- a/src/core/renderer/user_resource_controller.cpp
+++ b/src/core/renderer/user_resource_controller.cpp
@@ -67,6 +67,11 @@ static content::RenderView * const globalScriptsIndex = 0;
 // Scripts meant to run after the load event will be run 500ms after DOMContentLoaded if the load event doesn't come within that delay.
 static const int afterLoadTimeout = 500;
 
+static int validUserScriptSchemes()
+{
+    return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE;
+}
+
 static bool regexMatchesURL(const std::string &pat, const GURL &url) {
     QRegularExpression qre(QtWebEngineCore::toQt(pat));
     qre.setPatternOptions(QRegularExpression::CaseInsensitiveOption);
@@ -95,8 +100,8 @@ static bool scriptMatchesURL(const UserScriptData &scriptData, const GURL &url)
     if (!scriptData.urlPatterns.empty()) {
         matchFound = false;
         for (auto it = scriptData.urlPatterns.begin(), end = scriptData.urlPatterns.end(); it != end; ++it) {
-            URLPattern urlPattern(QtWebEngineCore::UserScript::validUserScriptSchemes(), *it);
-            if (urlPattern.MatchesURL(url))
+            URLPattern urlPattern(validUserScriptSchemes());
+            if (urlPattern.Parse(*it) == URLPattern::PARSE_SUCCESS && urlPattern.MatchesURL(url))
                 matchFound = true;
         }
         if (!matchFound)