Fix handling of bad @match directives

User scripts with parse errors in their @match patterns were included
on all pages. Don't allow to fallback to "@include *" in this case.

Task-number: QTBUG-67726
Change-Id: I8172184e79fe3e515f391bc6cc8274a624e67a19
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

3 files changed, 8 insertions, 14 deletions

diff --git a/src/core/renderer/user_resource_controller.cpp b/src/core/renderer/user_resource_controller.cpp
index 09451b83e..860f94a52 100644
--- a/src/core/renderer/user_resource_controller.cpp
+++ b/src/core/renderer/user_resource_controller.cpp
@@ -67,6 +67,11 @@ static content::RenderView * const globalScriptsIndex = 0;
 // Scripts meant to run after the load event will be run 500ms after DOMContentLoaded if the load event doesn't come within that delay.
 static const int afterLoadTimeout = 500;
 
+static int validUserScriptSchemes()
+{
+    return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE;
+}
+
 static bool regexMatchesURL(const std::string &pat, const GURL &url) {
     QRegularExpression qre(QtWebEngineCore::toQt(pat));
     qre.setPatternOptions(QRegularExpression::CaseInsensitiveOption);
@@ -95,8 +100,8 @@ static bool scriptMatchesURL(const UserScriptData &scriptData, const GURL &url)
     if (!scriptData.urlPatterns.empty()) {
         matchFound = false;
         for (auto it = scriptData.urlPatterns.begin(), end = scriptData.urlPatterns.end(); it != end; ++it) {
-            URLPattern urlPattern(QtWebEngineCore::UserScript::validUserScriptSchemes(), *it);
-            if (urlPattern.MatchesURL(url))
+            URLPattern urlPattern(validUserScriptSchemes());
+            if (urlPattern.Parse(*it) == URLPattern::PARSE_SUCCESS && urlPattern.MatchesURL(url))
                 matchFound = true;
         }
         if (!matchFound)
diff --git a/src/core/user_script.cpp b/src/core/user_script.cpp
index 9b9d66d55..bdd6524ca 100644
--- a/src/core/user_script.cpp
+++ b/src/core/user_script.cpp
@@ -38,7 +38,6 @@
 ****************************************************************************/
 
 #include "common/user_script_data.h"
-#include "extensions/common/url_pattern.h"
 #include "user_script.h"
 #include "type_conversion.h"
 
@@ -66,11 +65,6 @@ bool GetDeclarationValue(const base::StringPiece& line,
 
 namespace QtWebEngineCore {
 
-int UserScript::validUserScriptSchemes()
-{
-    return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE;
-}
-
 ASSERT_ENUMS_MATCH(UserScript::AfterLoad, UserScriptData::AfterLoad)
 ASSERT_ENUMS_MATCH(UserScript::DocumentLoadFinished, UserScriptData::DocumentLoadFinished)
 ASSERT_ENUMS_MATCH(UserScript::DocumentElementCreation, UserScriptData::DocumentElementCreation)
@@ -222,8 +216,6 @@ void UserScript::parseMetadataHeader()
     // support @noframes rule, we have to change the current default behavior.
     // static const base::StringPiece kNoFramesDeclaration("// @noframes");
 
-    static URLPattern urlPatternParser(validUserScriptSchemes());
-
     while (line_start < script_text.length()) {
         line_end = script_text.find('\n', line_start);
 
@@ -260,8 +252,7 @@ void UserScript::parseMetadataHeader()
                 }
                 scriptData->excludeGlobs.push_back(value);
             } else if (GetDeclarationValue(line, kMatchDeclaration, &value)) {
-                if (URLPattern::PARSE_SUCCESS == urlPatternParser.Parse(value))
-                    scriptData->urlPatterns.push_back(value);
+                scriptData->urlPatterns.push_back(value);
             } else if (GetDeclarationValue(line, kRunAtDeclaration, &value)) {
                 if (value == kRunAtDocumentStartValue)
                     scriptData->injectionPoint = DocumentElementCreation;
diff --git a/src/core/user_script.h b/src/core/user_script.h
index e44efd3e9..93cde9aa6 100644
--- a/src/core/user_script.h
+++ b/src/core/user_script.h
@@ -85,8 +85,6 @@ public:
 
     bool operator==(const UserScript &) const;
 
-    static int validUserScriptSchemes();
-
 private:
     void initData();
     UserScriptData &data() const;