diff options
author | Szabolcs David <davidsz@inf.u-szeged.hu> | 2018-04-17 16:23:51 +0200 |
---|---|---|
committer | Peter Varga <pvarga@inf.u-szeged.hu> | 2018-04-27 07:30:24 +0000 |
commit | ff0a83a6c3e64772276cb71cba0392d1e89b037f (patch) | |
tree | f2170055d12cef72dd620be1a4418aed6e36d96f /src | |
parent | 216240a31baae6e54e38de8157332f272ddf57a7 (diff) |
Fix handling of bad @match directives
User scripts with parse errors in their @match patterns were included
on all pages. Don't allow to fallback to "@include *" in this case.
Task-number: QTBUG-67726
Change-Id: I8172184e79fe3e515f391bc6cc8274a624e67a19
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/renderer/user_resource_controller.cpp | 9 | ||||
-rw-r--r-- | src/core/user_script.cpp | 11 | ||||
-rw-r--r-- | src/core/user_script.h | 2 |
3 files changed, 8 insertions, 14 deletions
diff --git a/src/core/renderer/user_resource_controller.cpp b/src/core/renderer/user_resource_controller.cpp index 09451b83e..860f94a52 100644 --- a/src/core/renderer/user_resource_controller.cpp +++ b/src/core/renderer/user_resource_controller.cpp @@ -67,6 +67,11 @@ static content::RenderView * const globalScriptsIndex = 0; // Scripts meant to run after the load event will be run 500ms after DOMContentLoaded if the load event doesn't come within that delay. static const int afterLoadTimeout = 500; +static int validUserScriptSchemes() +{ + return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE; +} + static bool regexMatchesURL(const std::string &pat, const GURL &url) { QRegularExpression qre(QtWebEngineCore::toQt(pat)); qre.setPatternOptions(QRegularExpression::CaseInsensitiveOption); @@ -95,8 +100,8 @@ static bool scriptMatchesURL(const UserScriptData &scriptData, const GURL &url) if (!scriptData.urlPatterns.empty()) { matchFound = false; for (auto it = scriptData.urlPatterns.begin(), end = scriptData.urlPatterns.end(); it != end; ++it) { - URLPattern urlPattern(QtWebEngineCore::UserScript::validUserScriptSchemes(), *it); - if (urlPattern.MatchesURL(url)) + URLPattern urlPattern(validUserScriptSchemes()); + if (urlPattern.Parse(*it) == URLPattern::PARSE_SUCCESS && urlPattern.MatchesURL(url)) matchFound = true; } if (!matchFound) diff --git a/src/core/user_script.cpp b/src/core/user_script.cpp index 9b9d66d55..bdd6524ca 100644 --- a/src/core/user_script.cpp +++ b/src/core/user_script.cpp @@ -38,7 +38,6 @@ ****************************************************************************/ #include "common/user_script_data.h" -#include "extensions/common/url_pattern.h" #include "user_script.h" #include "type_conversion.h" @@ -66,11 +65,6 @@ bool GetDeclarationValue(const base::StringPiece& line, namespace QtWebEngineCore { -int UserScript::validUserScriptSchemes() -{ - return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE; -} - ASSERT_ENUMS_MATCH(UserScript::AfterLoad, UserScriptData::AfterLoad) ASSERT_ENUMS_MATCH(UserScript::DocumentLoadFinished, UserScriptData::DocumentLoadFinished) ASSERT_ENUMS_MATCH(UserScript::DocumentElementCreation, UserScriptData::DocumentElementCreation) @@ -222,8 +216,6 @@ void UserScript::parseMetadataHeader() // support @noframes rule, we have to change the current default behavior. // static const base::StringPiece kNoFramesDeclaration("// @noframes"); - static URLPattern urlPatternParser(validUserScriptSchemes()); - while (line_start < script_text.length()) { line_end = script_text.find('\n', line_start); @@ -260,8 +252,7 @@ void UserScript::parseMetadataHeader() } scriptData->excludeGlobs.push_back(value); } else if (GetDeclarationValue(line, kMatchDeclaration, &value)) { - if (URLPattern::PARSE_SUCCESS == urlPatternParser.Parse(value)) - scriptData->urlPatterns.push_back(value); + scriptData->urlPatterns.push_back(value); } else if (GetDeclarationValue(line, kRunAtDeclaration, &value)) { if (value == kRunAtDocumentStartValue) scriptData->injectionPoint = DocumentElementCreation; diff --git a/src/core/user_script.h b/src/core/user_script.h index e44efd3e9..93cde9aa6 100644 --- a/src/core/user_script.h +++ b/src/core/user_script.h @@ -85,8 +85,6 @@ public: bool operator==(const UserScript &) const; - static int validUserScriptSchemes(); - private: void initData(); UserScriptData &data() const; |