From ff0a83a6c3e64772276cb71cba0392d1e89b037f Mon Sep 17 00:00:00 2001 From: Szabolcs David Date: Tue, 17 Apr 2018 16:23:51 +0200 Subject: Fix handling of bad @match directives User scripts with parse errors in their @match patterns were included on all pages. Don't allow to fallback to "@include *" in this case. Task-number: QTBUG-67726 Change-Id: I8172184e79fe3e515f391bc6cc8274a624e67a19 Reviewed-by: Allan Sandfeld Jensen --- src/core/renderer/user_resource_controller.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/core/renderer') diff --git a/src/core/renderer/user_resource_controller.cpp b/src/core/renderer/user_resource_controller.cpp index 09451b83e..860f94a52 100644 --- a/src/core/renderer/user_resource_controller.cpp +++ b/src/core/renderer/user_resource_controller.cpp @@ -67,6 +67,11 @@ static content::RenderView * const globalScriptsIndex = 0; // Scripts meant to run after the load event will be run 500ms after DOMContentLoaded if the load event doesn't come within that delay. static const int afterLoadTimeout = 500; +static int validUserScriptSchemes() +{ + return URLPattern::SCHEME_HTTP | URLPattern::SCHEME_HTTPS | URLPattern::SCHEME_FILE; +} + static bool regexMatchesURL(const std::string &pat, const GURL &url) { QRegularExpression qre(QtWebEngineCore::toQt(pat)); qre.setPatternOptions(QRegularExpression::CaseInsensitiveOption); @@ -95,8 +100,8 @@ static bool scriptMatchesURL(const UserScriptData &scriptData, const GURL &url) if (!scriptData.urlPatterns.empty()) { matchFound = false; for (auto it = scriptData.urlPatterns.begin(), end = scriptData.urlPatterns.end(); it != end; ++it) { - URLPattern urlPattern(QtWebEngineCore::UserScript::validUserScriptSchemes(), *it); - if (urlPattern.MatchesURL(url)) + URLPattern urlPattern(validUserScriptSchemes()); + if (urlPattern.Parse(*it) == URLPattern::PARSE_SUCCESS && urlPattern.MatchesURL(url)) matchFound = true; } if (!matchFound) -- cgit v1.2.3