[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
Gustavo Noronha Silva
gns at gnome.org
Thu Apr 8 02:24:12 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit c59a444cf53192fc0f90459deb81e9f2f503e61d
Author: beidson at apple.com <beidson at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Mar 18 01:32:22 2010 +0000
databaseIdentifiers are not filtered for slashes
<rdar://problem/7708789> and https://bugs.webkit.org/show_bug.cgi?id=36243
Reviewed by Darin Adler.
In addition to filtering for '/' and '\', to remove the directory vulnerability
on all platforms, it seems worth it to also escape other characters that are
obviously dangerous or illegal to have in a filename (mostly inspired by the
Windows illegal-character list).
No new tests - It's unclear how a test could possibly work into our testing
infrastructure.
* page/SecurityOrigin.cpp:
(WebCore::): Added a 128-bool table "needsEscaping" that has a true/false answer
for lower-ASCII.
(WebCore::SecurityOrigin::SecurityOrigin):
(WebCore::SecurityOrigin::createFromDatabaseIdentifier): "Unescape" the host
component using the KURL utility.
(WebCore::shouldEscapeUChar): If the char is lower-ASCII, look it up in the
needsEscaping table. Otherwise, let it pass.
(WebCore::encodedHost): Modeled after KURL's host escaping method, but targeted
for the escaping considerations for the host component. We don't use the KURL
version because this one is "different" enough because it operates on UTF16 and
has its own "is bad character?" decider.
(WebCore::SecurityOrigin::databaseIdentifier): Create the escaped host if needed,
and use it instead of the unescaped host.
* page/SecurityOrigin.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56139 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 5aa2020..c7fbfee 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,34 @@
+2010-03-17 Brady Eidson <beidson at apple.com>
+
+ Reviewed by Darin Adler.
+
+ databaseIdentifiers are not filtered for slashes
+ <rdar://problem/7708789> and https://bugs.webkit.org/show_bug.cgi?id=36243
+
+ In addition to filtering for '/' and '\', to remove the directory vulnerability
+ on all platforms, it seems worth it to also escape other characters that are
+ obviously dangerous or illegal to have in a filename (mostly inspired by the
+ Windows illegal-character list).
+
+ No new tests - It's unclear how a test could possibly work into our testing
+ infrastructure.
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::): Added a 128-bool table "needsEscaping" that has a true/false answer
+ for lower-ASCII.
+ (WebCore::SecurityOrigin::SecurityOrigin):
+ (WebCore::SecurityOrigin::createFromDatabaseIdentifier): "Unescape" the host
+ component using the KURL utility.
+ (WebCore::shouldEscapeUChar): If the char is lower-ASCII, look it up in the
+ needsEscaping table. Otherwise, let it pass.
+ (WebCore::encodedHost): Modeled after KURL's host escaping method, but targeted
+ for the escaping considerations for the host component. We don't use the KURL
+ version because this one is "different" enough because it operates on UTF16 and
+ has its own "is bad character?" decider.
+ (WebCore::SecurityOrigin::databaseIdentifier): Create the escaped host if needed,
+ and use it instead of the unescaped host.
+ * page/SecurityOrigin.h:
+
2010-03-16 Chris Fleizach <cfleizach at apple.com>
Reviewed by Darin Adler.
diff --git a/WebCore/page/SecurityOrigin.cpp b/WebCore/page/SecurityOrigin.cpp
index 63e4898..3db60ad 100644
--- a/WebCore/page/SecurityOrigin.cpp
+++ b/WebCore/page/SecurityOrigin.cpp
@@ -122,6 +122,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
: m_sandboxFlags(other->m_sandboxFlags)
, m_protocol(other->m_protocol.threadsafeCopy())
, m_host(other->m_host.threadsafeCopy())
+ , m_encodedHost(other->m_encodedHost.threadsafeCopy())
, m_domain(other->m_domain.threadsafeCopy())
, m_port(other->m_port)
, m_isUnique(other->m_isUnique)
@@ -381,13 +382,92 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::createFromDatabaseIdentifier(const St
// Split out the 3 sections of data
String protocol = databaseIdentifier.substring(0, separator1);
String host = databaseIdentifier.substring(separator1 + 1, separator2 - separator1 - 1);
+
+ host = decodeURLEscapeSequences(host);
return create(KURL(KURL(), protocol + "://" + host + ":" + String::number(port)));
}
+// The following lower-ASCII characters need escaping to be used in a filename
+// across all systems, including Windows:
+// - Unprintable ASCII (00-1F)
+// - Space (20)
+// - Double quote (22)
+// - Percent (25) (escaped because it is our escape character)
+// - Asterisk (2A)
+// - Slash (2F)
+// - Colon (3A)
+// - Less-than (3C)
+// - Greater-than (3E)
+// - Question Mark (3F)
+// - Backslash (5C)
+// - Pipe (7C)
+// - Delete (7F)
+
+static const bool needsEscaping[128] = {
+ /* 00-07 */ true, true, true, true, true, true, true, true,
+ /* 08-0F */ true, true, true, true, true, true, true, true,
+
+ /* 10-17 */ true, true, true, true, true, true, true, true,
+ /* 18-1F */ true, true, true, true, true, true, true, true,
+
+ /* 20-27 */ true, false, true, false, false, true, false, false,
+ /* 28-2F */ false, false, true, false, false, false, false, true,
+
+ /* 30-37 */ false, false, false, false, false, false, false, false,
+ /* 38-3F */ false, false, true, false, true, false, true, true,
+
+ /* 40-47 */ false, false, false, false, false, false, false, false,
+ /* 48-4F */ false, false, false, false, false, false, false, false,
+
+ /* 50-57 */ false, false, false, false, false, false, false, false,
+ /* 58-5F */ false, false, false, false, true, false, false, false,
+
+ /* 60-67 */ false, false, false, false, false, false, false, false,
+ /* 68-6F */ false, false, false, false, false, false, false, false,
+
+ /* 70-77 */ false, false, false, false, false, false, false, false,
+ /* 78-7F */ false, false, false, false, true, false, false, true,
+};
+
+static inline bool shouldEscapeUChar(UChar c)
+{
+ return c > 127 ? false : needsEscaping[c];
+}
+
+static const char hexDigits[17] = "0123456789ABCDEF";
+
+static String encodedHost(const String& host)
+{
+ unsigned length = host.length();
+ Vector<UChar, 512> buffer(length * 3 + 1);
+ UChar* p = buffer.data();
+
+ const UChar* str = host.characters();
+ const UChar* strEnd = str + length;
+
+ while (str < strEnd) {
+ UChar c = *str++;
+ if (shouldEscapeUChar(c)) {
+ *p++ = '%';
+ *p++ = hexDigits[(c >> 4) & 0xF];
+ *p++ = hexDigits[c & 0xF];
+ } else
+ *p++ = c;
+ }
+
+ ASSERT(p - buffer.data() <= static_cast<int>(buffer.size()));
+
+ return String(buffer.data(), p - buffer.data());
+}
+
String SecurityOrigin::databaseIdentifier() const
{
DEFINE_STATIC_LOCAL(String, separatorString, (&SeparatorCharacter, 1));
- return m_protocol + separatorString + m_host + separatorString + String::number(m_port);
+
+ if (m_encodedHost.isEmpty())
+ m_encodedHost = encodedHost(m_host);
+
+ return m_protocol + separatorString + m_encodedHost + separatorString + String::number(m_port);
}
bool SecurityOrigin::equal(const SecurityOrigin* other) const
diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h
index 7ac84ae..11c213e 100644
--- a/WebCore/page/SecurityOrigin.h
+++ b/WebCore/page/SecurityOrigin.h
@@ -204,6 +204,7 @@ private:
SandboxFlags m_sandboxFlags;
String m_protocol;
String m_host;
+ mutable String m_encodedHost;
String m_domain;
unsigned short m_port;
bool m_isUnique;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list