[epiphany/cherry-pick-b6deb6e5] Extend ephy_web_application_is_uri_allowed () to check for data: and blob: uri
- From: Jan-Michael Brummer <jbrummer src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/cherry-pick-b6deb6e5] Extend ephy_web_application_is_uri_allowed () to check for data: and blob: uri
- Date: Fri, 3 May 2019 09:32:17 +0000 (UTC)
commit 854dbd602ddcd8409a9ecfda7cdf1396614cf3f4
Author: Jan-Michael Brummer <jan brummer tabos org>
Date: Thu May 2 19:54:37 2019 +0000
Extend ephy_web_application_is_uri_allowed () to check for data: and blob: uri
Fixes: https://gitlab.gnome.org/GNOME/epiphany/issues/593
(cherry picked from commit b6deb6e58ed528ef824593d4058d43f120fcfd8d)
embed/ephy-embed-utils.c | 22 ----------------------
embed/ephy-embed-utils.h | 2 --
lib/ephy-web-app-utils.c | 31 ++++++++++++++++++++++++++++++-
lib/ephy-web-app-utils.h | 2 +-
src/ephy-window.c | 7 ++-----
5 files changed, 33 insertions(+), 31 deletions(-)
---
diff --git a/embed/ephy-embed-utils.c b/embed/ephy-embed-utils.c
index be9389630..963569a96 100644
--- a/embed/ephy-embed-utils.c
+++ b/embed/ephy-embed-utils.c
@@ -387,28 +387,6 @@ ephy_embed_utils_get_title_from_address (const char *address)
return ephy_string_get_host_name (address);
}
-gboolean
-ephy_embed_utils_urls_have_same_origin (const char *a_url,
- const char *b_url)
-{
- SoupURI *a_uri, *b_uri;
- gboolean retval = FALSE;
-
- a_uri = soup_uri_new (a_url);
- if (!a_uri)
- return retval;
-
- b_uri = soup_uri_new (b_url);
- if (b_uri) {
- retval = a_uri->host && b_uri->host && soup_uri_host_equal (a_uri, b_uri);
- soup_uri_free (b_uri);
- }
-
- soup_uri_free (a_uri);
-
- return retval;
-}
-
void
ephy_embed_utils_shutdown (void)
{
diff --git a/embed/ephy-embed-utils.h b/embed/ephy-embed-utils.h
index 3f99b7d89..9f1a7324d 100644
--- a/embed/ephy-embed-utils.h
+++ b/embed/ephy-embed-utils.h
@@ -46,8 +46,6 @@ char * ephy_embed_utils_normalize_or_autosearch_address (const char *add
gboolean ephy_embed_utils_url_is_empty (const char *location);
gboolean ephy_embed_utils_is_no_show_address (const char *address);
char *ephy_embed_utils_get_title_from_address (const char *address);
-gboolean ephy_embed_utils_urls_have_same_origin (const char *a_url,
- const char *b_url);
void ephy_embed_utils_shutdown (void);
G_END_DECLS
diff --git a/lib/ephy-web-app-utils.c b/lib/ephy-web-app-utils.c
index 97f3f2420..63596f0b9 100644
--- a/lib/ephy-web-app-utils.c
+++ b/lib/ephy-web-app-utils.c
@@ -759,14 +759,43 @@ ephy_web_application_initialize_settings (const char *profile_directory)
g_free (name);
}
+static gboolean
+urls_have_same_origin (const char *a_url,
+ const char *b_url)
+{
+ SoupURI *a_uri, *b_uri;
+ gboolean retval = FALSE;
+
+ a_uri = soup_uri_new (a_url);
+ if (!a_uri)
+ return retval;
+
+ b_uri = soup_uri_new (b_url);
+ if (b_uri) {
+ retval = a_uri->host && b_uri->host && soup_uri_host_equal (a_uri, b_uri);
+ soup_uri_free (b_uri);
+ }
+
+ soup_uri_free (a_uri);
+
+ return retval;
+}
+
gboolean
-ephy_web_application_is_uri_allowed (const char* uri)
+ephy_web_application_is_uri_allowed (const char *uri,
+ const char *referrer)
{
SoupURI *request_uri;
char **urls;
guint i;
gboolean matched = FALSE;
+ if (g_str_has_prefix (uri, "blob:") || g_str_has_prefix (uri, "data:"))
+ return TRUE;
+
+ if (urls_have_same_origin (uri, referrer))
+ return TRUE;
+
if (g_strcmp0 (uri, "about:blank") == 0)
return TRUE;
diff --git a/lib/ephy-web-app-utils.h b/lib/ephy-web-app-utils.h
index 18cba3939..3080f9970 100644
--- a/lib/ephy-web-app-utils.h
+++ b/lib/ephy-web-app-utils.h
@@ -67,7 +67,7 @@ void ephy_web_application_free_application_list (GList *list);
void ephy_web_application_initialize_settings (const char *profile_directory);
-gboolean ephy_web_application_is_uri_allowed (const char* uri);
+gboolean ephy_web_application_is_uri_allowed (const char *uri, const char *referrer);
gboolean ephy_web_application_save (EphyWebApplication *app);
diff --git a/src/ephy-window.c b/src/ephy-window.c
index 121d8c003..2724dbdb5 100644
--- a/src/ephy-window.c
+++ b/src/ephy-window.c
@@ -2044,8 +2044,7 @@ decide_navigation_policy (WebKitWebView *web_view,
referrer = (char *)g_object_get_data (G_OBJECT (window), "referrer");
- if (ephy_embed_utils_urls_have_same_origin (uri, referrer) ||
- ephy_web_application_is_uri_allowed (uri)) {
+ if (ephy_web_application_is_uri_allowed (uri, referrer)) {
gtk_widget_show (GTK_WIDGET (window));
} else {
/* We can't get here under flatpak because this code only
@@ -2064,10 +2063,8 @@ decide_navigation_policy (WebKitWebView *web_view,
if (navigation_type == WEBKIT_NAVIGATION_TYPE_LINK_CLICKED ||
(navigation_type == WEBKIT_NAVIGATION_TYPE_OTHER && webkit_navigation_action_is_user_gesture
(navigation_action))) {
- if (ephy_embed_utils_urls_have_same_origin (uri, webkit_web_view_get_uri (web_view)) ||
- ephy_web_application_is_uri_allowed (uri)) {
+ if (ephy_web_application_is_uri_allowed (uri, webkit_web_view_get_uri (web_view)))
return FALSE;
- }
/* We can't get here under flatpak because this code only
* executes in web app mode.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
