Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup, r?baku
This seems like much the simplest way to prevent the recursion. Other alternatives
include some kind of member var to track state (which wouldn't be threadsafe, though
I don't know that that really matters for this component) or adding a field on
nsIDefaultURIFixupInfo, which seems ugly. This is a bit hacky, but it seems to work.
MozReview-Commit-ID: 7CCVvENSRVD
--- a/docshell/base/nsDefaultURIFixup.cpp
+++ b/docshell/base/nsDefaultURIFixup.cpp
@@ -188,21 +188,30 @@ nsDefaultURIFixup::GetFixupURIInfo(const
if (scheme.LowerCaseEqualsLiteral("view-source")) {
nsCOMPtr<nsIURIFixupInfo> uriInfo;
// We disable keyword lookup and alternate URIs so that small typos don't
// cause us to look at very different domains
uint32_t newFixupFlags = aFixupFlags & ~FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP
& ~FIXUP_FLAGS_MAKE_ALTERNATE_URI;
- rv = GetFixupURIInfo(Substring(uriString,
- sizeof("view-source:") - 1,
- uriString.Length() -
- (sizeof("view-source:") - 1)),
- newFixupFlags, aPostData, getter_AddRefs(uriInfo));
+ const uint32_t viewSourceLen = sizeof("view-source:") - 1;
+ nsAutoCString innerURIString(Substring(uriString, viewSourceLen,
+ uriString.Length() -
+ viewSourceLen));
+ // Prevent recursion:
+ innerURIString.Trim(" ");
+ nsAutoCString innerScheme;
+ ioService->ExtractScheme(innerURIString, innerScheme);
+ if (innerScheme.LowerCaseEqualsLiteral("view-source")) {
+ return NS_ERROR_FAILURE;
+ }
+
+ rv = GetFixupURIInfo(innerURIString, newFixupFlags, aPostData,
+ getter_AddRefs(uriInfo));
if (NS_FAILED(rv)) {
return NS_ERROR_FAILURE;
}
nsAutoCString spec;
nsCOMPtr<nsIURI> uri;
uriInfo->GetPreferredURI(getter_AddRefs(uri));
if (!uri) {
return NS_ERROR_FAILURE;