Bug 1117311 - CSP: Allowing paths that start with '_' (r=sstamm)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Sun, 04 Jan 2015 19:58:38 -0800
changeset 222161 425de18940f3929fbec345b94cff490f9f37dac6
parent 222160 e9535d758389f7d75043a1665d3ebce4cf9145fa
child 222162 b2af3f485bdfe6d29373565d998289cba458ed4c
push id28059
push userryanvm@gmail.com
push dateTue, 06 Jan 2015 15:53:01 +0000
treeherdermozilla-central@4d91c33b351c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs1117311
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1117311 - CSP: Allowing paths that start with '_' (r=sstamm)
dom/security/nsCSPParser.cpp
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -439,17 +439,17 @@ nsCSPParser::path(nsCSPHostSrc* aCspHost
     // www.example.com/ should result in www.example.com/
     // please note that we do not have to perform any pct-decoding here
     // because we are just appending a '/' and not any actual chars.
     aCspHost->appendPath(NS_LITERAL_STRING("/"));
     return true;
   }
   // path can begin with "/" but not "//"
   // see http://tools.ietf.org/html/rfc3986#section-3.3
-  if (!hostChar()) {
+  if (peek(SLASH)) {
     const char16_t* params[] = { mCurToken.get() };
     logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidSource",
                              params, ArrayLength(params));
     return false;
   }
   return subPath(aCspHost);
 }