Bug 1117311 - CSP: Allowing paths that start with '_' (r=sstamm)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Sun, 04 Jan 2015 19:58:38 -0800
changeset 235073 425de18940f3929fbec345b94cff490f9f37dac6
parent 235058 e9535d758389f7d75043a1665d3ebce4cf9145fa
child 235074 b2af3f485bdfe6d29373565d998289cba458ed4c
push id349
push usermartin.thomson@gmail.com
push dateTue, 06 Jan 2015 00:59:51 +0000
reviewerssstamm
bugs1117311
milestone37.0a1
Bug 1117311 - CSP: Allowing paths that start with '_' (r=sstamm)
dom/security/nsCSPParser.cpp
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -439,17 +439,17 @@ nsCSPParser::path(nsCSPHostSrc* aCspHost
     // www.example.com/ should result in www.example.com/
     // please note that we do not have to perform any pct-decoding here
     // because we are just appending a '/' and not any actual chars.
     aCspHost->appendPath(NS_LITERAL_STRING("/"));
     return true;
   }
   // path can begin with "/" but not "//"
   // see http://tools.ietf.org/html/rfc3986#section-3.3
-  if (!hostChar()) {
+  if (peek(SLASH)) {
     const char16_t* params[] = { mCurToken.get() };
     logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidSource",
                              params, ArrayLength(params));
     return false;
   }
   return subPath(aCspHost);
 }