Bug 1535371 - QM: Treat origins containg the '^' character as invalid; r=asuth
authorJan Varga <jan.varga@gmail.com>
Thu, 16 May 2019 15:05:38 +0200
changeset 533029 dd5c42327e22e7de29060c6a37a550401a8bf9fb
parent 533028 78f167160710f9aca6a6d805851a04d267c24590
child 533030 ee4b88439111cf03944808dc170dbefa74fbdab0
push id11276
push userrgurzau@mozilla.com
push dateMon, 20 May 2019 13:11:24 +0000
treeherdermozilla-beta@847755a7c325 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersasuth
bugs1535371
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1535371 - QM: Treat origins containg the '^' character as invalid; r=asuth Differential Revision: https://phabricator.services.mozilla.com/D31428
dom/quota/ActorsParent.cpp
dom/quota/test/unit/test_originWithCaret.js
dom/quota/test/unit/xpcshell.ini
--- a/dom/quota/ActorsParent.cpp
+++ b/dom/quota/ActorsParent.cpp
@@ -6079,16 +6079,22 @@ bool QuotaManager::IsPrincipalInfoValid(
                    originNoSuffix.get(), info.originNoSuffix().get());
         return false;
       }
 
       if (NS_WARN_IF(info.originNoSuffix().EqualsLiteral(kChromeOrigin))) {
         return false;
       }
 
+      if (NS_WARN_IF(info.originNoSuffix().FindChar('^', 0) != -1)) {
+        QM_WARNING("originNoSuffix (%s) contains the '^' character!",
+                   info.originNoSuffix().get());
+        return false;
+      }
+
       // Verify the principal baseDomain exists.
       if (NS_WARN_IF(info.baseDomain().IsVoid())) {
         return false;
       }
 
       // Verify the principal baseDomain matches spec.
       nsCString baseDomain;
       rv = specURL->BaseDomain(baseDomain);
new file mode 100644
--- /dev/null
+++ b/dom/quota/test/unit/test_originWithCaret.js
@@ -0,0 +1,15 @@
+/**
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+async function testSteps() {
+  const principal = getPrincipal("http://example.com^123");
+
+  try {
+    getSimpleDatabase(principal);
+    ok(false, "Should have thrown");
+  } catch (ex) {
+    ok(true, "Did throw");
+  }
+}
--- a/dom/quota/test/unit/xpcshell.ini
+++ b/dom/quota/test/unit/xpcshell.ini
@@ -38,16 +38,17 @@ support-files =
 [test_listInitializedOrigins.js]
 [test_localStorageArchive1upgrade.js]
 [test_localStorageArchive4upgrade.js]
 [test_localStorageArchiveDowngrade.js]
 [test_morgueCleanup.js]
 [test_obsoleteOriginAttributesUpgrade.js]
 [test_obsoleteOrigins.js]
 [test_originAttributesUpgrade.js]
+[test_originWithCaret.js]
 [test_persist.js]
 [test_persist_eviction.js]
 [test_persist_globalLimit.js]
 [test_persist_groupLimit.js]
 [test_removeLocalStorage.js]
 [test_simpledb.js]
 [test_specialOrigins.js]
 [test_storagePersistentUpgrade.js]