Fixed inconsistencies in handling of browser-internal URLs.
This commit is contained in:
hackademix
parent
9493978473
commit
5ffd53ee89
|
|
@ -190,7 +190,7 @@
|
|||
|
||||
getForDocument(policy, url, context = null) {
|
||||
return {
|
||||
permissions: policy.get(url, context).perms.dry(),
|
||||
permissions: policy && policy.get(url, context).perms.dry(),
|
||||
MARKER: marker
|
||||
};
|
||||
},
|
||||
|
|
|
|||
|
|
@ -256,8 +256,8 @@ var RequestGuard = (() => {
|
|||
});
|
||||
return redirected;
|
||||
}
|
||||
|
||||
const ABORT = {cancel: true}, ALLOW = {};
|
||||
const INTERNAL_SCHEME = /^(?:chrome|resource|(?:moz|chrome)-extension|about):/;
|
||||
const listeners = {
|
||||
onBeforeRequest(request) {
|
||||
try {
|
||||
|
|
@ -272,7 +272,7 @@ var RequestGuard = (() => {
|
|||
// some extensions make them both undefined,
|
||||
// see https://github.com/eight04/image-picka/issues/150
|
||||
) ||
|
||||
INTERNAL_SCHEME.test(originUrl))
|
||||
Sites.isInternal(originUrl))
|
||||
) {
|
||||
// livemark request or similar browser-internal, always allow;
|
||||
return ALLOW;
|
||||
|
|
@ -281,7 +281,7 @@ var RequestGuard = (() => {
|
|||
request._dataUrl = url;
|
||||
request.url = url = documentUrl;
|
||||
}
|
||||
let allowed = INTERNAL_SCHEME.test(url) ||
|
||||
let allowed = Sites.isInternal(url) ||
|
||||
!ns.isEnforced(request.tabId) ||
|
||||
policy.can(url, policyType, originUrl);
|
||||
Content.reportTo(request, allowed, policyType);
|
||||
|
|
|
|||
|
|
@ -142,8 +142,10 @@
|
|||
},
|
||||
|
||||
async fetchChildPolicy({url, contextUrl}, sender) {
|
||||
return ChildPolicies.getForDocument(ns.policy,
|
||||
url || sender.url, contextUrl || sender.tab.url);
|
||||
let {tab} = sender;
|
||||
if (!url) url = sender.url;
|
||||
let policy = !Sites.isInternal(url) && ns.isEnforced(tab.id) ? ns.policy : null;
|
||||
return ChildPolicies.getForDocument(policy, url, contextUrl || tab.url);
|
||||
},
|
||||
|
||||
async openStandalonePopup() {
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
var {Permissions, Policy, Sites} = (() => {
|
||||
'use strict';
|
||||
|
||||
const SECURE_DOMAIN_PREFIX = "§:";
|
||||
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
|
||||
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
|
||||
const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/;
|
||||
const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/;
|
||||
const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/;
|
||||
|
||||
let rxQuote = s => s.replace(/[.?*+^$[\]\\(){}|-]/g, "\\$&");
|
||||
|
|
@ -24,6 +23,9 @@ var {Permissions, Policy, Sites} = (() => {
|
|||
return VALID_SITE_RX.test(site);
|
||||
}
|
||||
|
||||
static isInternal(site) {
|
||||
return INTERNAL_SITE_RX.test(site);
|
||||
}
|
||||
|
||||
static originImplies(originKey, site) {
|
||||
return originKey === site || site.startsWith(`${originKey}/`);
|
||||
|
|
@ -116,7 +118,7 @@ var {Permissions, Policy, Sites} = (() => {
|
|||
}
|
||||
|
||||
set(k, v) {
|
||||
if (!k || SKIP_RX.test(k) || k === "§:") return this;
|
||||
if (!k || Sites.isInternal(k) || k === "§:") return this;
|
||||
let [,domain] = DOMAIN_RX.exec(k);
|
||||
if (/[^\u0000-\u007f]/.test(domain)) {
|
||||
k = k.replace(domain, punycode.toASCII(domain));
|
||||
|
|
|
|||
Loading…
Reference in New Issue