commit 5004808a86cb423225f79960dd2a3f2d17c538cb
author aperez@igalia.com <aperez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Apr 02 10:26:27 2020 +0000
committer aperez@igalia.com <aperez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Apr 02 10:26:27 2020 +0000
tree be23f218a3e373364dc13d0e32b612d929c8f443
parent 7e78c62cccfcc179b8edbef9c93b3457a963cb9b

[WPE][GTK] Public API should not allow trying to register a special URI scheme
https://bugs.webkit.org/show_bug.cgi?id=209900

Reviewed by Carlos Garcia Campos.

No new tests needed.

* UIProcess/API/glib/WebKitWebContext.cpp:
(webkit_web_context_register_uri_scheme): Use g_return_if_fail() to
check at the public API level whether the passed URI scheme is
special and bail out early.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@259382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 69932d1..f4cd5ba 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,17 @@
+2020-04-02  Adrian Perez de Castro  <aperez@igalia.com>
+
+        [WPE][GTK] Public API should not allow trying to register a special URI scheme
+        https://bugs.webkit.org/show_bug.cgi?id=209900
+
+        Reviewed by Carlos Garcia Campos.
+
+        No new tests needed.
+
+        * UIProcess/API/glib/WebKitWebContext.cpp:
+        (webkit_web_context_register_uri_scheme): Use g_return_if_fail() to
+        check at the public API level whether the passed URI scheme is
+        special and bail out early.
+
 2020-04-02  Carlos Garcia Campos  <cgarcia@igalia.com>
 
         [GTK] [2.28.0] The Yelp build crashes if DISPLAY is not set

Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp

diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
index 33a9b7d..ce26882 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
@@ -1231,6 +1231,14 @@
     g_return_if_fail(scheme);
     g_return_if_fail(callback);
 
+    // List from Source/WTF/URLParser.cpp, enum Scheme.
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "ws"));
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "wss"));
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "file"));
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "ftp"));
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "http"));
+    g_return_if_fail(!g_ascii_strcasecmp(scheme, "https"));
+
     auto handler = WebKitURISchemeHandler::create(context, callback, userData, destroyNotify);
     auto addResult = context->priv->uriSchemeHandlers.set(String::fromUTF8(scheme), WTFMove(handler));
     for (auto* webView : context->priv->webViews.values())