Reviewers: caseq
CL:
https://codereview.chromium.org/2065823004/Message:
Could you please take a look?
Description:
[DevTools] Whitelist remoteFrontendUrl and remoteBase params.
This also fixes loadScriptsPromise to not normalize hostname.
BUG=619414,618333
Base URL:
https://chromium.googlesource.com/chromium/src.git@masterAffected files (+13, -3 lines):
M third_party/WebKit/Source/devtools/front_end/Runtime.js
M third_party/WebKit/Source/devtools/front_end/devtools.js
Index: third_party/WebKit/Source/devtools/front_end/Runtime.js
diff --git a/third_party/WebKit/Source/devtools/front_end/Runtime.js b/third_party/WebKit/Source/devtools/front_end/Runtime.js
index 37fb273fa25386f4eaeaabb79f00cc562855cf84..2f0b1ee9713e90beb692924aa62af7a8b27d0b35 100644
--- a/third_party/WebKit/Source/devtools/front_end/Runtime.js
+++ b/third_party/WebKit/Source/devtools/front_end/Runtime.js
@@ -121,8 +121,13 @@ function loadScriptsPromise(scriptNames, base)
for (var i = 0; i < scriptNames.length; ++i) {
var scriptName = scriptNames[i];
var sourceURL = (base || self._importScriptPathPrefix) + scriptName;
+
var schemaIndex = sourceURL.indexOf("://") + 3;
- sourceURL = sourceURL.substring(0, schemaIndex) + normalizePath(sourceURL.substring(schemaIndex));
+ var pathIndex = sourceURL.indexOf("/", schemaIndex);
+ if (pathIndex === -1)
+ pathIndex = sourceURL.length;
+ sourceURL = sourceURL.substring(0, pathIndex) + normalizePath(sourceURL.substring(pathIndex));
+
if (_loadedScripts[sourceURL])
continue;
urls.push(sourceURL);
@@ -1160,7 +1165,8 @@ Runtime.experiments = new Runtime.ExperimentsSupport();
Runtime._remoteBase = Runtime.queryParam("remoteBase");
{(function validateRemoteBase()
{
- if (Runtime._remoteBase && !Runtime._remoteBase.startsWith("
https://chrome-devtools-frontend.appspot.com/"))
+ var remoteBaseRegexp = /^https:\/\/chrome-devtools-frontend\.appspot\.com\/serve_file\/@[0-9a-zA-Z]+\/?$/;
+ if (Runtime._remoteBase && !remoteBaseRegexp.test(Runtime._remoteBase))
Runtime._remoteBase = null;
})();}
Index: third_party/WebKit/Source/devtools/front_end/devtools.js
diff --git a/third_party/WebKit/Source/devtools/front_end/devtools.js b/third_party/WebKit/Source/devtools/front_end/devtools.js
index f3a91417f68c5ed57a954f58d7eafead6c55e625..1b278045a32cb793cbcf07b635e0bcfe57c602aa 100644
--- a/third_party/WebKit/Source/devtools/front_end/devtools.js
+++ b/third_party/WebKit/Source/devtools/front_end/devtools.js
@@ -985,6 +985,8 @@ function installObjectObserve()
*/
function sanitizeRemoteFrontendUrl()
{
+ var remoteBaseRegexp = /^https:\/\/chrome-devtools-frontend\.appspot\.com\/serve_file\/@[0-9a-zA-Z]+\/?$/;
+ var remoteFrontendUrlRegexp = /^https:\/\/chrome-devtools-frontend\.appspot\.com\/serve_rev\/@?[0-9a-zA-Z]+\/(devtools|inspector)\.html$/;
var queryParams = location.search;
if (!queryParams)
return;
@@ -993,7 +995,9 @@ function sanitizeRemoteFrontendUrl()
var pair = params[i].split("=");
var name = pair.shift();
var value = pair.join("=");
- if (name === "remoteFrontendUrl" && !value.startsWith("
https://chrome-devtools-frontend.appspot.com/"))
+ if (name === "remoteFrontendUrl" && !remoteFrontendUrlRegexp.test(value))
+ location.search = "";
+ if (name === "remoteBase" && !remoteBaseRegexp.test(value))
location.search = "";
}
}