projects / org.ibex.core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
2002/06/17 07:01:40
[org.ibex.core.git] / src / org / xwt / Platform.java
diff --git a/src/org/xwt/Platform.java b/src/org/xwt/Platform.java
index f773f71..02e75dd 100644 (file)
--- a/src/org/xwt/Platform.java
+++ b/src/org/xwt/Platform.java
@@ -265,6 +265,17 @@ public class Platform {
             if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
             return;
         }
+
+        // check the URL for well-formedness, as a defense against buffer overflow attacks
+        try {
+            String u = url;
+            if (u.startsWith("https")) u = "http" + u.substring(5);
+            new URL(u);
+        } catch (MalformedURLException e) {
+            if (Log.on) Log.log(Platform.class, "URL " + url + " is not well-formed");
+            if (Log.on) Log.log(Platform.class, e);
+        }
+
         if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
         platform._newBrowserWindow(url);
     }
Unnamed repository; edit this file to name it for gitweb.