projects
/
org.ibex.core.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
903894f
)
2002/06/01 23:46:10
author
megacz
<megacz@xwt.org>
Fri, 30 Jan 2004 06:47:43 +0000
(06:47 +0000)
committer
megacz
<megacz@xwt.org>
Fri, 30 Jan 2004 06:47:43 +0000
(06:47 +0000)
darcs-hash:
20040130064743
-2ba56-
1b009ac34d53257b01d6cabf253719b0c82720fe
.gz
CHANGES
patch
|
blob
|
history
src/org/xwt/Platform.java
patch
|
blob
|
history
diff --git
a/CHANGES
b/CHANGES
index
e67f3f9
..
bad04e9
100644
(file)
--- a/
CHANGES
+++ b/
CHANGES
@@
-172,3
+172,5
@@
28-May megacz Main.java: spelling fix
28-May megacz Main.java: spelling fix
+01-Jun megacz Platform.java: extra checks on URL well-formedness
+
diff --git
a/src/org/xwt/Platform.java
b/src/org/xwt/Platform.java
index
f773f71
..
02e75dd
100644
(file)
--- a/
src/org/xwt/Platform.java
+++ b/
src/org/xwt/Platform.java
@@
-265,6
+265,17
@@
public class Platform {
if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
return;
}
if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
return;
}
+
+ // check the URL for well-formedness, as a defense against buffer overflow attacks
+ try {
+ String u = url;
+ if (u.startsWith("https")) u = "http" + u.substring(5);
+ new URL(u);
+ } catch (MalformedURLException e) {
+ if (Log.on) Log.log(Platform.class, "URL " + url + " is not well-formed");
+ if (Log.on) Log.log(Platform.class, e);
+ }
+
if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
platform._newBrowserWindow(url);
}
if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
platform._newBrowserWindow(url);
}