From: megacz <megacz@xwt.org>
Date: Fri, 30 Jan 2004 06:47:43 +0000 (+0000)
Subject: 2002/06/01 23:46:10
X-Git-Tag: RC3~1714
X-Git-Url: http://git.megacz.com/?p=org.ibex.core.git;a=commitdiff_plain;h=76a3f525433eff7ade457945efa42aa5c1a50b84

2002/06/01 23:46:10

darcs-hash:20040130064743-2ba56-1b009ac34d53257b01d6cabf253719b0c82720fe.gz
---

diff --git a/CHANGES b/CHANGES
index e67f3f9..bad04e9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -172,3 +172,5 @@
 
 28-May megacz Main.java: spelling fix
 
+01-Jun megacz Platform.java: extra checks on URL well-formedness
+
diff --git a/src/org/xwt/Platform.java b/src/org/xwt/Platform.java
index f773f71..02e75dd 100644
--- a/src/org/xwt/Platform.java
+++ b/src/org/xwt/Platform.java
@@ -265,6 +265,17 @@ public class Platform {
             if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
             return;
         }
+
+        // check the URL for well-formedness, as a defense against buffer overflow attacks
+        try {
+            String u = url;
+            if (u.startsWith("https")) u = "http" + u.substring(5);
+            new URL(u);
+        } catch (MalformedURLException e) {
+            if (Log.on) Log.log(Platform.class, "URL " + url + " is not well-formed");
+            if (Log.on) Log.log(Platform.class, e);
+        }
+
         if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
         platform._newBrowserWindow(url);
     }