From 76a3f525433eff7ade457945efa42aa5c1a50b84 Mon Sep 17 00:00:00 2001
From: megacz <megacz@xwt.org>
Date: Fri, 30 Jan 2004 06:47:43 +0000
Subject: [PATCH] 2002/06/01 23:46:10

darcs-hash:20040130064743-2ba56-1b009ac34d53257b01d6cabf253719b0c82720fe.gz
---
 CHANGES                   |    2 ++
 src/org/xwt/Platform.java |   11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/CHANGES b/CHANGES
index e67f3f9..bad04e9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -172,3 +172,5 @@
 
 28-May megacz Main.java: spelling fix
 
+01-Jun megacz Platform.java: extra checks on URL well-formedness
+
diff --git a/src/org/xwt/Platform.java b/src/org/xwt/Platform.java
index f773f71..02e75dd 100644
--- a/src/org/xwt/Platform.java
+++ b/src/org/xwt/Platform.java
@@ -265,6 +265,17 @@ public class Platform {
             if (Log.on) Log.log(Platform.class, "xwt.newBrowserWindow() only supports http and https urls");
             return;
         }
+
+        // check the URL for well-formedness, as a defense against buffer overflow attacks
+        try {
+            String u = url;
+            if (u.startsWith("https")) u = "http" + u.substring(5);
+            new URL(u);
+        } catch (MalformedURLException e) {
+            if (Log.on) Log.log(Platform.class, "URL " + url + " is not well-formed");
+            if (Log.on) Log.log(Platform.class, e);
+        }
+
         if (Log.on) Log.log(Platform.class, "newBrowserWindow, url = " + url);
         platform._newBrowserWindow(url);
     }
-- 
1.7.10.4