2008-10-01 09:15:58 +04:00
|
|
|
/* check resource: protocol for traversal problems */
|
|
|
|
|
|
|
|
const specs = [
|
|
|
|
"resource:///chrome/../plugins",
|
|
|
|
"resource:///chrome%2f../plugins",
|
|
|
|
"resource:///chrome/..%2fplugins",
|
|
|
|
"resource:///chrome%2f%2e%2e%2fplugins",
|
|
|
|
"resource:///../../../..",
|
|
|
|
"resource:///..%2f..%2f..%2f..",
|
|
|
|
"resource:///%2e%2e"
|
|
|
|
];
|
|
|
|
|
|
|
|
function run_test() {
|
|
|
|
var ios = Cc["@mozilla.org/network/io-service;1"].
|
|
|
|
getService(Ci.nsIIOService);
|
|
|
|
|
2015-10-18 20:19:02 +03:00
|
|
|
for (var spec of specs) {
|
2017-01-09 22:27:26 +03:00
|
|
|
var uri = ios.newURI(spec);
|
2018-02-01 22:45:22 +03:00
|
|
|
if (uri.spec.includes(".."))
|
2008-10-01 09:15:58 +04:00
|
|
|
do_throw("resource: traversal remains: '"+spec+"' ==> '"+uri.spec+"'");
|
|
|
|
}
|
|
|
|
}
|