зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1501108 - [5.1] Ensure that the context ID string is safe for Gecko processing. r=Ehsan,geckoview-reviewers,agi
Differential Revision: https://phabricator.services.mozilla.com/D38188 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
1ecb9ae15b
Коммит
54c69d2380
|
@ -336,11 +336,18 @@ public final class GeckoSessionSettings implements Parcelable {
|
|||
new Key<Boolean>("fullAccessibilityTree", /* initOnly */ false, /* values */ null);
|
||||
|
||||
/**
|
||||
* Key to specify the session context ID.
|
||||
* Internal Gecko key to specify the session context ID.
|
||||
* Derived from `UNSAFE_CONTEXT_ID`.
|
||||
*/
|
||||
private static final Key<String> CONTEXT_ID =
|
||||
new Key<String>("sessionContextId", /* initOnly */ true, /* values */ null);
|
||||
|
||||
/**
|
||||
* User-provided key to specify the session context ID.
|
||||
*/
|
||||
private static final Key<String> UNSAFE_CONTEXT_ID =
|
||||
new Key<String>("unsafeSessionContextId", /* initOnly */ true, /* values */ null);
|
||||
|
||||
private final GeckoSession mSession;
|
||||
private final GeckoBundle mBundle;
|
||||
|
||||
|
@ -375,6 +382,7 @@ public final class GeckoSessionSettings implements Parcelable {
|
|||
mBundle.putInt(VIEWPORT_MODE.name, VIEWPORT_MODE_MOBILE);
|
||||
mBundle.putInt(DISPLAY_MODE.name, DISPLAY_MODE_BROWSER);
|
||||
mBundle.putString(CONTEXT_ID.name, null);
|
||||
mBundle.putString(UNSAFE_CONTEXT_ID.name, null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -473,7 +481,8 @@ public final class GeckoSessionSettings implements Parcelable {
|
|||
* @return The context ID for this session.
|
||||
*/
|
||||
public @Nullable String getContextId() {
|
||||
return getString(CONTEXT_ID);
|
||||
// Return the user-provided unsafe string.
|
||||
return getString(UNSAFE_CONTEXT_ID);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -635,7 +644,8 @@ public final class GeckoSessionSettings implements Parcelable {
|
|||
}
|
||||
|
||||
private void setContextId(final @Nullable String value) {
|
||||
setString(CONTEXT_ID, value);
|
||||
setString(UNSAFE_CONTEXT_ID, value);
|
||||
setString(CONTEXT_ID, StorageController.createSafeSessionContextId(value));
|
||||
}
|
||||
|
||||
private void setString(final Key<String> key, final String value) {
|
||||
|
|
|
@ -8,10 +8,12 @@ package org.mozilla.geckoview;
|
|||
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.math.BigInteger;
|
||||
|
||||
import android.support.annotation.AnyThread;
|
||||
import android.support.annotation.LongDef;
|
||||
import android.support.annotation.NonNull;
|
||||
import android.support.annotation.Nullable;
|
||||
|
||||
import org.mozilla.gecko.EventDispatcher;
|
||||
import org.mozilla.gecko.util.GeckoBundle;
|
||||
|
@ -175,9 +177,25 @@ public final class StorageController {
|
|||
@AnyThread
|
||||
public void clearDataForSessionContext(final @NonNull String contextId) {
|
||||
final GeckoBundle bundle = new GeckoBundle(1);
|
||||
bundle.putString("contextId", contextId);
|
||||
bundle.putString("contextId", createSafeSessionContextId(contextId));
|
||||
|
||||
EventDispatcher.getInstance().dispatch(
|
||||
"GeckoView:ClearSessionContextData", bundle);
|
||||
}
|
||||
|
||||
/* package */ static @NonNull String createSafeSessionContextId(
|
||||
final @Nullable String contextId) {
|
||||
if (contextId == null) {
|
||||
return null;
|
||||
}
|
||||
if (contextId.isEmpty()) {
|
||||
// Let's avoid empty strings for Gecko.
|
||||
return "gvctxempty";
|
||||
}
|
||||
// We don't want to restrict the session context ID string options, so to
|
||||
// ensure that the string is safe for Gecko processing, we translate it to
|
||||
// its hex representation.
|
||||
return String.format("gvctx%x", new BigInteger(contextId.getBytes()))
|
||||
.toLowerCase();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -76,6 +76,11 @@ class GeckoViewNavigation extends GeckoViewModule {
|
|||
debug`sessionContextId=${this.settings.sessionContextId}`;
|
||||
|
||||
if (this.settings.sessionContextId !== null) {
|
||||
// Gecko may have issues with strings containing special characters,
|
||||
// so we restrict the string format to a specific pattern.
|
||||
if (!/^gvctx(-)?([a-f0-9]+)$/.test(this.settings.sessionContextId)) {
|
||||
throw new Error("sessionContextId has illegal format");
|
||||
}
|
||||
this.browser.webNavigation.setOriginAttributesBeforeLoading({
|
||||
geckoViewSessionContextId: this.settings.sessionContextId,
|
||||
privateBrowsingId: PrivateBrowsingUtils.isBrowserPrivate(this.browser)
|
||||
|
|
Загрузка…
Ссылка в новой задаче