Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: lib/filterClasses.js

Issue 29793555: Issue 6704 - Prevent $rewrite filters from matching against request types that load code (Closed)
Patch Set: Created May 29, 2018, 1:21 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | test/filterClasses.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/filterClasses.js
===================================================================
--- a/lib/filterClasses.js
+++ b/lib/filterClasses.js
@@ -826,6 +826,17 @@
}
}
+ // For security reasons, never match $rewrite filters
+ // against requests that might load any code to be executed.
+ if (rewrite != null)
+ {
+ if (contentType == null)
+ ({contentType} = RegExpFilter.prototype);
+ contentType &= ~(RegExpFilter.typeMap.SCRIPT |
+ RegExpFilter.typeMap.SUBDOCUMENT |
+ RegExpFilter.typeMap.OBJECT);
+ }
+
try
{
if (blocking)
« no previous file with comments | « no previous file | test/filterClasses.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld