Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-05-08 17:19:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

trustedDomains: loosen restrictions on what a * can be

Browse Source 
fixes #110501
This commit is contained in:
Jackson Kearl
2020-11-12 10:07:17 -08:00
parent b0ce55403a
commit 611f28952f
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts
+8 -6
View File
@@ -283,13 +283,15 @@ const doURLMatch = (
options.push(doURLMatch(memo, url, trustedURL, urlOffset, trustedURLOffset + 2));
}
if (trustedURL[trustedURLOffset] + trustedURL[trustedURLOffset + 1] === '.*' && url[urlOffset] === '.') {
// IP mode. Consume one segment of numbers or nothing.
let endBlockIndex = urlOffset + 1;
do { endBlockIndex++; } while (/[0-9]/.test(url[endBlockIndex]));
if (['.', ':', '/', undefined].includes(url[endBlockIndex])) {
options.push(doURLMatch(memo, url, trustedURL, endBlockIndex, trustedURLOffset + 2));
if (trustedURL[trustedURLOffset] === '*') {
// Any match. Either consume one thing and don't advance base or consume nothing and do.
if (urlOffset + 1 === url.length) {
// If we're at the end of the input url consume one from both.
options.push(doURLMatch(memo, url, trustedURL, urlOffset + 1, trustedURLOffset + 1));
} else {
options.push(doURLMatch(memo, url, trustedURL, urlOffset + 1, trustedURLOffset));
}
options.push(doURLMatch(memo, url, trustedURL, urlOffset, trustedURLOffset + 1));
}
if (trustedURL[trustedURLOffset] + trustedURL[trustedURLOffset + 1] === ':*') {
src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts
+8
View File
@@ -116,6 +116,14 @@ suite('Link protection domain matching', () => {
linkNotAllowedByRules('http://192.168.1.7:3000/', ['http://192.168.*.6:*']);
});
test('scheme match', () => {
linkAllowedByRules('http://192.168.1.7/', ['http://*']);
linkAllowedByRules('http://twitter.com', ['http://*']);
linkAllowedByRules('http://twitter.com/hello', ['http://*']);
linkNotAllowedByRules('https://192.168.1.7/', ['http://*']);
linkNotAllowedByRules('https://twitter.com/', ['http://*']);
});
test('case normalization', () => {
// https://github.com/microsoft/vscode/issues/99294
linkAllowedByRules('https://github.com/microsoft/vscode/issues/new', ['https://github.com/microsoft']);