diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-12-01 17:03:59 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-12-01 17:05:28 +0000 |
commit | 2e07d955b6489ac7d98708deb58adef1cb98d67a (patch) | |
tree | f5bfa0e8e70cca3ec95693a73e628d5d715affe6 | |
parent | 868c42b34493fdee2a44db68f04aa7f198afc096 (diff) | |
download | netsurf-2e07d955b6489ac7d98708deb58adef1cb98d67a.tar.gz netsurf-2e07d955b6489ac7d98708deb58adef1cb98d67a.tar.bz2 |
content_saw_insecure_objects: Fix various corner cases
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
-rw-r--r-- | content/content.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/content/content.c b/content/content.c index 157262867..a87be0022 100644 --- a/content/content.c +++ b/content/content.c @@ -569,7 +569,8 @@ bool content_exec(struct hlcache_handle *h, const char *src, size_t srclen) bool content_saw_insecure_objects(struct hlcache_handle *h) { struct content *c = hlcache_handle_get_content(h); - lwc_string *scheme = nsurl_get_component(content_get_url(c), NSURL_SCHEME); + struct nsurl *url = hlcache_handle_get_url(h); + lwc_string *scheme = nsurl_get_component(url, NSURL_SCHEME); bool match; /* Is this an internal scheme? If so, we trust here and stop */ @@ -581,6 +582,14 @@ bool content_saw_insecure_objects(struct hlcache_handle *h) (match == true)) || (lwc_string_isequal(scheme, corestring_lwc_resource, &match) == lwc_error_ok && + (match == true)) || + /* Our internal x-ns-css scheme is secure */ + (lwc_string_isequal(scheme, corestring_lwc_x_ns_css, + &match) == lwc_error_ok && + (match == true)) || + /* We also treat file: as "not insecure" here */ + (lwc_string_isequal(scheme, corestring_lwc_file, + &match) == lwc_error_ok && (match == true))) { /* No insecurity to find */ return false; @@ -595,13 +604,13 @@ bool content_saw_insecure_objects(struct hlcache_handle *h) } /* I am supposed to be secure, but was I overridden */ - if (urldb_get_cert_permissions(content_get_url(c))) { + if (urldb_get_cert_permissions(url)) { /* I was https:// but I was overridden, that's no good */ return true; } /* Otherwise try and chain through the handler */ - if (c->handler->saw_insecure_objects != NULL) { + if (c != NULL && c->handler->saw_insecure_objects != NULL) { return c->handler->saw_insecure_objects(c); } |