diff options
author | Alexander Kurtakov | 2019-04-19 08:16:39 +0000 |
---|---|---|
committer | Alexander Kurtakov | 2019-04-19 08:16:39 +0000 |
commit | d0d5415a8e7d1900592bdf9ec620a1043439edb4 (patch) | |
tree | c5a62208b3f34dc7179a4c82a2532e2526f4fda5 | |
parent | e22d7709cb8ec2a07dadfd73448e5612c7a2c3b1 (diff) | |
download | eclipse.platform.ua-d0d5415a8e7d1900592bdf9ec620a1043439edb4.tar.gz eclipse.platform.ua-d0d5415a8e7d1900592bdf9ec620a1043439edb4.tar.xz eclipse.platform.ua-d0d5415a8e7d1900592bdf9ec620a1043439edb4.zip |
Bug 546430 - [security] Unvalidated frame inclusion in EclipseI20190422-1800I20190421-1800I20190420-1800I20190419-1800
documentation
Topic validation checks whether it contains "://" and declares it
invalid in this case (by default, there is property to turn off
validation though). For browsers urls are good if they contain only ":/"
so change validation that way.
Change-Id: Ibc50186f2f714d371d54130f26e44bef29f16b1c
Signed-off-by: Alexander Kurtakov <akurtako@redhat.com>
-rw-r--r-- | org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java index 07ec50646..b0394f1a8 100644 --- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java +++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2000, 2017 IBM Corporation and others. + * Copyright (c) 2000, 2019 IBM Corporation and others. * * This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 @@ -205,7 +205,7 @@ public class UrlUtil { } if (new WebappPreferences().isRestrictTopicParameter()) { - if (path.indexOf("://") >= 0) { //$NON-NLS-1$ + if (path.indexOf(":/") >= 0) { //$NON-NLS-1$ return false; } } |