Bug 546430 - [security] Unvalidated frame inclusion in EclipseI20190422-1800I20190421-1800I20190420-1800I20190419-1800

documentation

Topic validation checks whether it contains "://" and declares it
invalid in this case (by default, there is property to turn off
validation though). For browsers urls are good if they contain only ":/"
so change validation that way.

Change-Id: Ibc50186f2f714d371d54130f26e44bef29f16b1c
Signed-off-by: Alexander Kurtakov <akurtako@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
index 07ec50646..b0394f1a8 100644
--- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2000, 2017 IBM Corporation and others.
+ * Copyright (c) 2000, 2019 IBM Corporation and others.
  *
  * This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
@@ -205,7 +205,7 @@ public class UrlUtil {
 		}
 
 		if (new WebappPreferences().isRestrictTopicParameter()) {
-		    if (path.indexOf("://") >= 0) {  //$NON-NLS-1$
+		    if (path.indexOf(":/") >= 0) {  //$NON-NLS-1$
 			    return false;
 		    }
 		}