Loading dom/base/Navigator.cpp +14 −0 Original line number Diff line number Diff line Loading @@ -1417,6 +1417,20 @@ Promise* Navigator::Share(const ShareData& aData, ErrorResult& aRv) { return nullptr; } url = result.unwrap(); // Check that we only share loadable URLs (e.g., http/https). // we also exclude blobs, as it doesn't make sense to share those outside // the context of the browser. const uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL | nsIScriptSecurityManager::DISALLOW_SCRIPT; if (NS_FAILED( nsContentUtils::GetSecurityManager()->CheckLoadURIWithPrincipal( doc->NodePrincipal(), url, flags, doc->InnerWindowID())) || url->SchemeIs("blob")) { aRv.ThrowTypeError<MSG_INVALID_URL_SCHEME>("Share", url->GetSpecOrDefault()); return nullptr; } } // Process the title member... Loading testing/web-platform/meta/web-share/share-url-invalid.https.html.ini +17 −9 Original line number Diff line number Diff line Loading @@ -4,21 +4,29 @@ if os == "win": FAIL [share() rejects file:// URLs] expected: FAIL expected: if os == "win": FAIL [share() rejects data: URLs] expected: FAIL [share() rejects about: URLs] expected: if os == "win": FAIL [share() rejects chrome: URLs] expected: if os == "win": FAIL [share() rejects wss: URLs] expected: FAIL [share() rejects blob: URLs] expected: if os == "win": FAIL [share() rejects about: URLs] expected: FAIL [share() rejects wss: URLs] expected: if os == "win": FAIL [share() rejects blob: URLs] expected: FAIL [share() rejects data: URLs] expected: if os == "win": FAIL [share() rejects javascript: URLs] expected: if os == "win": FAIL testing/web-platform/tests/web-share/share-url-invalid.https.html +6 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,12 @@ return promise_rejects_js(t, TypeError, promise); }, "share() rejects chrome: URLs"); promise_test(async t => { await test_driver.bless(); const promise = navigator.share({ url: "javascript:window.alert('error')" }); return promise_rejects_js(t, TypeError, promise); }, "share() rejects javascript: URLs"); promise_test(async t => { await test_driver.bless(); const file = new File([], "text/plain"); Loading Loading
dom/base/Navigator.cpp +14 −0 Original line number Diff line number Diff line Loading @@ -1417,6 +1417,20 @@ Promise* Navigator::Share(const ShareData& aData, ErrorResult& aRv) { return nullptr; } url = result.unwrap(); // Check that we only share loadable URLs (e.g., http/https). // we also exclude blobs, as it doesn't make sense to share those outside // the context of the browser. const uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL | nsIScriptSecurityManager::DISALLOW_SCRIPT; if (NS_FAILED( nsContentUtils::GetSecurityManager()->CheckLoadURIWithPrincipal( doc->NodePrincipal(), url, flags, doc->InnerWindowID())) || url->SchemeIs("blob")) { aRv.ThrowTypeError<MSG_INVALID_URL_SCHEME>("Share", url->GetSpecOrDefault()); return nullptr; } } // Process the title member... Loading
testing/web-platform/meta/web-share/share-url-invalid.https.html.ini +17 −9 Original line number Diff line number Diff line Loading @@ -4,21 +4,29 @@ if os == "win": FAIL [share() rejects file:// URLs] expected: FAIL expected: if os == "win": FAIL [share() rejects data: URLs] expected: FAIL [share() rejects about: URLs] expected: if os == "win": FAIL [share() rejects chrome: URLs] expected: if os == "win": FAIL [share() rejects wss: URLs] expected: FAIL [share() rejects blob: URLs] expected: if os == "win": FAIL [share() rejects about: URLs] expected: FAIL [share() rejects wss: URLs] expected: if os == "win": FAIL [share() rejects blob: URLs] expected: FAIL [share() rejects data: URLs] expected: if os == "win": FAIL [share() rejects javascript: URLs] expected: if os == "win": FAIL
testing/web-platform/tests/web-share/share-url-invalid.https.html +6 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,12 @@ return promise_rejects_js(t, TypeError, promise); }, "share() rejects chrome: URLs"); promise_test(async t => { await test_driver.bless(); const promise = navigator.share({ url: "javascript:window.alert('error')" }); return promise_rejects_js(t, TypeError, promise); }, "share() rejects javascript: URLs"); promise_test(async t => { await test_driver.bless(); const file = new File([], "text/plain"); Loading