Commit 1d5c2025 authored by John Schanck's avatar John Schanck Committed by Pier Angelo Vendrame
Browse files

Bug 1922357 - disallow the fido: URI scheme. a=dmeehan 

Original Revision: https://phabricator.services.mozilla.com/D237313

Differential Revision: https://phabricator.services.mozilla.com/D238681
parent d21e9c09

mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt

+1 −1
Original line number Diff line number Diff line
@@ -1818,7 +1818,7 @@ class GeckoEngineSession( 
        internal const val ABOUT_BLANK = "about:blank"

        internal const val JS_SCHEME = "javascript"

        internal val BLOCKED_SCHEMES =

            listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947

            listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947



        /**

         * Provides an ErrorType corresponding to the error code provided.

mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt

+5 −0
Original line number Diff line number Diff line
@@ -631,6 +631,11 @@ class GeckoEngineSessionTest { 
        engineSession.loadUrl("RESOURCE://package/test.text")

        verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text"))

        verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text"))



        engineSession.loadUrl("fido:/12345678")

        engineSession.loadUrl("FIDO:/12345678")

        verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678"))

        verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678"))

    }



    @Test

mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt

+2 −1
Original line number Diff line number Diff line
@@ -313,6 +313,7 @@ class AppLinksUseCases( 
            "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob",

        )



        internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content")

        internal val ALWAYS_DENY_SCHEMES: Set<String> =

            setOf("jar", "file", "javascript", "data", "about", "content", "fido")

    }

}

mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt

+10 −0
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ class AppLinksUseCasesTest { 
    private val javascriptUrl = "javascript:'hello, world'"

    private val jarUrl = "jar:file://some/path/test.html"

    private val contentUrl = "content://media/external_primary/downloads/12345"

    private val fidoPath = "fido:12345678"

    private val fileType = "audio/mpeg"

    private val layerUrl = "https://example.com"

    private val layerPackage = "com.example.app"
@@ -215,6 +216,15 @@ class AppLinksUseCasesTest { 
        assertFalse(redirect.isRedirect())

    }



    @Test

    fun `A fido url is not an app link`() {

        val context = createContext(Triple(fidoPath, appPackage, ""))

        val subject = AppLinksUseCases(context, { true })



        val redirect = subject.interceptedAppLinkRedirect(fidoPath)

        assertFalse(redirect.isRedirect())

    }



    @Test

    fun `Will not redirect app link if browser option set to false and scheme is supported`() {

        val context = createContext(Triple(appUrl, appPackage, ""))

mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java

+4 −0
Original line number Diff line number Diff line
@@ -76,6 +76,10 @@ public class IntentUtils { 
      return getSafeIntent(aUri) != null;

    }



    if ("fido".equals(scheme)) {

      return false;

    }



    return true;

  }