check same-origin and url against the blob beign revoked

2025-06-06 16:45:39 +00:00 · 2019-11-13 15:37:53 +09:00 · 2019-11-13 15:37:53 +09:00 · 2d995ba41a
commit 2d995ba41a
parent dfa78986a6
4 changed files with 18 additions and 47 deletions
--- a/components/net_traits/blob_url_store.rs
+++ b/components/net_traits/blob_url_store.rs
@ -40,9 +40,17 @@ pub struct BlobBuf {
 /// <https://w3c.github.io/FileAPI/#DefinitionOfScheme>
 pub fn parse_blob_url(url: &ServoUrl) -> Result<(Uuid, FileOrigin), ()> {
    let url_inner = Url::parse(url.path()).map_err(|_| ())?;
+    let segs = url_inner
+        .path_segments()
+        .map(|c| c.collect::<Vec<_>>())
+        .ok_or(())?;
+
+    if url.query().is_some() || segs.len() > 1 {
+        return Err(());
+    }
+
    let id = {
-        let mut segs = url_inner.path_segments().ok_or(())?;
-        let id = segs.nth(0).ok_or(())?;
+        let id = segs.first().ok_or(())?;
        Uuid::from_str(id).map_err(|_| ())?
    };
    Ok((id, get_blob_origin(&ServoUrl::from_url(url_inner))))
--- a/components/script/dom/url.rs
+++ b/components/script/dom/url.rs
@ -129,13 +129,15 @@ impl URL {
        let origin = get_blob_origin(&global.get_url());

        if let Ok(url) = ServoUrl::parse(&url) {
-            if let Ok((id, _)) = parse_blob_url(&url) {
-                let resource_threads = global.resource_threads();
-                let (tx, rx) = ipc::channel(global.time_profiler_chan().clone()).unwrap();
-                let msg = FileManagerThreadMsg::RevokeBlobURL(id, origin, tx);
-                let _ = resource_threads.send(CoreResourceMsg::ToFileManager(msg));
+            if url.fragment().is_none() && origin == get_blob_origin(&url) {
+                if let Ok((id, _)) = parse_blob_url(&url) {
+                    let resource_threads = global.resource_threads();
+                    let (tx, rx) = ipc::channel(global.time_profiler_chan().clone()).unwrap();
+                    let msg = FileManagerThreadMsg::RevokeBlobURL(id, origin, tx);
+                    let _ = resource_threads.send(CoreResourceMsg::ToFileManager(msg));

-                let _ = rx.recv().unwrap();
+                    let _ = rx.recv().unwrap();
+                }
            }
        }
    }
--- a/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini
+++ b/tests/wpt/metadata/FileAPI/url/url-with-fetch.any.js.ini
@ -1,36 +1,9 @@
 [url-with-fetch.any.worker.html]
-  [url-with-fetch]
-    expected: FAIL
-
-  [Only exact matches should revoke URLs, using fetch]
-    expected: FAIL
-
-  [Appending a query string should cause fetch to fail]
-    expected: FAIL
-
-  [Appending a path should cause fetch to fail]
-    expected: FAIL
-
  [Revoke blob URL after creating Request, will fetch]
    expected: FAIL


 [url-with-fetch.any.html]
-  [Untitled]
-    expected: FAIL
-
-  [url-with-fetch]
-    expected: FAIL
-
-  [Only exact matches should revoke URLs, using fetch]
-    expected: FAIL
-
-  [Appending a query string should cause fetch to fail]
-    expected: FAIL
-
-  [Appending a path should cause fetch to fail]
-    expected: FAIL
-
  [Revoke blob URL after creating Request, will fetch]
    expected: FAIL

--- a/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini
+++ b/tests/wpt/metadata/FileAPI/url/url-with-xhr.any.js.ini
@ -1,21 +1,9 @@
 [url-with-xhr.any.html]
-  [Only exact matches should revoke URLs, using XHR]
-    expected: FAIL
-  [Appending a query string should cause XHR to fail]
-    expected: FAIL
-  [Appending a path should cause XHR to fail]
-    expected: FAIL
  [Revoke blob URL after open(), will fetch]
    expected: FAIL


 [url-with-xhr.any.worker.html]
-  [Only exact matches should revoke URLs, using XHR]
-    expected: FAIL
-  [Appending a query string should cause XHR to fail]
-    expected: FAIL
-  [Appending a path should cause XHR to fail]
-    expected: FAIL
  [Revoke blob URL after open(), will fetch]
    expected: FAIL