Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 50615e49 authored by Paul Jensen's avatar Paul Jensen Committed by android-build-merger
Browse files

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev... 

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev am: af0b4466 am: 8940d2b0 am: bb276261 am: 6c35cf24 am: 42a59833 am: 75095e6f am: 7c625e19 am: 54a62d5f am: a5a2c88f am: 7ff57eaf
am: 94c8855d

* commit '94c8855d':
  Don't pass URL path and username/password to PAC scripts

Change-Id: Ic91dc5c4a0a283bcd177daac8cced12a668bf0d9
parents d39c0a8d 94c8855d

core/java/android/net/PacProxySelector.java

+9 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import java.net.Proxy.Type; 
import java.net.ProxySelector;

import java.net.SocketAddress;

import java.net.URI;

import java.net.URISyntaxException;

import java.util.List;



/**
@@ -67,7 +68,15 @@ public class PacProxySelector extends ProxySelector { 
        String response = null;

        String urlString;

        try {

            // Strip path and username/password from URI so it's not visible to PAC script. The

            // path often contains credentials the app does not want exposed to a potentially

            // malicious PAC script.

            if (!"http".equalsIgnoreCase(uri.getScheme())) {

                uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);

            }

            urlString = uri.toURL().toString();

        } catch (URISyntaxException e) {

            urlString = uri.getHost();

        } catch (MalformedURLException e) {

            urlString = uri.getHost();

        }