Adjust Uri host parsing to use last instead of first @.
Malformed authority segments can currently cause the parser to produce a hostname that doesn't match the hostname produced by the WHATWG URL parsing algorithm* used by browsers, which means that a URL could be seen as having a "safe" host when checked by an Android app but actually visit a different host when passed to a browser. The WHATWG URL parsing algorithm always produces a hostname based on the last @ in the authority segment, so we do the same. * https://url.spec.whatwg.org/#authority-state resets the "buffer", which is being used to build up the host name, each time an @ is found, so it has the effect of using the content between the final @ and the end of the authority section as the hostname. Bug: 68341964 Test: vogar android.net.UriTest (on NYC branch) Test: cts -m CtsNetTestCases (on NYC branch) Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376 (cherry picked from commit cd6228dd)
Loading
Please register or sign in to comment