• Adam Vartanian's avatar
    Adjust URI host parsing to stop on \ character. · 90c6d6e0
    Adam Vartanian authored
    The WHATWG URL parsing algorithm [1] used by browsers says that for
    "special" URL schemes (which is basically all commonly-used
    hierarchical schemes, including http, https, ftp, and file), the host
    portion ends if a \ character is seen, whereas this class previously
    continued to consider characters part of the hostname.  This meant
    that a malicious URL could be seen as having a "safe" host when viewed
    by an app but navigate to a different host when passed to a browser.
    
    [1] https://url.spec.whatwg.org/#host-state
    
    Bug: 71360761
    Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
    Test: cts -m CtsNetTestCases (on NYC branch)
    Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
    (cherry picked from commit fa3afbd0)
    90c6d6e0
Name
Last commit
Last update
..
BTtraffic Loading commit data...
BroadcastRadioTests Loading commit data...
ConnectivityManagerTest Loading commit data...
SvcMonitor Loading commit data...
bandwidthtests Loading commit data...
benchmarks Loading commit data...
bluetoothtests Loading commit data...
coretests Loading commit data...
hosttests Loading commit data...
notificationtests Loading commit data...
overlaytests Loading commit data...
packagemanagertests Loading commit data...
systemproperties Loading commit data...
utillib Loading commit data...
utiltests Loading commit data...