LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-10 13:00:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Restrict HTML form submissions to permitted URL protocols

Browse Source 
Form submissions to file:// URLs are now permitted only if the
submitting document is also a file:// URL and the form method is "get".

Form submissions to URLs with a http(s):// URL protocol are permitted.

Form submissions for all other URL protocols are rejected.
This commit is contained in:
Brendan Coles 2020-11-07 15:57:37 +00:00 committed by Andreas Kling
parent 1da828b8bf
commit 02d6252949
Notes: sideshowbarker 2024-07-19 01:31:43 +09:00 
Author: https://github.com/bcoles
Commit: https://github.com/SerenityOS/serenity/commit/02d62529491
Pull-request: https://github.com/SerenityOS/serenity/pull/3979
1 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Libraries/LibWeb/HTML/HTMLFormElement.cpp
View File

@ -50,16 +50,37 @@ void HTMLFormElement::submit(RefPtr<HTMLInputElement> submitter)
}
auto effective_method = method().to_lowercase();
if (effective_method == "dialog") {
dbg() << "Failed to submit form: Unsupported form method '" << method() << "'";
return;
}
if (effective_method != "get" && effective_method != "post") {
if (effective_method == "dialog") {
dbg() << "Unsupported form method '" << method() << "'";
return;
}
effective_method = "get";
}
URL url(document().complete_url(action()));
if (!url.is_valid()) {
dbg() << "Failed to submit form: Invalid URL: " << action();
return;
}
if (url.protocol() == "file") {
if (document().url().protocol() != "file") {
dbg() << "Failed to submit form: Security violation: " << document().url() << " may not submit to " << url;
return;
}
if (effective_method != "get") {
dbg() << "Failed to submit form: Unsupported form method '" << method() << "' for URL: " << url;
return;
}
} else if (url.protocol() != "http" && url.protocol() != "https") {
dbg() << "Failed to submit form: Unsupported protocol for URL: " << url;
return;
}
Vector<URLQueryParam> parameters;
for_each_in_subtree_of_type<HTMLInputElement>([&](auto& node) {
@ -73,8 +94,6 @@ void HTMLFormElement::submit(RefPtr<HTMLInputElement> submitter)
url.set_query(urlencode(parameters));
}
// FIXME: We shouldn't let the form just do this willy-nilly.
LoadRequest request;
request.set_url(url);