Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Commit

Permalink
Desktop disabled data URI schemes.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Brandon-T
Brandon-T committed Mar 24, 2020
1 parent 1948610 commit 67ed378
Showing 1 changed file with 4 additions and 27 deletions.
31 changes: 4 additions & 27 deletions ...t/Frontend/Browser/BrowserViewController/BrowserViewController+WKNavigationDelegate.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,33 +260,10 @@ extension BrowserViewController: WKNavigationDelegate {
}

// Prevents synthetically activated links such as: CVE-2017-7089
if ["data", "blob", "file"].contains(url.scheme) {
if let clickType = navigationAction.value(forKey: "syntheticClickType") as? Int {
//A click is synthetic if its value is 0 (aka WKSyntheticClickTypeNoTap).
/*switch (syntheticClickType) {
case WebKit::WebMouseEvent::OneFingerTap:
return WKSyntheticClickTypeOneFingerTap;
case WebKit::WebMouseEvent::TwoFingerTap:
return WKSyntheticClickTypeTwoFingerTap;
}*/
if clickType == 0 {
decisionHandler(.cancel)
return
}
}

//Fallback.. Asks the user whether or not the url should be opened.. but only for `data`
if navigationAction.navigationType == .linkActivated && url.scheme == "data" {
handleExternalURL(url) { didOpenURL in
if !didOpenURL {
let alert = UIAlertController(title: Strings.unableToOpenURLErrorTitle, message: Strings.unableToOpenURLError, preferredStyle: .alert)
alert.addAction(UIAlertAction(title: Strings.OKString, style: .default, handler: nil))
self.present(alert, animated: true, completion: nil)
}
}
decisionHandler(.cancel)
return
}
//Follow desktop
if url.scheme == "data" {
decisionHandler(.cancel)
return
}

decisionHandler(.allow)
Expand Down

0 comments on commit 67ed378

Please sign in to comment.