Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev am: af0b4466ff am: 8940d2b0ff am: bb27626141

Browse Source 
am: 6c35cf2434

* commit '6c35cf2434ca373196b16620455f8f234b63d594':
  Don't pass URL path and username/password to PAC scripts

Change-Id: I9bbca312129011822fc5ea95682bac5ca4258ced
This commit is contained in:
Paul Jensen
2016-05-26 14:01:19 +00:00
committed by android-build-merger
parent 077534b101 6c35cf2434
commit 42a5983364
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/net/PacProxySelector.java
View File

@@ -31,6 +31,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
/**
@@ -68,7 +69,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
// Strip path and username/password from URI so it's not visible to PAC script. The
// path often contains credentials the app does not want exposed to a potentially
// malicious PAC script.
if (!"http".equalsIgnoreCase(uri.getScheme())) {
uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
}
urlString = uri.toURL().toString();
} catch (URISyntaxException e) {
urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}