Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev am: af0b4466ff am: 8940d2b0ff

Browse Source 
am: bb27626141

* commit 'bb2762614181a0ee03554a96c070ea1006d7263c':
  Don't pass URL path and username/password to PAC scripts

Change-Id: I9e4d3282765dec1554955b9f72484e9d7e2d6594
This commit is contained in:
Paul Jensen
2016-05-26 13:44:37 +00:00
committed by android-build-merger
parent 647cb6a6d8 bb27626141
commit 6c35cf2434
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/net/PacProxySelector.java
View File

@@ -31,6 +31,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
/**
@@ -68,7 +69,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
// Strip path and username/password from URI so it's not visible to PAC script. The
// path often contains credentials the app does not want exposed to a potentially
// malicious PAC script.
if (!"http".equalsIgnoreCase(uri.getScheme())) {
uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
}
urlString = uri.toURL().toString();
} catch (URISyntaxException e) {
urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}