Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev am: af0b4466ff am: 8940d2b0ff am: bb27626141 am: 6c35cf2434

Browse Source 
am: 42a5983364

* commit '42a59833648243a8ac3aec7adf7f4ca0d3babdd1':
  Don't pass URL path and username/password to PAC scripts

Change-Id: Id92ff5deed707c029fc6d5806aff2a324961c2ec
This commit is contained in:
Paul Jensen
2016-05-26 14:13:16 +00:00
committed by android-build-merger
parent 4c559cdade 42a5983364
commit 75095e6f02
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/net/PacProxySelector.java
View File

@@ -31,6 +31,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
/**
@@ -68,7 +69,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
// Strip path and username/password from URI so it's not visible to PAC script. The
// path often contains credentials the app does not want exposed to a potentially
// malicious PAC script.
if (!"http".equalsIgnoreCase(uri.getScheme())) {
uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
}
urlString = uri.toURL().toString();
} catch (URISyntaxException e) {
urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}