Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don\'t pass URL path and username/password to PAC scripts" into klp-dev

Browse Source 
am: af0b4466ff

* commit 'af0b4466ffe2ed09b288014d1d3a9ed308fe3c76':
  Don't pass URL path and username/password to PAC scripts

Change-Id: I8a49a29ed1999ab811d3306dc46769d83c05244e
This commit is contained in:
Paul Jensen
2016-05-26 13:30:59 +00:00
committed by android-build-merger
parent 1b1fcbaab5 af0b4466ff
commit 8940d2b0ff
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/net/PacProxySelector.java
View File

@@ -31,6 +31,7 @@ import java.net.Proxy.Type;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
/**
@@ -65,7 +66,15 @@ public class PacProxySelector extends ProxySelector {
String response = null;
String urlString;
try {
// Strip path and username/password from URI so it's not visible to PAC script. The
// path often contains credentials the app does not want exposed to a potentially
// malicious PAC script.
if (!"http".equalsIgnoreCase(uri.getScheme())) {
uri = new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), "/", null, null);
}
urlString = uri.toURL().toString();
} catch (URISyntaxException e) {
urlString = uri.getHost();
} catch (MalformedURLException e) {
urlString = uri.getHost();
}