Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Made a better path, so that the validation routine didn't need to wor…

…ry abotu case
  • Loading branch information...
commit 7433728d6787f8f8c3a0d643b02b8a8c72b2e585 1 parent 87f5b25
Alex Kouzemtchenko authored
4 coverity-escapers/src/main/java/com/coverity/security/Filter.java
View
@@ -265,7 +265,7 @@ public static String asFlexibleURL(String url) {
return url;
}
- if (url.charAt(i) == ':' && validateScheme(url.substring(0,i))) {
+ if (url.charAt(i) == ':' && validateScheme(url.substring(0,i).toLowerCase())) {
//We've extracted what we think is a scheme, confirmed it definitely is a scheme
//then confirmed the scheme is safe, return the original string
return url;
@@ -275,7 +275,7 @@ public static String asFlexibleURL(String url) {
return "./" + url;
}
- private static final Pattern SCHEME_REGEX = Pattern.compile("(javascript|vbscript|data|about)", Pattern.CASE_INSENSITIVE);
+ private static final Pattern SCHEME_REGEX = Pattern.compile("(javascript|vbscript|data|about)");
private static boolean validateScheme(String scheme) {
return !SCHEME_REGEX.matcher(scheme).matches();
Please sign in to comment.
Something went wrong with that request. Please try again.