Skip to content
Browse files

Altered asURL to allow non-lower case protocol names, e.g. hTTp:// ad…

…ded tests for this too
  • Loading branch information...
1 parent 7433728 commit 7701fcbc69b6ffb931d91f784e50eee215b2b1e3 Alex Kouzemtchenko committed Feb 25, 2013
View
2 coverity-escapers/src/main/java/com/coverity/security/Filter.java
@@ -151,7 +151,7 @@ public static String asCssColor(String color, String defaultColor) {
return defaultColor;
}
- private static final Pattern URL_REGEX = Pattern.compile("(/|\\\\\\\\|https?:|ftp:|mailto:).*");
+ private static final Pattern URL_REGEX = Pattern.compile("(/|\\\\\\\\|https?:|ftp:|mailto:).*", Pattern.CASE_INSENSITIVE);
/**
* URL filtering to ensure that the URL is a safe non-relative URL or transforms it to a safe relative URL.
* <p>
View
2 coverity-escapers/src/test/java/com/coverity/security/FilterTest.java
@@ -348,10 +348,12 @@ public void testURL() {
final String[] urlTrueTests = {
"\\\\UNC-PATH\\",
"http://host/url",
+ "hTTp://host/url",
"//coverity.com/lo",
"/base/path",
"https://coverity.com",
"mailto:srl@coverity.com",
+ "maiLto:srl@coverity.com",
"ftp://coverity.com/elite.warez.tgz",
""
};

0 comments on commit 7701fcb

Please sign in to comment.
Something went wrong with that request. Please try again.