summaryrefslogtreecommitdiff
path: root/Userland/Libraries/LibWeb
diff options
context:
space:
mode:
authorIdan Horowitz <idan.horowitz@gmail.com>2021-05-11 22:22:56 +0300
committerLinus Groh <mail@linusgroh.de>2021-05-11 21:41:48 +0100
commitce86026ac643a7dd61e068d2f53073fc5e1cbac1 (patch)
tree97188abd0f71dae5faaed30012931865abfccbd6 /Userland/Libraries/LibWeb
parent84800a5b4fae710f16e72c68f7b2699039fca3c7 (diff)
downloadserenity-ce86026ac643a7dd61e068d2f53073fc5e1cbac1.zip
LibWeb: Add a maximum redirects limit to FrameLoader
This prevents the browser from crashing when trying to load an infinite redirects loop. The chosen limit is based on the fetch specification: "If request's redirect count is twenty, return a network error."
Diffstat (limited to 'Userland/Libraries/LibWeb')
-rw-r--r--Userland/Libraries/LibWeb/Loader/FrameLoader.cpp7
-rw-r--r--Userland/Libraries/LibWeb/Loader/FrameLoader.h3
2 files changed, 10 insertions, 0 deletions
diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
index c36000191b..01ee018924 100644
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
@@ -237,9 +237,16 @@ void FrameLoader::resource_did_load()
// FIXME: Also check HTTP status code before redirecting
auto location = resource()->response_headers().get("Location");
if (location.has_value()) {
+ if (m_redirects_count > maximum_redirects_allowed) {
+ m_redirects_count = 0;
+ load_error_page(url, "Too many redirects");
+ return;
+ }
+ m_redirects_count++;
load(url.complete_url(location.value()), FrameLoader::Type::Navigation);
return;
}
+ m_redirects_count = 0;
dbgln("I believe this content has MIME type '{}', encoding '{}'", resource()->mime_type(), resource()->encoding());
diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.h b/Userland/Libraries/LibWeb/Loader/FrameLoader.h
index ff6d23a754..d3b1536470 100644
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.h
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.h
@@ -12,6 +12,8 @@
namespace Web {
+constexpr size_t maximum_redirects_allowed = 20;
+
class FrameLoader final
: public ResourceClient {
public:
@@ -41,6 +43,7 @@ private:
bool parse_document(DOM::Document&, const ByteBuffer& data);
Frame& m_frame;
+ size_t m_redirects_count { 0 };
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 19:13:05 +0000