Online Accounts: Sign-on UI

Merge lp:~mardy/signon-ui/lp1074733 into lp:signon-ui/12.10

  1. lp1074733
  2. Merge into 12.10
Proposed by Alberto Mardegan
Status: Merged
Approved by: David King
Approved revision: 67
Merged at revision: 67
Proposed branch: lp:~mardy/signon-ui/lp1074733
Merge into: lp:signon-ui/12.10
Diff against target: 52 lines (+14/-0)
1 file modified
src/browser-request.cpp (+14/-0)
To merge this branch: bzr merge lp:~mardy/signon-ui/lp1074733
Reviewer Review Type Date Requested Status
David King (community) Approve
Review via email: mp+133650@code.launchpad.net

Description of the change

Allow fine grained control over which URLs are allowed

We already have a couple of regexp to whitelist and blacklist URLs, but those
are stripped of the schema and fragment.
To be able to implement more complex logics, and whitelist some specific
http-only urls, we need a regular expression which takes the schema into
account.

To post a comment you must log in.
Revision history for this message
David King (amigadave) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/browser-request.cpp'
2--- src/browser-request.cpp 2012-09-12 10:19:48 +0000
3+++ src/browser-request.cpp 2012-11-09 11:15:26 +0000
4@@ -56,6 +56,7 @@
5 static const QString keyLoginButton = QString("LoginButton");
6 static const QString keyInternalLinksPattern = QString("InternalLinksPattern");
7 static const QString keyExternalLinksPattern = QString("ExternalLinksPattern");
8+static const QString keyAllowedUrls = QString("AllowedUrls");
9
10 /* Additional session-data keys we support. */
11 static const QString keyCookies = QString("Cookies");
12@@ -85,6 +86,11 @@
13 m_allowedSchemes = schemes;
14 }
15
16+ void setAllowedUrls(const QString &pattern) {
17+ m_allowedUrls =
18+ QRegExp(pattern, Qt::CaseInsensitive, QRegExp::RegExp2);
19+ }
20+
21 void setFinalUrl(const QUrl &url) { m_finalUrl = url; }
22
23 protected:
24@@ -135,6 +141,7 @@
25 QRegExp m_externalLinksPattern;
26 QRegExp m_internalLinksPattern;
27 QStringList m_allowedSchemes;
28+ QRegExp m_allowedUrls;
29 QUrl m_finalUrl;
30 };
31
32@@ -144,6 +151,12 @@
33 return true;
34 }
35
36+ if (!m_allowedUrls.isEmpty() &&
37+ !m_allowedUrls.exactMatch(url.toString())) {
38+ TRACE() << "URL not allowed:" << url;
39+ return true;
40+ }
41+
42 QString urlText = url.toString(QUrl::RemoveScheme |
43 QUrl::RemoveUserInfo |
44 QUrl::RemoveFragment |
45@@ -606,6 +619,7 @@
46 toString());
47 page->setInternalLinksPattern(m_settings->value(keyInternalLinksPattern).
48 toString());
49+ page->setAllowedUrls(m_settings->value(keyAllowedUrls).toString());
50 }
51
52 void BrowserRequestPrivate::notifyAuthCompleted()

Subscribers

People subscribed via source and target branches