Extend ephy_web_application_is_uri_allowed () to check for data: and blob: uri

Fixes: https://gitlab.gnome.org/GNOME/epiphany/issues/593

2 files changed, 31 insertions, 2 deletions

diff --git a/lib/ephy-web-app-utils.c b/lib/ephy-web-app-utils.c
index 97f3f2420..63596f0b9 100644
--- a/lib/ephy-web-app-utils.c
+++ b/lib/ephy-web-app-utils.c
@@ -759,14 +759,43 @@ ephy_web_application_initialize_settings (const char *profile_directory)
   g_free (name);
 }
 
+static gboolean
+urls_have_same_origin (const char *a_url,
+                       const char *b_url)
+{
+  SoupURI *a_uri, *b_uri;
+  gboolean retval = FALSE;
+
+  a_uri = soup_uri_new (a_url);
+  if (!a_uri)
+    return retval;
+
+  b_uri = soup_uri_new (b_url);
+  if (b_uri) {
+    retval = a_uri->host && b_uri->host && soup_uri_host_equal (a_uri, b_uri);
+    soup_uri_free (b_uri);
+  }
+
+  soup_uri_free (a_uri);
+
+  return retval;
+}
+
 gboolean
-ephy_web_application_is_uri_allowed (const char* uri)
+ephy_web_application_is_uri_allowed (const char *uri,
+                                     const char *referrer)
 {
   SoupURI *request_uri;
   char **urls;
   guint i;
   gboolean matched = FALSE;
 
+  if (g_str_has_prefix (uri, "blob:") || g_str_has_prefix (uri, "data:"))
+    return TRUE;
+
+  if (urls_have_same_origin (uri, referrer))
+    return TRUE;
+
   if (g_strcmp0 (uri, "about:blank") == 0)
     return TRUE;
 
diff --git a/lib/ephy-web-app-utils.h b/lib/ephy-web-app-utils.h
index 18cba3939..3080f9970 100644
--- a/lib/ephy-web-app-utils.h
+++ b/lib/ephy-web-app-utils.h
@@ -67,7 +67,7 @@ void                ephy_web_application_free_application_list (GList *list);
 
 void                ephy_web_application_initialize_settings (const char *profile_directory);
 
-gboolean            ephy_web_application_is_uri_allowed (const char* uri);
+gboolean            ephy_web_application_is_uri_allowed (const char *uri, const char *referrer);
 
 gboolean            ephy_web_application_save (EphyWebApplication *app);