Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace non-inclusive "whitelist" term with "allowlist"

Browse Source
This commit is contained in:
Wojciech Maj 2020-06-29 17:15:14 +02:00
parent 9993397e30
commit 78970bbbe1
No known key found for this signature in database
GPG Key ID: 24A586806A31F908
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/chromium/contentscript.js
View File

@ -150,7 +150,7 @@ function updateObjectElement(elem) {
// attribute reloads the content (provided that the type was correctly set).
// - When <object type=text/html data="chrome-extension://..."> is used
// (tested with a data-URL, data:text/html,<object...>, the extension's
// origin whitelist is not set up, so the viewer can't load the PDF file.
// origin allowlist is not set up, so the viewer can't load the PDF file.
// - The content of the <object> tag may be affected by <param> tags.
//
// To make sure that our solution works for all cases, we will insert a frame

2
extensions/chromium/extension-router.js
View File

@ -40,7 +40,7 @@ limitations under the License.
*/
function parseExtensionURL(url) {
url = url.substring(CRX_BASE_URL.length);
// Find the (url-encoded) colon and verify that the scheme is whitelisted.
// Find the (url-encoded) colon and verify that the scheme is allowed.
var schemeIndex = url.search(/:|%3A/i);
if (schemeIndex === -1) {
return undefined;

2
src/shared/util.js
View File

@ -363,7 +363,7 @@ function isSameOrigin(baseUrl, otherUrl) {
return base.origin === other.origin;
}
// Checks if URLs use one of the whitelisted protocols, e.g. to avoid XSS.
// Checks if URLs use one of the allowed protocols, e.g. to avoid XSS.
function _isValidProtocol(url) {
if (!url) {
return false;

4
test/unit/util_spec.js
View File

@ -239,11 +239,11 @@ describe("util", function () {
expect(createValidAbsoluteUrl("/foo", "/bar")).toEqual(null);
});
it("handles URLs that do not use a whitelisted protocol", function () {
it("handles URLs that do not use an allowed protocol", function () {
expect(createValidAbsoluteUrl("magnet:?foo", null)).toEqual(null);
});
it("correctly creates a valid URL for whitelisted protocols", function () {
it("correctly creates a valid URL for allowed protocols", function () {
// `http` protocol
expect(
createValidAbsoluteUrl("http://www.mozilla.org/foo", null)