Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace non-inclusive "whitelist" term with "allowlist"

Browse Source
This commit is contained in:
Wojciech Maj 2020-06-29 17:15:14 +02:00
parent 9993397e30
commit 78970bbbe1
No known key found for this signature in database
GPG Key ID: 24A586806A31F908
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/chromium/contentscript.js
View File

@ -150,7 +150,7 @@ function updateObjectElement(elem) {
// attribute reloads the content (provided that the type was correctly set). // attribute reloads the content (provided that the type was correctly set).
// - When <object type=text/html data="chrome-extension://..."> is used // - When <object type=text/html data="chrome-extension://..."> is used
// (tested with a data-URL, data:text/html,<object...>, the extension's // (tested with a data-URL, data:text/html,<object...>, the extension's
// origin whitelist is not set up, so the viewer can't load the PDF file. // origin allowlist is not set up, so the viewer can't load the PDF file.
// - The content of the <object> tag may be affected by <param> tags. // - The content of the <object> tag may be affected by <param> tags.
// //
// To make sure that our solution works for all cases, we will insert a frame // To make sure that our solution works for all cases, we will insert a frame

2
extensions/chromium/extension-router.js
View File

@ -40,7 +40,7 @@ limitations under the License.
*/ */
function parseExtensionURL(url) { function parseExtensionURL(url) {
url = url.substring(CRX_BASE_URL.length); url = url.substring(CRX_BASE_URL.length);
// Find the (url-encoded) colon and verify that the scheme is whitelisted. // Find the (url-encoded) colon and verify that the scheme is allowed.
var schemeIndex = url.search(/:|%3A/i); var schemeIndex = url.search(/:|%3A/i);
if (schemeIndex === -1) { if (schemeIndex === -1) {
return undefined; return undefined;

2
src/shared/util.js
View File

@ -363,7 +363,7 @@ function isSameOrigin(baseUrl, otherUrl) {
return base.origin === other.origin; return base.origin === other.origin;
} }
// Checks if URLs use one of the whitelisted protocols, e.g. to avoid XSS. // Checks if URLs use one of the allowed protocols, e.g. to avoid XSS.
function _isValidProtocol(url) { function _isValidProtocol(url) {
if (!url) { if (!url) {
return false; return false;

4
test/unit/util_spec.js
View File

@ -239,11 +239,11 @@ describe("util", function () {
expect(createValidAbsoluteUrl("/foo", "/bar")).toEqual(null); expect(createValidAbsoluteUrl("/foo", "/bar")).toEqual(null);
}); });
it("handles URLs that do not use a whitelisted protocol", function () { it("handles URLs that do not use an allowed protocol", function () {
expect(createValidAbsoluteUrl("magnet:?foo", null)).toEqual(null); expect(createValidAbsoluteUrl("magnet:?foo", null)).toEqual(null);
}); });
it("correctly creates a valid URL for whitelisted protocols", function () { it("correctly creates a valid URL for allowed protocols", function () {
// `http` protocol // `http` protocol
expect( expect(
createValidAbsoluteUrl("http://www.mozilla.org/foo", null) createValidAbsoluteUrl("http://www.mozilla.org/foo", null)