[Emacs-diffs] master a37a14e: Make eww handle "http://a/../../../g"

From: Lars Ingebrigtsen
Subject: [Emacs-diffs] master a37a14e: Make eww handle "http://a/../../../g"
Date: Sun, 15 Apr 2018 16:20:59 -0400 (EDT)

branch: master
commit a37a14e0a8ee16b7ae53b4dba9b60329e3b4308d
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>

    Make eww handle "http://a/../../../g";
    * lisp/net/eww.el (eww): Strip leading elements off URLs on the
    form "http://a/../../../g";, because that's what all the other
    browsers do (bug#8622).
 lisp/net/eww.el | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 49bf10d..f737189 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -269,8 +269,13 @@ word(s) will be searched for via `eww-search-prefix'."
   (let ((parsed (url-generic-parse-url url)))
     (when (url-host parsed)
       (unless (puny-highly-restrictive-domain-p (url-host parsed))
-        (setf (url-host parsed) (puny-encode-domain (url-host parsed)))
-        (setq url (url-recreate-url parsed)))))
+        (setf (url-host parsed) (puny-encode-domain (url-host parsed)))))
+    ;; When the URL is on the form "http://a/../../../g";, chop off all
+    ;; the leading "/.."s.
+    (when (url-filename parsed)
+      (while (string-match "\\`/[.][.]/" (url-filename parsed))
+        (setf (url-filename parsed) (substring (url-filename parsed) 3))))
+    (setq url (url-recreate-url parsed)))
   (plist-put eww-data :url url)
   (plist-put eww-data :title "")

