Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7e871b506eaba52c7d74519aeb0047d702101331
https://github.com/WebKit/WebKit/commit/7e871b506eaba52c7d74519aeb0047d702101331
Author: Cristina Murillo <[email protected]>
Date: 2025-10-30 (Thu, 30 Oct 2025)
Changed paths:
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h
M Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
M Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp
Log Message:
-----------
[GStreamer] Restrict allowed URI protocols for media playback
https://bugs.webkit.org/show_bug.cgi?id=301092
Reviewed by Philippe Normand.
Restrict allowed URI protocols for media playback
Add protocol validation to prevent potentially unsafe URI protocols from
being used for media playback. Only http(s), file, blob, data,
mediasourceblob, and mediastream protocols are allowed by default.
Additionally, support WEBKIT_GST_ALLOWED_URI_PROTOCOLS environment
variable to extend the list of allowed protocols via comma-separated
values.
Test: Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp:
(WebCore::isProtocolAllowed):
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h:
* Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::load):
* Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp:
(TestWebKitAPI::TEST_F(GStreamerTest, protocolValidation)):
(TestWebKitAPI::TEST_F(GStreamerTest, protocolValidationEnvironmentVariable)):
Canonical link: https://commits.webkit.org/302338@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
