Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: b80aa97c7628f30955309eeddad237dd9eb341cf
https://github.com/WebKit/WebKit/commit/b80aa97c7628f30955309eeddad237dd9eb341cf
Author: Cristina Murillo <[email protected]>
Date: 2025-10-30 (Thu, 30 Oct 2025)
Changed paths:
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h
M Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
M Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp
Log Message:
-----------
Cherry-pick 302338@main (7e871b506eab).
https://bugs.webkit.org/show_bug.cgi?id=301092
[GStreamer] Restrict allowed URI protocols for media playback
https://bugs.webkit.org/show_bug.cgi?id=301092
Reviewed by Philippe Normand.
Restrict allowed URI protocols for media playback
Add protocol validation to prevent potentially unsafe URI protocols from
being used for media playback. Only http(s), file, blob, data,
mediasourceblob, and mediastream protocols are allowed by default.
Additionally, support WEBKIT_GST_ALLOWED_URI_PROTOCOLS environment
variable to extend the list of allowed protocols via comma-separated
values.
Test: Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp:
(WebCore::isProtocolAllowed):
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h:
*
Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::load):
* Tools/TestWebKitAPI/Tests/WebCore/gstreamer/GStreamerTest.cpp:
(TestWebKitAPI::TEST_F(GStreamerTest, protocolValidation)):
(TestWebKitAPI::TEST_F(GStreamerTest,
protocolValidationEnvironmentVariable)):
Canonical link: https://commits.webkit.org/302338@main
Canonical link: https://commits.webkit.org/298234.217@webkitglib/2.50
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
