diff options
| -rw-r--r-- | devtools/client/framework/source-map-worker.js | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/devtools/client/framework/source-map-worker.js b/devtools/client/framework/source-map-worker.js index c68732f38e..b6ac2c121f 100644 --- a/devtools/client/framework/source-map-worker.js +++ b/devtools/client/framework/source-map-worker.js @@ -23,6 +23,19 @@ function enableSourceMaps() { function _resolveSourceMapURL(source) { const { url = "", sourceMapURL = "" } = source; + + const UNSUPPORTED_PROTOCOLS = ["chrome://", "resource://"]; + if (path.isURL(sourceMapURL) && UNSUPPORTED_PROTOCOLS.some(protocol => sourceMapURL.startsWith(protocol))) { + // If it's an internal protocol, don't allow it and return empty. + return ""; + } + if (path.isURL(sourceMapURL) && sourceMapURL.startsWith("file://")) { + // Only allow file:// source maps from file:// docs + if (!url.startsWith("file://")) { + return ""; + } + } + if (path.isURL(sourceMapURL) || url == "") { // If it's already a full URL or the source doesn't have a URL, // don't resolve anything. |