diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/CssLinkResourceTransformer.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/CssLinkResourceTransformer.java index d35fe16ba862..4380246e8438 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/CssLinkResourceTransformer.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/CssLinkResourceTransformer.java @@ -123,7 +123,8 @@ public Resource transform(HttpServletRequest request, Resource resource, Resourc private boolean hasScheme(String link) { int schemeIndex = link.indexOf(":"); - return schemeIndex > 0 && !link.substring(0, schemeIndex).contains("/"); + return (schemeIndex > 0 && !link.substring(0, schemeIndex).contains("/")) + || link.indexOf("//") == 0; } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/CssLinkResourceTransformerTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/CssLinkResourceTransformerTests.java index dd509d63b531..05703e0804ce 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/CssLinkResourceTransformerTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/CssLinkResourceTransformerTests.java @@ -99,7 +99,8 @@ public void transformExtLinksNotAllowed() throws Exception { TransformedResource transformedResource = (TransformedResource) resource; String expected = "@import url(\"http://example.org/fonts/css\");\n" + - "body { background: url(\"file:///home/spring/image.png\") }"; + "body { background: url(\"file:///home/spring/image.png\") }\n" + + "figure { background: url(\"//example.org/style.css\")}"; String result = new String(transformedResource.getByteArray(), "UTF-8"); result = StringUtils.deleteAny(result, "\r"); assertEquals(expected, result); @@ -108,6 +109,8 @@ public void transformExtLinksNotAllowed() throws Exception { .resolveUrlPath("http://example.org/fonts/css", Arrays.asList(externalCss)); Mockito.verify(resolverChain, Mockito.never()) .resolveUrlPath("file:///home/spring/image.png", Arrays.asList(externalCss)); + Mockito.verify(resolverChain, Mockito.never()) + .resolveUrlPath("//example.org/style.css", Arrays.asList(externalCss)); } @Test diff --git a/spring-webmvc/src/test/resources/org/springframework/web/servlet/resource/test/external.css b/spring-webmvc/src/test/resources/org/springframework/web/servlet/resource/test/external.css index aa0afb2bbccd..d21e42aaf2ae 100644 --- a/spring-webmvc/src/test/resources/org/springframework/web/servlet/resource/test/external.css +++ b/spring-webmvc/src/test/resources/org/springframework/web/servlet/resource/test/external.css @@ -1,2 +1,3 @@ @import url("http://example.org/fonts/css"); -body { background: url("file:///home/spring/image.png") } \ No newline at end of file +body { background: url("file:///home/spring/image.png") } +figure { background: url("//example.org/style.css")} \ No newline at end of file