Changeset 179933 in webkit
- Timestamp:
- Feb 11, 2015 10:03:42 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 2 deleted
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r179926 r179933 1 2015-02-10 Alexey Proskuryakov <ap@apple.com> 2 3 URL::setUser and URL::setPass don't percent encode 4 https://bugs.webkit.org/show_bug.cgi?id=141453 5 rdar://problem/14844503&16551802&19623145 6 7 Reviewed by Darin Adler. 8 9 * fast/url/url-credentials-escaping-expected.txt: Added. 10 * fast/url/url-credentials-escaping.html: Added. 11 This change is most directly testable via URL API. 12 13 * http/tests/xmlhttprequest/basic-auth-credentials-escaping-expected.txt: Added. 14 * http/tests/xmlhttprequest/basic-auth-credentials-escaping.html: Added. 15 Verify that this doesn't break XMLHttpRequest authentication. 16 17 * fast/dom/DOMURL/invalid-url-getters-expected.txt: Removed. 18 * fast/dom/DOMURL/invalid-url-getters.html: Removed. 19 * fast/dom/DOMURL/url-origin-expected.txt: 20 * fast/dom/DOMURL/url-origin.html: 21 Removed tests for invalid URLs, there is no such thing with URL API. 22 1 23 2015-02-11 Commit Queue <commit-queue@webkit.org> 2 24 -
trunk/LayoutTests/fast/dom/DOMURL/url-origin-expected.txt
r163208 r179933 5 5 file:///home/abarth => file:// 6 6 data:text/html,<b>foo</b> => null 7 http://@@@www.example.com/bar => null8 7 -
trunk/LayoutTests/fast/dom/DOMURL/url-origin.html
r163208 r179933 5 5 if (window.testRunner) 6 6 testRunner.dumpAsText(); 7 8 var invalidURL = new URL("http://www.example.com/bar")9 invalidURL.username = "@@";10 7 11 8 var cases = [ … … 16 13 new URL("file:///home/abarth"), 17 14 new URL("data:text/html,<b>foo</b>"), 18 invalidURL19 15 ]; 20 16 -
trunk/Source/WebCore/ChangeLog
r179929 r179933 1 2015-02-10 Alexey Proskuryakov <ap@apple.com> 2 3 URL::setUser and URL::setPass don't percent encode 4 https://bugs.webkit.org/show_bug.cgi?id=141453 5 rdar://problem/14844503&16551802&19623145 6 7 Reviewed by Darin Adler. 8 9 Tests: fast/url/url-credentials-escaping.html 10 http/tests/xmlhttprequest/basic-auth-credentials-escaping.html 11 12 Start adding some code that performs escaping in a way that matches the URL Standard. 13 Right now, it's only used where we failed to do any escaping at all, and over time, 14 we'll be moving towards a new implementation. 15 16 * html/URLUtils.h: 17 (WebCore::URLUtils<T>::username): 18 (WebCore::URLUtils<T>::password): 19 * platform/URL.cpp: 20 (WebCore::isSchemeFirstChar): 21 (WebCore::URL::user): 22 (WebCore::URL::pass): 23 (WebCore::URL::encodedUser): 24 (WebCore::URL::encodedPass): 25 (WebCore::URL::setUser): 26 (WebCore::URL::setPass): 27 (WebCore::encodeWithURLEscapeSequences): 28 * platform/URL.h: 29 1 30 2015-02-11 Alex Christensen <achristensen@webkit.org> 2 31 -
trunk/Source/WebCore/html/URLUtils.h
r163253 r179933 99 99 String URLUtils<T>::username() const 100 100 { 101 return href(). user();101 return href().encodedUser(); 102 102 } 103 103 … … 113 113 String URLUtils<T>::password() const 114 114 { 115 return href(). pass();115 return href().encodedPass(); 116 116 } 117 117 -
trunk/Source/WebCore/platform/URL.cpp
r174712 r179933 1 1 /* 2 * Copyright (C) 2004, 2007, 2008, 2011, 2012, 2013 Apple Inc. All rights reserved.2 * Copyright (C) 2004, 2007, 2008, 2011, 2012, 2013, 2015 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2012 Research In Motion Limited. All rights reserved. 4 4 * … … 234 234 }; 235 235 236 enum PercentEncodeCharacterClass { 237 // Class names match the URL Standard; each class is a superset of the previous one. 238 PercentEncodeSimple = 255, 239 PercentEncodeDefault = 127, 240 PercentEncodePassword = 63, 241 PercentEncodeUsername = 31, 242 }; 243 244 static const unsigned char percentEncodeClassTable[256] = { 245 /* 0 nul */ PercentEncodeSimple, /* 1 soh */ PercentEncodeSimple, /* 2 stx */ PercentEncodeSimple, /* 3 etx */ PercentEncodeSimple, 246 /* 4 eot */ PercentEncodeSimple, /* 5 enq */ PercentEncodeSimple, /* 6 ack */ PercentEncodeSimple, /* 7 bel */ PercentEncodeSimple, 247 /* 8 bs */ PercentEncodeSimple, /* 9 ht */ PercentEncodeSimple, /* 10 nl */ PercentEncodeSimple, /* 11 vt */ PercentEncodeSimple, 248 /* 12 np */ PercentEncodeSimple, /* 13 cr */ PercentEncodeSimple, /* 14 so */ PercentEncodeSimple, /* 15 si */ PercentEncodeSimple, 249 /* 16 dle */ PercentEncodeSimple, /* 17 dc1 */ PercentEncodeSimple, /* 18 dc2 */ PercentEncodeSimple, /* 19 dc3 */ PercentEncodeSimple, 250 /* 20 dc4 */ PercentEncodeSimple, /* 21 nak */ PercentEncodeSimple, /* 22 syn */ PercentEncodeSimple, /* 23 etb */ PercentEncodeSimple, 251 /* 24 can */ PercentEncodeSimple, /* 25 em */ PercentEncodeSimple, /* 26 sub */ PercentEncodeSimple, /* 27 esc */ PercentEncodeSimple, 252 /* 28 fs */ PercentEncodeSimple, /* 29 gs */ PercentEncodeSimple, /* 30 rs */ PercentEncodeSimple, /* 31 us */ PercentEncodeSimple, 253 /* 32 sp */ PercentEncodeDefault, 254 /* 33 ! */ 0, 255 /* 34 " */ PercentEncodeDefault, 256 /* 35 # */ PercentEncodeDefault, 257 /* 36 $ */ 0, 258 /* 37 % */ 0, 259 /* 38 & */ 0, 260 /* 39 ' */ 0, 261 /* 40 ( */ 0, 262 /* 41 ) */ 0, 263 /* 42 * */ 0, 264 /* 43 + */ 0, 265 /* 44 , */ 0, 266 /* 45 - */ 0, 267 /* 46 . */ 0, 268 /* 47 / */ PercentEncodePassword, 269 /* 48 0 */ 0, /* 49 1 */ 0, /* 50 2 */ 0, /* 51 3 */ 0, 270 /* 52 4 */ 0, /* 53 5 */ 0, /* 54 6 */ 0, /* 55 7 */ 0, 271 /* 56 8 */ 0, /* 57 9 */ 0, 272 /* 58 : */ PercentEncodeUsername, 273 /* 59 ; */ 0, 274 /* 60 < */ PercentEncodeDefault, 275 /* 61 = */ 0, 276 /* 62 > */ PercentEncodeDefault, 277 /* 63 ? */ PercentEncodeDefault, 278 /* 64 @ */ PercentEncodePassword, 279 /* 65 A */ 0, /* 66 B */ 0, /* 67 C */ 0, /* 68 D */ 0, 280 /* 69 E */ 0, /* 70 F */ 0, /* 71 G */ 0, /* 72 H */ 0, 281 /* 73 I */ 0, /* 74 J */ 0, /* 75 K */ 0, /* 76 L */ 0, 282 /* 77 M */ 0, /* 78 N */ 0, /* 79 O */ 0, /* 80 P */ 0, 283 /* 81 Q */ 0, /* 82 R */ 0, /* 83 S */ 0, /* 84 T */ 0, 284 /* 85 U */ 0, /* 86 V */ 0, /* 87 W */ 0, /* 88 X */ 0, 285 /* 89 Y */ 0, /* 90 Z */ 0, 286 /* 91 [ */ 0, 287 /* 92 \ */ PercentEncodePassword, 288 /* 93 ] */ 0, 289 /* 94 ^ */ 0, 290 /* 95 _ */ 0, 291 /* 96 ` */ PercentEncodeDefault, 292 /* 97 a */ 0, /* 98 b */ 0, /* 99 c */ 0, /* 100 d */ 0, 293 /* 101 e */ 0, /* 102 f */ 0, /* 103 g */ 0, /* 104 h */ 0, 294 /* 105 i */ 0, /* 106 j */ 0, /* 107 k */ 0, /* 108 l */ 0, 295 /* 109 m */ 0, /* 110 n */ 0, /* 111 o */ 0, /* 112 p */ 0, 296 /* 113 q */ 0, /* 114 r */ 0, /* 115 s */ 0, /* 116 t */ 0, 297 /* 117 u */ 0, /* 118 v */ 0, /* 119 w */ 0, /* 120 x */ 0, 298 /* 121 y */ 0, /* 122 z */ 0, 299 /* 123 { */ 0, 300 /* 124 | */ 0, 301 /* 125 } */ 0, 302 /* 126 ~ */ 0, 303 /* 127 del */ PercentEncodeSimple, 304 /* 128 */ PercentEncodeSimple, /* 129 */ PercentEncodeSimple, /* 130 */ PercentEncodeSimple, /* 131 */ PercentEncodeSimple, 305 /* 132 */ PercentEncodeSimple, /* 133 */ PercentEncodeSimple, /* 134 */ PercentEncodeSimple, /* 135 */ PercentEncodeSimple, 306 /* 136 */ PercentEncodeSimple, /* 137 */ PercentEncodeSimple, /* 138 */ PercentEncodeSimple, /* 139 */ PercentEncodeSimple, 307 /* 140 */ PercentEncodeSimple, /* 141 */ PercentEncodeSimple, /* 142 */ PercentEncodeSimple, /* 143 */ PercentEncodeSimple, 308 /* 144 */ PercentEncodeSimple, /* 145 */ PercentEncodeSimple, /* 146 */ PercentEncodeSimple, /* 147 */ PercentEncodeSimple, 309 /* 148 */ PercentEncodeSimple, /* 149 */ PercentEncodeSimple, /* 150 */ PercentEncodeSimple, /* 151 */ PercentEncodeSimple, 310 /* 152 */ PercentEncodeSimple, /* 153 */ PercentEncodeSimple, /* 154 */ PercentEncodeSimple, /* 155 */ PercentEncodeSimple, 311 /* 156 */ PercentEncodeSimple, /* 157 */ PercentEncodeSimple, /* 158 */ PercentEncodeSimple, /* 159 */ PercentEncodeSimple, 312 /* 160 */ PercentEncodeSimple, /* 161 */ PercentEncodeSimple, /* 162 */ PercentEncodeSimple, /* 163 */ PercentEncodeSimple, 313 /* 164 */ PercentEncodeSimple, /* 165 */ PercentEncodeSimple, /* 166 */ PercentEncodeSimple, /* 167 */ PercentEncodeSimple, 314 /* 168 */ PercentEncodeSimple, /* 169 */ PercentEncodeSimple, /* 170 */ PercentEncodeSimple, /* 171 */ PercentEncodeSimple, 315 /* 172 */ PercentEncodeSimple, /* 173 */ PercentEncodeSimple, /* 174 */ PercentEncodeSimple, /* 175 */ PercentEncodeSimple, 316 /* 176 */ PercentEncodeSimple, /* 177 */ PercentEncodeSimple, /* 178 */ PercentEncodeSimple, /* 179 */ PercentEncodeSimple, 317 /* 180 */ PercentEncodeSimple, /* 181 */ PercentEncodeSimple, /* 182 */ PercentEncodeSimple, /* 183 */ PercentEncodeSimple, 318 /* 184 */ PercentEncodeSimple, /* 185 */ PercentEncodeSimple, /* 186 */ PercentEncodeSimple, /* 187 */ PercentEncodeSimple, 319 /* 188 */ PercentEncodeSimple, /* 189 */ PercentEncodeSimple, /* 190 */ PercentEncodeSimple, /* 191 */ PercentEncodeSimple, 320 /* 192 */ PercentEncodeSimple, /* 193 */ PercentEncodeSimple, /* 194 */ PercentEncodeSimple, /* 195 */ PercentEncodeSimple, 321 /* 196 */ PercentEncodeSimple, /* 197 */ PercentEncodeSimple, /* 198 */ PercentEncodeSimple, /* 199 */ PercentEncodeSimple, 322 /* 200 */ PercentEncodeSimple, /* 201 */ PercentEncodeSimple, /* 202 */ PercentEncodeSimple, /* 203 */ PercentEncodeSimple, 323 /* 204 */ PercentEncodeSimple, /* 205 */ PercentEncodeSimple, /* 206 */ PercentEncodeSimple, /* 207 */ PercentEncodeSimple, 324 /* 208 */ PercentEncodeSimple, /* 209 */ PercentEncodeSimple, /* 210 */ PercentEncodeSimple, /* 211 */ PercentEncodeSimple, 325 /* 212 */ PercentEncodeSimple, /* 213 */ PercentEncodeSimple, /* 214 */ PercentEncodeSimple, /* 215 */ PercentEncodeSimple, 326 /* 216 */ PercentEncodeSimple, /* 217 */ PercentEncodeSimple, /* 218 */ PercentEncodeSimple, /* 219 */ PercentEncodeSimple, 327 /* 220 */ PercentEncodeSimple, /* 221 */ PercentEncodeSimple, /* 222 */ PercentEncodeSimple, /* 223 */ PercentEncodeSimple, 328 /* 224 */ PercentEncodeSimple, /* 225 */ PercentEncodeSimple, /* 226 */ PercentEncodeSimple, /* 227 */ PercentEncodeSimple, 329 /* 228 */ PercentEncodeSimple, /* 229 */ PercentEncodeSimple, /* 230 */ PercentEncodeSimple, /* 231 */ PercentEncodeSimple, 330 /* 232 */ PercentEncodeSimple, /* 233 */ PercentEncodeSimple, /* 234 */ PercentEncodeSimple, /* 235 */ PercentEncodeSimple, 331 /* 236 */ PercentEncodeSimple, /* 237 */ PercentEncodeSimple, /* 238 */ PercentEncodeSimple, /* 239 */ PercentEncodeSimple, 332 /* 240 */ PercentEncodeSimple, /* 241 */ PercentEncodeSimple, /* 242 */ PercentEncodeSimple, /* 243 */ PercentEncodeSimple, 333 /* 244 */ PercentEncodeSimple, /* 245 */ PercentEncodeSimple, /* 246 */ PercentEncodeSimple, /* 247 */ PercentEncodeSimple, 334 /* 248 */ PercentEncodeSimple, /* 249 */ PercentEncodeSimple, /* 250 */ PercentEncodeSimple, /* 251 */ PercentEncodeSimple, 335 /* 252 */ PercentEncodeSimple, /* 253 */ PercentEncodeSimple, /* 254 */ PercentEncodeSimple, /* 255 */ PercentEncodeSimple 336 }; 337 236 338 static int copyPathRemovingDots(char* dst, const char* src, int srcStart, int srcEnd); 237 339 static void encodeRelativeString(const String& rel, const TextEncoding&, CharBuffer& ouput); … … 256 358 return (character | 0x20) == schemeCharacter; 257 359 } 360 361 String encodeWithURLEscapeSequences(const String& notEncodedString, PercentEncodeCharacterClass whatToEncode); 258 362 259 363 // Copies the source to the destination, assuming all the source characters are … … 599 703 } 600 704 705 String URL::user() const 706 { 707 return decodeURLEscapeSequences(m_string.substring(m_userStart, m_userEnd - m_userStart)); 708 } 709 601 710 String URL::pass() const 602 711 { … … 604 713 return String(); 605 714 606 return decodeURLEscapeSequences(m_string.substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1)); 607 } 608 609 String URL::user() const 610 { 611 return decodeURLEscapeSequences(m_string.substring(m_userStart, m_userEnd - m_userStart)); 715 return decodeURLEscapeSequences(m_string.substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1)); 716 } 717 718 String URL::encodedUser() const 719 { 720 return m_string.substring(m_userStart, m_userEnd - m_userStart); 721 } 722 723 String URL::encodedPass() const 724 { 725 if (m_passwordEnd == m_userEnd) 726 return String(); 727 728 return m_string.substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1); 612 729 } 613 730 … … 763 880 int end = m_userEnd; 764 881 if (!user.isEmpty()) { 765 String u = user;882 String u = encodeWithURLEscapeSequences(user, PercentEncodeUsername); 766 883 if (m_userStart == m_schemeEnd + 1) 767 884 u = "//" + u; … … 785 902 return; 786 903 787 // FIXME: Non-ASCII characters must be encoded and escaped to match parse() expectations,788 // and to avoid changing more than just the user password.789 790 904 int end = m_passwordEnd; 791 905 if (!password.isEmpty()) { 792 String p = ":" + password+ "@";906 String p = ":" + encodeWithURLEscapeSequences(password, PercentEncodePassword) + "@"; 793 907 if (m_userEnd == m_schemeEnd + 1) 794 908 p = "//" + p; … … 1477 1591 1478 1592 return true; 1593 } 1594 1595 String encodeWithURLEscapeSequences(const String& notEncodedString, PercentEncodeCharacterClass whatToEncode) 1596 { 1597 CString asUTF8 = notEncodedString.utf8(); 1598 1599 CharBuffer buffer(asUTF8.length() * 3 + 1); 1600 char* p = buffer.data(); 1601 1602 const char* str = asUTF8.data(); 1603 const char* strEnd = str + asUTF8.length(); 1604 while (str < strEnd) { 1605 unsigned char c = *str++; 1606 if (percentEncodeClassTable[c] >= whatToEncode) 1607 appendEscapedChar(p, c); 1608 else 1609 *p++ = c; 1610 } 1611 1612 ASSERT(p - buffer.data() <= static_cast<int>(buffer.size())); 1613 1614 return String(buffer.data(), p - buffer.data()); 1479 1615 } 1480 1616 -
trunk/Source/WebCore/platform/URL.h
r177739 r179933 114 114 WEBCORE_EXPORT bool hasFragmentIdentifier() const; 115 115 116 // Unlike user() and pass(), these functions don't decode escape sequences. 117 // This is necessary for accurate round-tripping, because encoding doesn't encode '%' characters. 118 String encodedUser() const; 119 String encodedPass() const; 120 116 121 WEBCORE_EXPORT String baseAsString() const; 117 122 … … 254 259 String decodeURLEscapeSequences(const String&, const TextEncoding&); 255 260 261 // FIXME: This is a wrong concept to expose, different parts of a URL need different escaping per the URL Standard. 256 262 WEBCORE_EXPORT String encodeWithURLEscapeSequences(const String&); 257 263
Note: See TracChangeset
for help on using the changeset viewer.