Changeset 226469 in webkit


Ignore:
Timestamp:
Jan 5, 2018, 3:38:26 PM (7 years ago)
Author:
achristensen@apple.com
Message:

Forbid < and > in URL hosts
https://bugs.webkit.org/show_bug.cgi?id=181308
<rdar://problem/36012757>

Reviewed by Tim Horton.

LayoutTests/imported/w3c:

  • web-platform-tests/url/a-element-expected.txt:
  • web-platform-tests/url/a-element-origin-expected.txt:
  • web-platform-tests/url/a-element-origin-xhtml-expected.txt:
  • web-platform-tests/url/a-element-xhtml-expected.txt:
  • web-platform-tests/url/url-constructor-expected.txt:
  • web-platform-tests/url/url-origin-expected.txt:

Source/WebCore:

https://url.spec.whatwg.org/#forbidden-host-code-point does not include these characters yet, but I think it should.
Firefox fails to parse URLs with < or > in the host. Chrome percent encodes them. Safari needs to do something.
The web platform tests are unclear on this case, and they will need to be updated with the specification.
They do show a change in behavior, though.

  • platform/URLParser.cpp:

Add < and > to the list of forbidden host code points.

Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/imported/w3c/ChangeLog

    r226456 r226469  
     12018-01-05  Alex Christensen  <achristensen@webkit.org>
     2
     3        Forbid < and > in URL hosts
     4        https://bugs.webkit.org/show_bug.cgi?id=181308
     5        <rdar://problem/36012757>
     6
     7        Reviewed by Tim Horton.
     8
     9        * web-platform-tests/url/a-element-expected.txt:
     10        * web-platform-tests/url/a-element-origin-expected.txt:
     11        * web-platform-tests/url/a-element-origin-xhtml-expected.txt:
     12        * web-platform-tests/url/a-element-xhtml-expected.txt:
     13        * web-platform-tests/url/url-constructor-expected.txt:
     14        * web-platform-tests/url/url-origin-expected.txt:
     15
    1162018-01-05  Youenn Fablet  <youenn@apple.com>
    217

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt

    r223327 r226469  
    341341PASS Parsing: <mailto:/../> against <about:blank>
    342342PASS Parsing: <sc://ñ.test/> against <about:blank>
    343 PASS Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank>
     343FAIL Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> assert_equals: href expected "sc://%1F!\"$&'()*+,-.;<=>^_`{|}~/" but got "sc://\x1f!\"$&'()*+,-.;<=>^_`{|}~/"
    344344PASS Parsing: <sc://\0/> against <about:blank>
    345345PASS Parsing: <sc:// /> against <about:blank>

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt

    r217095 r226469  
    253253FAIL Parsing origin: <mailto:/../> against <about:blank> assert_equals: origin expected "null" but got "mailto://"
    254254FAIL Parsing origin: <sc://ñ.test/> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1.test"
    255 FAIL Parsing origin: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;<=>^_`{|}~"
     255PASS Parsing origin: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank>
    256256FAIL Parsing origin: <x> against <sc://ñ> assert_equals: origin expected "null" but got "sc://%c3%b1"
    257257FAIL Parsing origin: <sc:\../> against <about:blank> assert_equals: origin expected "null" but got "sc://"

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt

    r217095 r226469  
    253253FAIL Parsing origin: <mailto:/../> against <about:blank> assert_equals: origin expected "null" but got "mailto://"
    254254FAIL Parsing origin: <sc://ñ.test/> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1.test"
    255 FAIL Parsing origin: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;<=>^_`{|}~"
     255PASS Parsing origin: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank>
    256256FAIL Parsing origin: <x> against <sc://ñ> assert_equals: origin expected "null" but got "sc://%c3%b1"
    257257FAIL Parsing origin: <sc:\../> against <about:blank> assert_equals: origin expected "null" but got "sc://"

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt

    r223327 r226469  
    341341PASS Parsing: <mailto:/../> against <about:blank>
    342342PASS Parsing: <sc://ñ.test/> against <about:blank>
    343 PASS Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank>
     343FAIL Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> assert_equals: href expected "sc://%1F!\"$&'()*+,-.;<=>^_`{|}~/" but got "sc://\x1f!\"$&'()*+,-.;<=>^_`{|}~/"
    344344PASS Parsing: <sc://\0/> against <about:blank>
    345345PASS Parsing: <sc:// /> against <about:blank>

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt

    r223327 r226469  
    347347PASS Parsing: <mailto:/../> against <about:blank>
    348348PASS Parsing: <sc://ñ.test/> against <about:blank>
    349 PASS Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank>
     349FAIL Parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> Type error
    350350PASS Parsing: <sc://\0/> against <about:blank>
    351351PASS Parsing: <sc:// /> against <about:blank>

  • trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin-expected.txt

    r217095 r226469  
    253253FAIL Origin parsing: <mailto:/../> against <about:blank> assert_equals: origin expected "null" but got "mailto://"
    254254FAIL Origin parsing: <sc://ñ.test/> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1.test"
    255 FAIL Origin parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;<=>^_`{|}~"
     255FAIL Origin parsing: <sc://!"$&'()*+,-.;<=>^_`{|}~/> against <about:blank> Type error
    256256FAIL Origin parsing: <x> against <sc://ñ> assert_equals: origin expected "null" but got "sc://%c3%b1"
    257257FAIL Origin parsing: <sc:\../> against <about:blank> assert_equals: origin expected "null" but got "sc://"

  • trunk/Source/WebCore/ChangeLog

    r226468 r226469  
     12018-01-05  Alex Christensen  <achristensen@webkit.org>
     2
     3        Forbid < and > in URL hosts
     4        https://bugs.webkit.org/show_bug.cgi?id=181308
     5        <rdar://problem/36012757>
     6
     7        Reviewed by Tim Horton.
     8
     9        https://url.spec.whatwg.org/#forbidden-host-code-point does not include these characters yet, but I think it should.
     10        Firefox fails to parse URLs with < or > in the host.  Chrome percent encodes them.  Safari needs to do something.
     11        The web platform tests are unclear on this case, and they will need to be updated with the specification.
     12        They do show a change in behavior, though.
     13
     14        * platform/URLParser.cpp:
     15        Add < and > to the list of forbidden host code points.
     16
    1172018-01-05  Eric Carlson  <eric.carlson@apple.com>
    218

  • trunk/Source/WebCore/platform/URLParser.cpp

    r225618 r226469  
    192192    ForbiddenHost, // '%'
    193193    0, // '&'
    194     0, // '''
     194    0, // '\''
    195195    0, // '('
    196196    0, // ')'
     
    213213    UserInfo | ForbiddenHost, // ':'
    214214    UserInfo, // ';'
    215     UserInfo | Default | QueryPercent, // '<'
     215    UserInfo | Default | QueryPercent | ForbiddenHost, // '<'
    216216    UserInfo, // '='
    217     UserInfo | Default | QueryPercent, // '>'
     217    UserInfo | Default | QueryPercent | ForbiddenHost, // '>'
    218218    UserInfo | Default | SlashQuestionOrHash | ForbiddenHost, // '?'
    219219    UserInfo | ForbiddenHost, // '@'
Note: See TracChangeset for help on using the changeset viewer.