Changeset 236674 in webkit


Ignore:
Timestamp:
Oct 1, 2018 11:16:33 AM (6 years ago)
Author:
achristensen@apple.com
Message:

URL should not use TextEncoding internally
https://bugs.webkit.org/show_bug.cgi?id=190111

Reviewed by Andy Estes.

Source/WebCore:

That dependency makes it impossible to move or use elsewhere.
Using TextEncoding was overkill because we know the credentials are UTF-8 percent-encoded in a parsed URL.
No change in behavior as verified by new API tests.

  • page/SecurityOrigin.cpp:
  • page/csp/ContentSecurityPolicySourceList.cpp:
  • platform/URL.cpp:

(WebCore::decodeEscapeSequencesFromParsedURL):
(WebCore::URL::user const):
(WebCore::URL::pass const):
(WebCore::URL::fileSystemPath const):
(WebCore::decodeURLEscapeSequences): Deleted.

  • platform/URL.h:
  • platform/network/DataURLDecoder.cpp:
  • platform/text/TextEncoding.cpp:

(WebCore::decodeURLEscapeSequences):

  • platform/text/TextEncoding.h:

Source/WebKit:

  • UIProcess/WebInspectorProxy.cpp:

Source/WebKitLegacy/mac:

  • Misc/WebNSURLExtras.mm:

Tools:

  • TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::testUserPass):
(TestWebKitAPI::TEST_F):

Location:
trunk
Files:
18 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r236673 r236674  
     12018-10-01  Alex Christensen  <achristensen@webkit.org>
     2
     3        URL should not use TextEncoding internally
     4        https://bugs.webkit.org/show_bug.cgi?id=190111
     5
     6        Reviewed by Andy Estes.
     7
     8        That dependency makes it impossible to move or use elsewhere.
     9        Using TextEncoding was overkill because we know the credentials are UTF-8 percent-encoded in a parsed URL.
     10        No change in behavior as verified by new API tests.
     11
     12        * page/SecurityOrigin.cpp:
     13        * page/csp/ContentSecurityPolicySourceList.cpp:
     14        * platform/URL.cpp:
     15        (WebCore::decodeEscapeSequencesFromParsedURL):
     16        (WebCore::URL::user const):
     17        (WebCore::URL::pass const):
     18        (WebCore::URL::fileSystemPath const):
     19        (WebCore::decodeURLEscapeSequences): Deleted.
     20        * platform/URL.h:
     21        * platform/network/DataURLDecoder.cpp:
     22        * platform/text/TextEncoding.cpp:
     23        (WebCore::decodeURLEscapeSequences):
     24        * platform/text/TextEncoding.h:
     25
    1262018-10-01  Simon Pieters  <zcorpan@gmail.com>
    227

  • trunk/Source/WebCore/page/SecurityOrigin.cpp

    r233122 r236674  
    3535#include "SchemeRegistry.h"
    3636#include "SecurityPolicy.h"
     37#include "TextEncoding.h"
    3738#include "ThreadableBlobRegistry.h"
    3839#include <wtf/MainThread.h>

  • trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp

    r235560 r236674  
    3131#include "ContentSecurityPolicyDirectiveNames.h"
    3232#include "ParsingUtilities.h"
     33#include "TextEncoding.h"
    3334#include "URL.h"
    3435#include <wtf/ASCIICType.h>

  • trunk/Source/WebCore/platform/URL.cpp

    r236565 r236674  
    2828#include "URL.h"
    2929
    30 #include "DecodeEscapeSequences.h"
    31 #include "TextEncoding.h"
    3230#include "URLParser.h"
    3331#include <stdio.h>
     
    188186}
    189187
     188static String decodeEscapeSequencesFromParsedURL(StringView input)
     189{
     190    auto inputLength = input.length();
     191    if (!inputLength)
     192        return emptyString();
     193    Vector<LChar> percentDecoded;
     194    percentDecoded.reserveInitialCapacity(inputLength);
     195    for (unsigned i = 0; i < inputLength; ++i) {
     196        if (input[i] == '%'
     197            && inputLength > 2
     198            && i < inputLength - 2
     199            && isASCIIHexDigit(input[i + 1])
     200            && isASCIIHexDigit(input[i + 2])) {
     201            percentDecoded.uncheckedAppend(toASCIIHexValue(input[i + 1], input[i + 2]));
     202            i += 2;
     203        } else
     204            percentDecoded.uncheckedAppend(input[i]);
     205    }
     206    return String::fromUTF8(percentDecoded.data(), percentDecoded.size());
     207}
     208
    190209String URL::user() const
    191210{
    192     return decodeURLEscapeSequences(m_string.substring(m_userStart, m_userEnd - m_userStart));
     211    return decodeEscapeSequencesFromParsedURL(StringView(m_string).substring(m_userStart, m_userEnd - m_userStart));
    193212}
    194213
     
    198217        return String();
    199218
    200     return decodeURLEscapeSequences(m_string.substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1));
     219    return decodeEscapeSequencesFromParsedURL(StringView(m_string).substring(m_userEnd + 1, m_passwordEnd - m_userEnd - 1));
    201220}
    202221
     
    239258        return String();
    240259
    241     return decodeURLEscapeSequences(path());
     260    return decodeEscapeSequencesFromParsedURL(StringView(path()));
    242261}
    243262
     
    657676    URLParser parser(makeString(StringView(m_string).left(m_hostEnd + m_portLength), percentEncodeCharacters(path, questionMarkOrNumberSign), StringView(m_string).substring(m_pathEnd)));
    658677    *this = parser.result();
    659 }
    660 
    661 String decodeURLEscapeSequences(const String& string)
    662 {
    663     if (string.isEmpty())
    664         return string;
    665     return decodeEscapeSequences<URLEscapeSequence>(string, UTF8Encoding());
    666 }
    667 
    668 String decodeURLEscapeSequences(const String& string, const TextEncoding& encoding)
    669 {
    670     if (string.isEmpty())
    671         return string;
    672     return decodeEscapeSequences<URLEscapeSequence>(string, encoding);
    673678}
    674679

  • trunk/Source/WebCore/platform/URL.h

    r236565 r236674  
    129129    // Unlike user() and pass(), these functions don't decode escape sequences.
    130130    // This is necessary for accurate round-tripping, because encoding doesn't encode '%' characters.
    131     String encodedUser() const;
    132     String encodedPass() const;
     131    WEBCORE_EXPORT String encodedUser() const;
     132    WEBCORE_EXPORT String encodedPass() const;
    133133
    134134    WEBCORE_EXPORT String baseAsString() const;
     
    303303String mimeTypeFromDataURL(const String& url);
    304304
    305 // Unescapes the given string using URL escaping rules, given an optional
    306 // encoding (defaulting to UTF-8 otherwise). DANGER: If the URL has "%00"
    307 // in it, the resulting string will have embedded null characters!
    308 WEBCORE_EXPORT String decodeURLEscapeSequences(const String&);
    309 class TextEncoding;
    310 String decodeURLEscapeSequences(const String&, const TextEncoding&);
    311 
    312305// FIXME: This is a wrong concept to expose, different parts of a URL need different escaping per the URL Standard.
    313306WEBCORE_EXPORT String encodeWithURLEscapeSequences(const String&);

  • trunk/Source/WebCore/platform/network/DataURLDecoder.cpp

    r233122 r236674  
    3030#include "HTTPParsers.h"
    3131#include "SharedBuffer.h"
     32#include "TextEncoding.h"
    3233#include "URL.h"
    3334#include <wtf/MainThread.h>

  • trunk/Source/WebCore/platform/text/TextEncoding.cpp

    r236565 r236674  
    2929#include "TextEncoding.h"
    3030
     31#include "DecodeEscapeSequences.h"
    3132#include "TextCodec.h"
    3233#include "TextEncodingRegistry.h"
     
    219220}
    220221
     222String decodeURLEscapeSequences(const String& string, const TextEncoding& encoding)
     223{
     224    if (string.isEmpty())
     225        return string;
     226    return decodeEscapeSequences<URLEscapeSequence>(string, encoding);
     227}
     228
    221229} // namespace WebCore

  • trunk/Source/WebCore/platform/text/TextEncoding.h

    r236565 r236674  
    7373WEBCORE_EXPORT const TextEncoding& WindowsLatin1Encoding();
    7474
     75// Unescapes the given string using URL escaping rules.
     76// DANGER: If the URL has "%00" in it,
     77// the resulting string will have embedded null characters!
     78WEBCORE_EXPORT String decodeURLEscapeSequences(const String&, const TextEncoding& = UTF8Encoding());
     79
    7580inline String TextEncoding::decode(const char* characters, size_t length) const
    7681{

  • trunk/Source/WebKit/ChangeLog

    r236671 r236674  
     12018-10-01  Alex Christensen  <achristensen@webkit.org>
     2
     3        URL should not use TextEncoding internally
     4        https://bugs.webkit.org/show_bug.cgi?id=190111
     5
     6        Reviewed by Andy Estes.
     7
     8        * UIProcess/WebInspectorProxy.cpp:
     9
    1102018-10-01  Jeremy Jones  <jeremyj@apple.com>
    211

  • trunk/Source/WebKit/NetworkProcess/soup/NetworkDataTaskSoup.cpp

    r236344 r236674  
    4141#include <WebCore/SharedBuffer.h>
    4242#include <WebCore/SoupNetworkSession.h>
     43#include <WebCore/TextEncoding.h>
    4344#include <wtf/MainThread.h>
    4445#include <wtf/glib/RunLoopSourcePriority.h>

  • trunk/Source/WebKit/UIProcess/API/glib/WebKitFileChooserRequest.cpp

    r224371 r236674  
    2727#include "WebOpenPanelResultListenerProxy.h"
    2828#include <WebCore/FileSystem.h>
     29#include <WebCore/TextEncoding.h>
    2930#include <WebCore/URL.h>
    3031#include <glib/gi18n-lib.h>

  • trunk/Source/WebKit/UIProcess/WebInspectorProxy.cpp

    r235265 r236674  
    4242#include "WebProcessProxy.h"
    4343#include <WebCore/NotImplemented.h>
     44#include <WebCore/TextEncoding.h>
    4445#include <wtf/SetForScope.h>
    4546

  • trunk/Source/WebKit/WebProcess/Plugins/PluginView.cpp

    r235205 r236674  
    6868#include <WebCore/SecurityPolicy.h>
    6969#include <WebCore/Settings.h>
     70#include <WebCore/TextEncoding.h>
    7071#include <WebCore/UserGestureIndicator.h>
    7172#include <wtf/CompletionHandler.h>

  • trunk/Source/WebKitLegacy/mac/ChangeLog

    r236624 r236674  
     12018-10-01  Alex Christensen  <achristensen@webkit.org>
     2
     3        URL should not use TextEncoding internally
     4        https://bugs.webkit.org/show_bug.cgi?id=190111
     5
     6        Reviewed by Andy Estes.
     7
     8        * Misc/WebNSURLExtras.mm:
     9
    1102018-09-28  Jer Noble  <jer.noble@apple.com>
    211

  • trunk/Source/WebKitLegacy/mac/Misc/WebNSURLExtras.mm

    r222896 r236674  
    3636#import <WebCore/URL.h>
    3737#import <WebCore/LoaderNSURLExtras.h>
     38#import <WebCore/TextEncoding.h>
    3839#import <WebCore/WebCoreNSURLExtras.h>
    3940#import <wtf/Assertions.h>

  • trunk/Source/WebKitLegacy/win/WebDownloadCurl.cpp

    r225998 r236674  
    5151#include <WebCore/ResourceRequest.h>
    5252#include <WebCore/ResourceResponse.h>
     53#include <WebCore/TextEncoding.h>
    5354
    5455using namespace WebCore;

  • trunk/Tools/ChangeLog

    r236667 r236674  
     12018-10-01  Alex Christensen  <achristensen@webkit.org>
     2
     3        URL should not use TextEncoding internally
     4        https://bugs.webkit.org/show_bug.cgi?id=190111
     5
     6        Reviewed by Andy Estes.
     7
     8        * TestWebKitAPI/Tests/WebCore/URLParser.cpp:
     9        (TestWebKitAPI::testUserPass):
     10        (TestWebKitAPI::TEST_F):
     11
    1122018-10-01  Daniel Bates  <dabates@apple.com>
    213

  • trunk/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp

    r236565 r236674  
    501501    // and Firefox fails the web platform test differently. Maybe the web platform test ought to be changed.
    502502    checkURL("http://:@host", {"http", "", "", "host", 0, "/", "", "", "http://host/"});
     503}
     504
     505static void testUserPass(const String& value, const String& decoded, const String& encoded)
     506{
     507    URL userURL(URL(), makeString("http://", value, "@example.com/"));
     508    URL passURL(URL(), makeString("http://user:", value, "@example.com/"));
     509    EXPECT_EQ(encoded, userURL.encodedUser());
     510    EXPECT_EQ(encoded, passURL.encodedPass());
     511    EXPECT_EQ(decoded, userURL.user());
     512    EXPECT_EQ(decoded, passURL.pass());
     513}
     514
     515static void testUserPass(const String& value, const String& encoded)
     516{
     517    testUserPass(value, value, encoded);
     518}
     519
     520TEST_F(URLParserTest, Credentials)
     521{
     522    auto validSurrogate = utf16String<3>({0xD800, 0xDD55, '\0'});
     523    auto invalidSurrogate = utf16String<3>({0xD800, 'A', '\0'});
     524    auto replacementA = utf16String<3>({0xFFFD, 'A', '\0'});
     525
     526    testUserPass("a", "a");
     527    testUserPass("%", "%");
     528    testUserPass("%25", "%", "%25");
     529    testUserPass("%2525", "%25", "%2525");
     530    testUserPass("%FX", "%FX");
     531    testUserPass("%00", String::fromUTF8("\0", 1), "%00");
     532    testUserPass("%F%25", "%F%", "%F%25");
     533    testUserPass("%X%25", "%X%", "%X%25");
     534    testUserPass("%%25", "%%", "%%25");
     535    testUserPass("💩", "%C3%B0%C2%9F%C2%92%C2%A9");
     536    testUserPass("%💩", "%%C3%B0%C2%9F%C2%92%C2%A9");
     537    testUserPass(validSurrogate, "%F0%90%85%95");
     538    testUserPass(replacementA, "%EF%BF%BDA");
     539    testUserPass(invalidSurrogate, replacementA, "%EF%BF%BDA");
    503540}
    504541
Note: See TracChangeset for help on using the changeset viewer.