Changeset 267965 in webkit

Timestamp:

Oct 5, 2020 7:51:18 AM (4 years ago)

Author:

achristensen@apple.com

Message:

URLParser should fail to parse URLs with hosts containing invalid punycode encodings
​https://bugs.webkit.org/show_bug.cgi?id=217285

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

• web-platform-tests/url/a-element-expected.txt:
• web-platform-tests/url/a-element-xhtml-expected.txt:
• web-platform-tests/url/failure-expected.txt:
• web-platform-tests/url/toascii.window-expected.txt:
• web-platform-tests/url/url-constructor-expected.txt:

Source/WTF:

URLParser has a fast path for parsing hosts that are all ASCII, but that does not validate hosts that are invalid punycode, such as "xn--".
Since all punycode encoded strings start with "xn--", if the input string starts with "xn--" then skip the fast path and let ICU decide if it's valid.

• wtf/URLParser.cpp:

(WTF::URLParser::domainToASCII):
(WTF::URLParser::startsWithXNDashDash):
(WTF::URLParser::parseHostAndPort):

• wtf/URLParser.h:

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/url/toascii.window-expected.txt (modified) (5 diffs)
• LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt (modified) (1 diff)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/wtf/URLParser.cpp (modified) (3 diffs)
• Source/WTF/wtf/URLParser.h (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2020-10-05  Alex Christensen  <achristensen@webkit.org>
+
+        URLParser should fail to parse URLs with hosts containing invalid punycode encodings
+        https://bugs.webkit.org/show_bug.cgi?id=217285
+
+        Reviewed by Darin Adler.
+
+        * web-platform-tests/url/a-element-expected.txt:
+        * web-platform-tests/url/a-element-xhtml-expected.txt:
+        * web-platform-tests/url/failure-expected.txt:
+        * web-platform-tests/url/toascii.window-expected.txt:
+        * web-platform-tests/url/url-constructor-expected.txt:
+
 2020-10-05  Alex Christensen  <achristensen@webkit.org>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt

@@ -580 +580 @@
 PASS Parsing: <file://­/p> against <about:blank>
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
+PASS Parsing: <file://xn--/p> against <about:blank>
 PASS Parsing: <#link> against <https://example.org/##link>
 PASS Parsing: <non-special:cannot-be-a-base-url-\0

trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt

@@ -580 +580 @@
 PASS Parsing: <file://­/p> against <about:blank>
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
+PASS Parsing: <file://xn--/p> against <about:blank>
 PASS Parsing: <#link> against <https://example.org/##link>
 PASS Parsing: <non-special:cannot-be-a-base-url-\0

trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt

@@ -4 +4 @@
 Blocked access to external URL http://./y:
 CONSOLE MESSAGE: Beacon API cannot load http://./y: due to access control checks.
-CONSOLE MESSAGE: Not allowed to load local resource: p
-CONSOLE MESSAGE: Not allowed to load local resource: p
 
 PASS Loading data…
@@ -380 +378 @@
 FAIL Location's href: file://%C2%AD/p should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
 PASS window.open(): file://%C2%AD/p should throw
-FAIL URL's constructor's base argument: file://xn--/p should throw assert_throws_js: function "() => new URL("about:blank", test.input)" did not throw
-FAIL URL's href: file://xn--/p should throw assert_throws_js: function "() => url.href = test.input" did not throw
-FAIL XHR: file://xn--/p should throw assert_throws_dom: function "() => client.open("GET", test.input)" did not throw
+PASS URL's constructor's base argument: file://xn--/p should throw
+PASS URL's href: file://xn--/p should throw
+PASS XHR: file://xn--/p should throw
 PASS sendBeacon(): file://xn--/p should throw
 FAIL Location's href: file://xn--/p should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
-FAIL window.open(): file://xn--/p should throw assert_throws_dom: function "() => self.open(test.input).close()" did not throw
+PASS window.open(): file://xn--/p should throw
 

trunk/LayoutTests/imported/w3c/web-platform-tests/url/toascii.window-expected.txt

@@ -100 +100 @@
 FAIL x..β (using <area>.host) assert_equals: expected "x..xn--nxa" but got "x"
 FAIL x..β (using <area>.hostname) assert_equals: expected "x..xn--nxa" but got "x"
-FAIL xn--a (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a (using URL.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using URL.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <a>) assert_equals: expected "" but got "xn--a"
-FAIL xn--a (using <a>.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <a>.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <area>) assert_equals: expected "" but got "xn--a"
-FAIL xn--a (using <area>.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <area>.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a.xn--nxa (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a.xn--nxa (using URL.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using URL.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>) assert_equals: expected "" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>) assert_equals: expected "" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
+PASS xn--a (using URL)
+PASS xn--a (using URL.host)
+PASS xn--a (using URL.hostname)
+PASS xn--a (using <a>)
+PASS xn--a (using <a>.host)
+PASS xn--a (using <a>.hostname)
+PASS xn--a (using <area>)
+PASS xn--a (using <area>.host)
+PASS xn--a (using <area>.hostname)
+PASS xn--a.xn--nxa (using URL)
+PASS xn--a.xn--nxa (using URL.host)
+PASS xn--a.xn--nxa (using URL.hostname)
+PASS xn--a.xn--nxa (using <a>)
+PASS xn--a.xn--nxa (using <a>.host)
+PASS xn--a.xn--nxa (using <a>.hostname)
+PASS xn--a.xn--nxa (using <area>)
+PASS xn--a.xn--nxa (using <area>.host)
+PASS xn--a.xn--nxa (using <area>.hostname)
 PASS xn--a.β (using URL)
 PASS xn--a.β (using URL.host)
@@ -172 +172 @@
 PASS ‍.example (using <area>.host)
 PASS ‍.example (using <area>.hostname)
-FAIL xn--1ug.example (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--1ug.example (using URL.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using URL.hostname) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>) assert_equals: expected "" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>.hostname) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>) assert_equals: expected "" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>.hostname) assert_equals: expected "x" but got "xn--1ug.example"
+PASS xn--1ug.example (using URL)
+PASS xn--1ug.example (using URL.host)
+PASS xn--1ug.example (using URL.hostname)
+PASS xn--1ug.example (using <a>)
+PASS xn--1ug.example (using <a>.host)
+PASS xn--1ug.example (using <a>.hostname)
+PASS xn--1ug.example (using <area>)
+PASS xn--1ug.example (using <area>.host)
+PASS xn--1ug.example (using <area>.hostname)
 PASS يa (using URL)
 PASS يa (using URL.host)
@@ -190 +190 @@
 PASS يa (using <area>.host)
 PASS يa (using <area>.hostname)
-FAIL xn--a-yoc (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a-yoc (using URL.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using URL.hostname) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>) assert_equals: expected "" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>.hostname) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>) assert_equals: expected "" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>.hostname) assert_equals: expected "x" but got "xn--a-yoc"
+PASS xn--a-yoc (using URL)
+PASS xn--a-yoc (using URL.host)
+PASS xn--a-yoc (using URL.hostname)
+PASS xn--a-yoc (using <a>)
+PASS xn--a-yoc (using <a>.host)
+PASS xn--a-yoc (using <a>.hostname)
+PASS xn--a-yoc (using <area>)
+PASS xn--a-yoc (using <area>.host)
+PASS xn--a-yoc (using <area>.hostname)
 PASS ශ්‍රී (using URL)
 PASS ශ්‍රී (using URL.host)
@@ -226 +226 @@
 PASS �.com (using <area>.host)
 PASS �.com (using <area>.hostname)
-FAIL xn--zn7c.com (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--zn7c.com (using URL.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using URL.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>) assert_equals: expected "" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>) assert_equals: expected "" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
+PASS xn--zn7c.com (using URL)
+PASS xn--zn7c.com (using URL.host)
+PASS xn--zn7c.com (using URL.hostname)
+PASS xn--zn7c.com (using <a>)
+PASS xn--zn7c.com (using <a>.host)
+PASS xn--zn7c.com (using <a>.hostname)
+PASS xn--zn7c.com (using <area>)
+PASS xn--zn7c.com (using <area>.host)
+PASS xn--zn7c.com (using <area>.hostname)
 PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL)
 PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL.host)
@@ -334 +334 @@
 PASS %C2%AD (using <area>.host)
 PASS %C2%AD (using <area>.hostname)
-FAIL xn-- (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn-- (using URL.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using URL.hostname) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <a>) assert_equals: expected "" but got "xn--"
-FAIL xn-- (using <a>.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <a>.hostname) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <area>) assert_equals: expected "" but got "xn--"
-FAIL xn-- (using <area>.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <area>.hostname) assert_equals: expected "x" but got "xn--"
+PASS xn-- (using URL)
+PASS xn-- (using URL.host)
+PASS xn-- (using URL.hostname)
+PASS xn-- (using <a>)
+PASS xn-- (using <a>.host)
+PASS xn-- (using <a>.hostname)
+PASS xn-- (using <area>)
+PASS xn-- (using <area>.host)
+PASS xn-- (using <area>.hostname)
 

trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt

@@ -581 +581 @@
 PASS Parsing: <file://­/p> against <about:blank>
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_throws_js: function "function () {
-          bURL(expected.input, expected.base)
-        }" did not throw
+PASS Parsing: <file://xn--/p> against <about:blank>
 PASS Parsing: <#link> against <https://example.org/##link>
 PASS Parsing: <non-special:cannot-be-a-base-url-\0

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2020-10-05  Alex Christensen  <achristensen@webkit.org>
+
+        URLParser should fail to parse URLs with hosts containing invalid punycode encodings
+        https://bugs.webkit.org/show_bug.cgi?id=217285
+
+        Reviewed by Darin Adler.
+
+        URLParser has a fast path for parsing hosts that are all ASCII, but that does not validate hosts that are invalid punycode, such as "xn--".
+        Since all punycode encoded strings start with "xn--", if the input string starts with "xn--" then skip the fast path and let ICU decide if it's valid.
+
+        * wtf/URLParser.cpp:
+        (WTF::URLParser::domainToASCII):
+        (WTF::URLParser::startsWithXNDashDash):
+        (WTF::URLParser::parseHostAndPort):
+        * wtf/URLParser.h:
+
 2020-10-05  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WTF/wtf/URLParser.cpp

@@ -2518 +2518 @@
 {
     LCharBuffer ascii;
-    if (domain.isAllASCII()) {
+    if (domain.isAllASCII() && !startsWithLettersIgnoringASCIICase(domain, "xn--")) {
         size_t length = domain.length();
         if (domain.is8Bit()) {
@@ -2622 +2622 @@
     RELEASE_ASSERT(portLength <= URL::maxPortLength);
     m_url.m_portLength = portLength;
+    return true;
+}
+
+template<typename CharacterType>
+bool URLParser::startsWithXNDashDash(CodePointIterator<CharacterType> iterator)
+{
+    if (iterator.atEnd() || (*iterator != 'x' && *iterator != 'X'))
+        return false;
+    advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+    if (iterator.atEnd() || (*iterator != 'n' && *iterator != 'N'))
+        return false;
+    advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+    if (iterator.atEnd() || *iterator != '-')
+        return false;
+    advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+    if (iterator.atEnd() || *iterator != '-')
+        return false;
     return true;
 }
@@ -2674 +2691 @@
     }
     
-    if (LIKELY(!m_hostHasPercentOrNonASCII)) {
+    if (LIKELY(!m_hostHasPercentOrNonASCII && !startsWithXNDashDash(iterator))) {
         auto hostIterator = iterator;
         for (; !iterator.atEnd(); ++iterator) {

trunk/Source/WTF/wtf/URLParser.h

@@ -114 +114 @@
     StringView parsedDataView(size_t start, size_t length);
     UChar parsedDataView(size_t position);
+    template<typename CharacterType> bool startsWithXNDashDash(CodePointIterator<CharacterType>);
 
     bool needsNonSpecialDotSlash() const;