Changeset 280582 in webkit


Ignore:
Timestamp:
Aug 2, 2021 8:53:25 PM (12 months ago)
Author:
Chris Dumez
Message:

[COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present
https://bugs.webkit.org/show_bug.cgi?id=228719

Reviewed by Geoff Garen.

LayoutTests/imported/w3c:

Rebaseline WPT test that is now failing a bit later.

  • web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt:

Source/WebCore:

Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present, because
parseStructuredFieldValue() doesn't handle parameters whose value is double-quoted:

Test: http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https.html

  • platform/network/HTTPParsers.cpp:

(WebCore::parseStructuredFieldValue):

LayoutTests:

Add layout test coverage.

  • http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https-expected.txt: Added.
  • http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https.html: Added.
Location:
trunk
Files:
3 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r280580 r280582  
     12021-08-02  Chris Dumez  <cdumez@apple.com>
     2
     3        [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present
     4        https://bugs.webkit.org/show_bug.cgi?id=228719
     5
     6        Reviewed by Geoff Garen.
     7
     8        Add layout test coverage.
     9
     10        * http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https-expected.txt: Added.
     11        * http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https.html: Added.
     12
    1132021-08-02  Lauro Moura  <lmoura@igalia.com>
    214
  • trunk/LayoutTests/imported/w3c/ChangeLog

    r280541 r280582  
     12021-08-02  Chris Dumez  <cdumez@apple.com>
     2
     3        [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present
     4        https://bugs.webkit.org/show_bug.cgi?id=228719
     5
     6        Reviewed by Geoff Garen.
     7
     8        Rebaseline WPT test that is now failing a bit later.
     9
     10        * web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt:
     11
    1122021-08-02  Chris Dumez  <cdumez@apple.com>
    213
  • trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-opener-policy/reporting/navigation-reporting/reporting-redirect-with-same-origin-allow-popups.https-expected.txt

    r280044 r280582  
    11
    2 FAIL Same origin openee redirected to same-origin with same-origin-allow-popups assert_equals: opener expected "false" but got "true"
    3 FAIL Cross origin openee redirected to same-origin with same-origin-allow-popups assert_equals: opener expected "false" but got "true"
     2Harness Error (TIMEOUT), message = null
    43
     4TIMEOUT Same origin openee redirected to same-origin with same-origin-allow-popups Test timed out
     5NOTRUN Cross origin openee redirected to same-origin with same-origin-allow-popups
     6
  • trunk/Source/WebCore/ChangeLog

    r280581 r280582  
     12021-08-02  Chris Dumez  <cdumez@apple.com>
     2
     3        [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present
     4        https://bugs.webkit.org/show_bug.cgi?id=228719
     5
     6        Reviewed by Geoff Garen.
     7
     8        Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present, because
     9        parseStructuredFieldValue() doesn't handle parameters whose value is double-quoted:
     10        - https://datatracker.ietf.org/doc/html/rfc8941#section-4.2.3.2
     11        - https://datatracker.ietf.org/doc/html/rfc8941#section-4.2.3.1
     12        - https://datatracker.ietf.org/doc/html/rfc8941#section-4.2.5
     13
     14        Test: http/wpt/cross-origin-opener-policy/header-parsing-with-report-to.https.html
     15
     16        * platform/network/HTTPParsers.cpp:
     17        (WebCore::parseStructuredFieldValue):
     18
    1192021-08-02  Sonia Singla  <soniasingla.1812@gmail.com>
    220
  • trunk/Source/WebCore/platform/network/HTTPParsers.cpp

    r280504 r280582  
    3939#include <wtf/DateMath.h>
    4040#include <wtf/NeverDestroyed.h>
     41#include <wtf/text/StringBuilder.h>
    4142#include <wtf/text/StringToIntegerConversion.h>
    4243#include <wtf/unicode/CharacterNames.h>
     
    619620            ++index;
    620621        }
    621         String key = header.substring(keyStart, index - keyStart).toStringWithoutCopying();
     622        String key = header.substring(keyStart, index - keyStart).toString();
    622623        String value = "true";
    623624        if (index < header.length() && header[index] == '=') {
    624625            ++index; // Consume '='.
    625             if (!isASCIIAlpha(header[index]) && header[index] != '*')
     626            if (isASCIIAlpha(header[index]) || header[index] == '*') {
     627                // https://datatracker.ietf.org/doc/html/rfc8941#section-4.2.6
     628                size_t valueStart = index++;
     629                while (index < header.length()) {
     630                    UChar c = header[index];
     631                    if (!RFC7230::isTokenCharacter(c) && c != ':' && c != '/')
     632                        break;
     633                    ++index;
     634                }
     635                value = header.substring(valueStart, index - valueStart).toString();
     636            } else if (header[index] == '"') {
     637                // https://datatracker.ietf.org/doc/html/rfc8941#section-4.2.5
     638                StringBuilder valueBuilder;
     639                ++index; // Skip DQUOTE.
     640                while (index < header.length()) {
     641                    if (header[index] == '\\') {
     642                        ++index;
     643                        if (index == header.length())
     644                            return std::nullopt;
     645                        if (header[index] != '\\' && header[index] != '"')
     646                            return std::nullopt;
     647                        valueBuilder.append(header[index]);
     648                    } else if (header[index] == '\"') {
     649                        value = valueBuilder.toString();
     650                        break;
     651                    } else if ((header[index] >= 0x00 && header[index] <= 0x1F) || (header[index] >= 0x7F && header[index] <= 0xFF)) // Not in VCHAR or SP.
     652                        return std::nullopt;
     653                    else
     654                        valueBuilder.append(header[index]);
     655                    ++index;
     656                }
     657                if (index == header.length())
     658                    return std::nullopt;
     659                ++index; // Skip DQUOTE.
     660            } else
    626661                return std::nullopt;
    627             size_t valueStart = index++;
    628             while (index < header.length()) {
    629                 UChar c = header[index];
    630                 if (!RFC7230::isTokenCharacter(c) && c != ':' && c != '/')
    631                     break;
    632                 ++index;
    633             }
    634             value = header.substring(valueStart, index - valueStart).toStringWithoutCopying();
    635662        }
    636663        parameters.set(WTFMove(key), WTFMove(value));
Note: See TracChangeset for help on using the changeset viewer.