Changeset 201740 in webkit
- Timestamp:
- Jun 6, 2016 10:46:44 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 25 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r201739 r201740 1 2016-06-06 Jiewen Tan <jiewen_tan@apple.com> 2 3 URLs containing tabs or newlines are parsed incorrectly 4 https://bugs.webkit.org/show_bug.cgi?id=143381 5 <rdar://problem/26567214> 6 7 Reviewed by Brent Fulgham. 8 9 * fast/dom/DOMURL/set-href-attribute-host-expected.txt: 10 * fast/dom/DOMURL/set-href-attribute-host.html: 11 * fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js: 12 * fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt: 13 * fast/url/segments-expected.txt: 14 * fast/url/segments-from-data-url-expected.txt: 15 * fast/url/segments-from-data-url.html: 16 * fast/url/segments.html: 17 * fast/url/tab-and-newline-stripping-expected.txt: Added. 18 * fast/url/tab-and-newline-stripping.html: Added. 19 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt: 20 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt: 21 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt: 22 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt: 23 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt: 24 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt: 25 * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt: 26 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt: 27 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt: 28 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt: 29 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt: 30 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt: 31 * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt: 32 * http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt: 33 1 34 2016-06-02 Ryosuke Niwa <rniwa@webkit.org> 2 35 -
trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host-expected.txt
r197507 r201740 26 26 Set host containing slashes in it 27 27 PASS a.href is 'https://www.otherdom/ain.com/path/' 28 Set host to a malformed URL29 PASS a.href = "https:/\rww.my@domain.com:8080/path/" threw exception TypeError: Type error.30 PASS a.href is 'https:/\rww.my@domain.com:8080/path/'31 28 Set host that starts with ':' 32 29 PASS a.href is 'https://domain.com:8080/path/' -
trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host.html
r197507 r201740 84 84 } 85 85 86 // WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid87 // and gets a different result than Firefox or Chrome; we should probably strip it88 debug("Set host to a malformed URL");89 shouldThrow('a.href = "https:/\\rww.my@domain.com:8080/path/"');90 a.host = "www.other!domain.com:15";91 shouldBe("a.href", "'https:/\\rww.my@domain.com:8080/path/'");92 93 86 // IE8 throws an "Object Error" exception. 94 87 // Firefox 3.5.2 accepts this but throws an exception later -
trunk/LayoutTests/fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js
r196890 r201740 75 75 } 76 76 77 // WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid78 // and gets a different result than Firefox or Chrome; we should probably strip it79 debug("Set host to a malformed URL");80 a.href = "https:/\rww.my@domain.com:8080/path/";81 a.host = "www.other!domain.com:15";82 shouldBe("a.href", "'https:/\\rww.my@domain.com:8080/path/'");83 84 77 // IE8 throws an "Object Error" exception. 85 78 // Firefox 3.5.2 accepts this but throws an exception later -
trunk/LayoutTests/fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt
r196890 r201740 26 26 Set host containing slashes in it 27 27 PASS a.href is 'https://www.otherdom/ain.com/path/' 28 Set host to a malformed URL29 PASS a.href is 'https:/\rww.my@domain.com:8080/path/'30 28 Set host that starts with ':' 31 29 PASS a.href is 'https://domain.com:8080/path/' -
trunk/LayoutTests/fast/url/segments-expected.txt
r96779 r201740 16 16 PASS segments('http://f:b/c') is '[":","","","","",""]' 17 17 PASS segments('http://f: /c') is '[":","","","","",""]' 18 PASS segments('http://f:\n/c') is '[" :","","","","",""]'18 PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]' 19 19 PASS segments('http://f:fifty-two/c') is '[":","","","","",""]' 20 20 FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""]. -
trunk/LayoutTests/fast/url/segments-from-data-url-expected.txt
r96779 r201740 16 16 PASS segments('http://f:b/c') is '[":","","","","",""]' 17 17 PASS segments('http://f: /c') is '[":","","","","",""]' 18 PASS segments('http://f:\n/c') is '[" :","","","","",""]'18 PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]' 19 19 PASS segments('http://f:fifty-two/c') is '[":","","","","",""]' 20 20 FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""]. -
trunk/LayoutTests/fast/url/segments-from-data-url.html
r155273 r201740 23 23 ["http://f:b/c", [":","","","","",""]], 24 24 ["http://f: /c", [":","","","","",""]], 25 ["http://f:\\n/c", [" :","","","","",""]],25 ["http://f:\\n/c", ["http:","f","","/c","",""]], 26 26 ["http://f:fifty-two/c", [":","","","","",""]], 27 27 ["http://f:999999/c", [":","","0","","",""]], -
trunk/LayoutTests/fast/url/segments.html
r155273 r201740 24 24 ["http://f:b/c", [":","","","","",""]], 25 25 ["http://f: /c", [":","","","","",""]], 26 ["http://f:\\n/c", [" :","","","","",""]],26 ["http://f:\\n/c", ["http:","f","","/c","",""]], 27 27 ["http://f:fifty-two/c", [":","","","","",""]], 28 28 ["http://f:999999/c", [":","","0","","",""]], -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt
r178527 r201740 1 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 2 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt
r178527 r201740 1 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 2 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt
r178527 r201740 1 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 2 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 2 CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 4 5 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 2 CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 4 5 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt
r178527 r201740 1 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 2 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt
r178527 r201740 1 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 2 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 2 CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe. 4 5 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 2 CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe. 4 5 -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe. -
trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt
r178527 r201740 1 1 CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 3 CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 4 This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe. -
trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt
r108653 r201740 1 CONSOLE MESSAGE: line 14: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3D%22%26%23x1javasc%09ript%3Aalert%28/XSS%05/%29%22%3Etest%3C/a%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header. 1 2 -
trunk/Source/WebCore/ChangeLog
r201739 r201740 1 2016-06-06 Jiewen Tan <jiewen_tan@apple.com> 2 3 URLs containing tabs or newlines are parsed incorrectly 4 https://bugs.webkit.org/show_bug.cgi?id=143381 5 <rdar://problem/26567214> 6 7 Reviewed by Brent Fulgham. 8 9 1. Strip any tabs and newlines in the URL input. 10 2. Replace the original stripping URL leading and trailing white spaces logic with WTFString's 11 builtin, and move this logic to the very begining of the URL parser. 12 3. Enhance the protocolIs method to ignore any leading whitespace/control characters, and 13 tabs/newlines of the examining url. 14 15 Test: fast/url/tab-and-newline-stripping.html 16 17 * platform/URL.cpp: 18 (WebCore::isTabNewline): 19 (WebCore::shouldTrimFromURL): 20 (WebCore::URL::init): 21 (WebCore::protocolIs): 22 1 23 2016-06-02 Ryosuke Niwa <rniwa@webkit.org> 2 24 -
trunk/Source/WebCore/platform/URL.cpp
r200056 r201740 105 105 106 106 // not allowed in path 107 BadChar = 1 << 6 107 BadChar = 1 << 6, 108 109 // "\t" | "\n" | "\r" 110 TabNewline = 1 << 7 108 111 }; 109 112 … … 112 115 /* 2 stx */ BadChar, /* 3 etx */ BadChar, 113 116 /* 4 eot */ BadChar, /* 5 enq */ BadChar, /* 6 ack */ BadChar, /* 7 bel */ BadChar, 114 /* 8 bs */ BadChar, /* 9 ht */ BadChar, /* 10 nl */ BadChar, /* 11 vt */ BadChar, 115 /* 12 np */ BadChar, /* 13 cr */ BadChar, /* 14 so */ BadChar, /* 15 si */ BadChar, 117 /* 8 bs */ BadChar, /* 9 ht */ BadChar | TabNewline, /* 10 nl */ BadChar | TabNewline, 118 /* 11 vt */ BadChar, /* 12 np */ BadChar, /* 13 cr */ BadChar | TabNewline, 119 /* 14 so */ BadChar, /* 15 si */ BadChar, 116 120 /* 16 dle */ BadChar, /* 17 dc1 */ BadChar, /* 18 dc2 */ BadChar, /* 19 dc3 */ BadChar, 117 121 /* 20 dc4 */ BadChar, /* 21 nak */ BadChar, /* 22 syn */ BadChar, /* 23 etb */ BadChar, … … 351 355 static inline bool isPathSegmentEndChar(UChar c) { return c <= 0xff && (characterClassTable[c] & PathSegmentEndChar); } 352 356 static inline bool isBadChar(unsigned char c) { return characterClassTable[c] & BadChar; } 357 static inline bool isTabNewline(UChar c) { return c <= 0xff && (characterClassTable[c] & TabNewline); } 353 358 354 359 static inline bool isSchemeCharacterMatchIgnoringCase(char character, char schemeCharacter) … … 456 461 } 457 462 458 static bool shouldTrimFromURL( unsigned char c)463 static bool shouldTrimFromURL(UChar c) 459 464 { 460 465 // Browsers ignore leading/trailing whitespace and control … … 474 479 } 475 480 481 // Get rid of leading and trailing whitespace and control characters. 482 String rel = relative.stripWhiteSpace(shouldTrimFromURL); 483 484 // Get rid of any tabs and newlines. 485 rel = rel.removeCharacters(isTabNewline); 486 476 487 // For compatibility with Win IE, treat backslashes as if they were slashes, 477 488 // as long as we're not dealing with javascript: or data: URLs. 478 String rel = relative;479 489 if (rel.contains('\\') && !(protocolIsJavaScript(rel) || protocolIs(rel, "data"))) 480 490 rel = substituteBackslashes(rel); … … 500 510 len = strlen(str); 501 511 } 502 503 // Get rid of leading whitespace and control characters.504 while (len && shouldTrimFromURL(*str)) {505 str++;506 --len;507 }508 509 // Get rid of trailing whitespace and control characters.510 while (len && shouldTrimFromURL(str[len - 1]))511 str[--len] = '\0';512 512 513 513 // According to the RFC, the reference should be interpreted as an … … 1935 1935 // Do the comparison without making a new string object. 1936 1936 assertProtocolIsGood(protocol); 1937 for (int i = 0; ; ++i) { 1938 if (!protocol[i]) 1937 bool isLeading = true; 1938 for (int i = 0, j = 0; url[i]; ++i) { 1939 // skip leading whitespace and control characters. 1940 if (isLeading && shouldTrimFromURL(url[i])) 1941 continue; 1942 isLeading = false; 1943 1944 // skip any tabs and newlines. 1945 if (isTabNewline(url[i])) 1946 continue; 1947 1948 if (!protocol[j]) 1939 1949 return url[i] == ':'; 1940 if (!isLetterMatchIgnoringCase(url[i], protocol[ i]))1950 if (!isLetterMatchIgnoringCase(url[i], protocol[j])) 1941 1951 return false; 1942 } 1952 1953 ++j; 1954 } 1955 1956 return false; 1943 1957 } 1944 1958
Note: See TracChangeset
for help on using the changeset viewer.