Changeset 201740 in webkit


Ignore:
Timestamp:
Jun 6, 2016 10:46:44 PM (8 years ago)
Author:
jiewen_tan@apple.com
Message:

URLs containing tabs or newlines are parsed incorrectly
https://bugs.webkit.org/show_bug.cgi?id=143381
<rdar://problem/26567214>

Reviewed by Brent Fulgham.

Source/WebCore:

  1. Strip any tabs and newlines in the URL input.
  2. Replace the original stripping URL leading and trailing white spaces logic with WTFString's

builtin, and move this logic to the very begining of the URL parser.

  1. Enhance the protocolIs method to ignore any leading whitespace/control characters, and

tabs/newlines of the examining url.

Test: fast/url/tab-and-newline-stripping.html

  • platform/URL.cpp:

(WebCore::isTabNewline):
(WebCore::shouldTrimFromURL):
(WebCore::URL::init):
(WebCore::protocolIs):

LayoutTests:

  • fast/dom/DOMURL/set-href-attribute-host-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-host.html:
  • fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js:
  • fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt:
  • fast/url/segments-expected.txt:
  • fast/url/segments-from-data-url-expected.txt:
  • fast/url/segments-from-data-url.html:
  • fast/url/segments.html:
  • fast/url/tab-and-newline-stripping-expected.txt: Added.
  • fast/url/tab-and-newline-stripping.html: Added.
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt:
  • http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt:
  • http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt:
Location:
trunk
Files:
2 added
25 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r201739 r201740  
     12016-06-06  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        URLs containing tabs or newlines are parsed incorrectly
     4        https://bugs.webkit.org/show_bug.cgi?id=143381
     5        <rdar://problem/26567214>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        * fast/dom/DOMURL/set-href-attribute-host-expected.txt:
     10        * fast/dom/DOMURL/set-href-attribute-host.html:
     11        * fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js:
     12        * fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt:
     13        * fast/url/segments-expected.txt:
     14        * fast/url/segments-from-data-url-expected.txt:
     15        * fast/url/segments-from-data-url.html:
     16        * fast/url/segments.html:
     17        * fast/url/tab-and-newline-stripping-expected.txt: Added.
     18        * fast/url/tab-and-newline-stripping.html: Added.
     19        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt:
     20        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt:
     21        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt:
     22        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt:
     23        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt:
     24        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt:
     25        * http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt:
     26        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt:
     27        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt:
     28        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt:
     29        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt:
     30        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt:
     31        * http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt:
     32        * http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt:
     33
    1342016-06-02  Ryosuke Niwa  <rniwa@webkit.org>
    235
  • trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host-expected.txt

    r197507 r201740  
    2626Set host containing slashes in it
    2727PASS a.href is 'https://www.otherdom/ain.com/path/'
    28 Set host to a malformed URL
    29 PASS a.href = "https:/\rww.my@domain.com:8080/path/" threw exception TypeError: Type error.
    30 PASS a.href is 'https:/\rww.my@domain.com:8080/path/'
    3128Set host that starts with ':'
    3229PASS a.href is 'https://domain.com:8080/path/'
  • trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host.html

    r197507 r201740  
    8484}
    8585
    86 // WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid
    87 // and gets a different result than Firefox or Chrome; we should probably strip it
    88 debug("Set host to a malformed URL");
    89 shouldThrow('a.href = "https:/\\rww.my@domain.com:8080/path/"');
    90 a.host = "www.other!domain.com:15";
    91 shouldBe("a.href", "'https:/\\rww.my@domain.com:8080/path/'");
    92 
    9386// IE8 throws an "Object Error" exception.
    9487// Firefox 3.5.2 accepts this but throws an exception later
  • trunk/LayoutTests/fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js

    r196890 r201740  
    7575}
    7676
    77 // WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid
    78 // and gets a different result than Firefox or Chrome; we should probably strip it
    79 debug("Set host to a malformed URL");
    80 a.href = "https:/\rww.my@domain.com:8080/path/";
    81 a.host = "www.other!domain.com:15";
    82 shouldBe("a.href", "'https:/\\rww.my@domain.com:8080/path/'");
    83 
    8477// IE8 throws an "Object Error" exception.
    8578// Firefox 3.5.2 accepts this but throws an exception later
  • trunk/LayoutTests/fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt

    r196890 r201740  
    2626Set host containing slashes in it
    2727PASS a.href is 'https://www.otherdom/ain.com/path/'
    28 Set host to a malformed URL
    29 PASS a.href is 'https:/\rww.my@domain.com:8080/path/'
    3028Set host that starts with ':'
    3129PASS a.href is 'https://domain.com:8080/path/'
  • trunk/LayoutTests/fast/url/segments-expected.txt

    r96779 r201740  
    1616PASS segments('http://f:b/c') is '[":","","","","",""]'
    1717PASS segments('http://f: /c') is '[":","","","","",""]'
    18 PASS segments('http://f:\n/c') is '[":","","","","",""]'
     18PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]'
    1919PASS segments('http://f:fifty-two/c') is '[":","","","","",""]'
    2020FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""].
  • trunk/LayoutTests/fast/url/segments-from-data-url-expected.txt

    r96779 r201740  
    1616PASS segments('http://f:b/c') is '[":","","","","",""]'
    1717PASS segments('http://f: /c') is '[":","","","","",""]'
    18 PASS segments('http://f:\n/c') is '[":","","","","",""]'
     18PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]'
    1919PASS segments('http://f:fifty-two/c') is '[":","","","","",""]'
    2020FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""].
  • trunk/LayoutTests/fast/url/segments-from-data-url.html

    r155273 r201740  
    2323  ["http://f:b/c",                           [":","","","","",""]],
    2424  ["http://f: /c",                           [":","","","","",""]],
    25   ["http://f:\\n/c",                         [":","","","","",""]],
     25  ["http://f:\\n/c",                         ["http:","f","","/c","",""]],
    2626  ["http://f:fifty-two/c",                   [":","","","","",""]],
    2727  ["http://f:999999/c",                      [":","","0","","",""]],
  • trunk/LayoutTests/fast/url/segments.html

    r155273 r201740  
    2424  ["http://f:b/c",                           [":","","","","",""]],
    2525  ["http://f: /c",                           [":","","","","",""]],
    26   ["http://f:\\n/c",                         [":","","","","",""]],
     26  ["http://f:\\n/c",                         ["http:","f","","/c","",""]],
    2727  ["http://f:fifty-two/c",                   [":","","","","",""]],
    2828  ["http://f:999999/c",                      [":","","0","","",""]],
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-location-htmldom-expected.txt

    r178527 r201740  
     1CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    12CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value-expected.txt

    r178527 r201740  
     1CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    12CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom-expected.txt

    r178527 r201740  
     1CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    12CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    22CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     3CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34
    45
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    22CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     3CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34
    45
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     2CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     2CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value-expected.txt

    r178527 r201740  
     1CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    12CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom-expected.txt

    r178527 r201740  
     1CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    12CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    22CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     3CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
    45
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    22CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     3CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
    45
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     2CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
  • trunk/LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS-expected.txt

    r178527 r201740  
    11CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     2CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    23CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    34This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
  • trunk/LayoutTests/http/tests/security/xssAuditor/javascript-link-control-char2-expected.txt

    r108653 r201740  
     1CONSOLE MESSAGE: line 14: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3D%22%26%23x1javasc%09ript%3Aalert%28/XSS%05/%29%22%3Etest%3C/a%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
    12
  • trunk/Source/WebCore/ChangeLog

    r201739 r201740  
     12016-06-06  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        URLs containing tabs or newlines are parsed incorrectly
     4        https://bugs.webkit.org/show_bug.cgi?id=143381
     5        <rdar://problem/26567214>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        1. Strip any tabs and newlines in the URL input.
     10        2. Replace the original stripping URL leading and trailing white spaces logic with WTFString's
     11        builtin, and move this logic to the very begining of the URL parser.
     12        3. Enhance the protocolIs method to ignore any leading whitespace/control characters, and
     13        tabs/newlines of the examining url.
     14
     15        Test: fast/url/tab-and-newline-stripping.html
     16
     17        * platform/URL.cpp:
     18        (WebCore::isTabNewline):
     19        (WebCore::shouldTrimFromURL):
     20        (WebCore::URL::init):
     21        (WebCore::protocolIs):
     22
    1232016-06-02  Ryosuke Niwa  <rniwa@webkit.org>
    224
  • trunk/Source/WebCore/platform/URL.cpp

    r200056 r201740  
    105105
    106106    // not allowed in path
    107     BadChar = 1 << 6
     107    BadChar = 1 << 6,
     108
     109    // "\t" | "\n" | "\r"
     110    TabNewline = 1 << 7
    108111};
    109112
     
    112115    /* 2 stx */ BadChar,    /* 3 etx */ BadChar,
    113116    /* 4 eot */ BadChar,    /* 5 enq */ BadChar,    /* 6 ack */ BadChar,    /* 7 bel */ BadChar,
    114     /* 8 bs */ BadChar,     /* 9 ht */ BadChar,     /* 10 nl */ BadChar,    /* 11 vt */ BadChar,
    115     /* 12 np */ BadChar,    /* 13 cr */ BadChar,    /* 14 so */ BadChar,    /* 15 si */ BadChar,
     117    /* 8 bs */ BadChar,     /* 9 ht */ BadChar | TabNewline,                /* 10 nl */ BadChar | TabNewline,
     118    /* 11 vt */ BadChar,    /* 12 np */ BadChar,    /* 13 cr */ BadChar | TabNewline,
     119    /* 14 so */ BadChar,    /* 15 si */ BadChar,
    116120    /* 16 dle */ BadChar,   /* 17 dc1 */ BadChar,   /* 18 dc2 */ BadChar,   /* 19 dc3 */ BadChar,
    117121    /* 20 dc4 */ BadChar,   /* 21 nak */ BadChar,   /* 22 syn */ BadChar,   /* 23 etb */ BadChar,
     
    351355static inline bool isPathSegmentEndChar(UChar c) { return c <= 0xff && (characterClassTable[c] & PathSegmentEndChar); }
    352356static inline bool isBadChar(unsigned char c) { return characterClassTable[c] & BadChar; }
     357static inline bool isTabNewline(UChar c) { return c <= 0xff && (characterClassTable[c] & TabNewline); }
    353358
    354359static inline bool isSchemeCharacterMatchIgnoringCase(char character, char schemeCharacter)
     
    456461}
    457462
    458 static bool shouldTrimFromURL(unsigned char c)
     463static bool shouldTrimFromURL(UChar c)
    459464{
    460465    // Browsers ignore leading/trailing whitespace and control
     
    474479    }
    475480
     481    // Get rid of leading and trailing whitespace and control characters.
     482    String rel = relative.stripWhiteSpace(shouldTrimFromURL);
     483
     484    // Get rid of any tabs and newlines.
     485    rel = rel.removeCharacters(isTabNewline);
     486
    476487    // For compatibility with Win IE, treat backslashes as if they were slashes,
    477488    // as long as we're not dealing with javascript: or data: URLs.
    478     String rel = relative;
    479489    if (rel.contains('\\') && !(protocolIsJavaScript(rel) || protocolIs(rel, "data")))
    480490        rel = substituteBackslashes(rel);
     
    500510        len = strlen(str);
    501511    }
    502 
    503     // Get rid of leading whitespace and control characters.
    504     while (len && shouldTrimFromURL(*str)) {
    505         str++;
    506         --len;
    507     }
    508 
    509     // Get rid of trailing whitespace and control characters.
    510     while (len && shouldTrimFromURL(str[len - 1]))
    511         str[--len] = '\0';
    512512
    513513    // According to the RFC, the reference should be interpreted as an
     
    19351935    // Do the comparison without making a new string object.
    19361936    assertProtocolIsGood(protocol);
    1937     for (int i = 0; ; ++i) {
    1938         if (!protocol[i])
     1937    bool isLeading = true;
     1938    for (int i = 0, j = 0; url[i]; ++i) {
     1939        // skip leading whitespace and control characters.
     1940        if (isLeading && shouldTrimFromURL(url[i]))
     1941            continue;
     1942        isLeading = false;
     1943
     1944        // skip any tabs and newlines.
     1945        if (isTabNewline(url[i]))
     1946            continue;
     1947
     1948        if (!protocol[j])
    19391949            return url[i] == ':';
    1940         if (!isLetterMatchIgnoringCase(url[i], protocol[i]))
     1950        if (!isLetterMatchIgnoringCase(url[i], protocol[j]))
    19411951            return false;
    1942     }
     1952
     1953        ++j;
     1954    }
     1955
     1956    return false;
    19431957}
    19441958
Note: See TracChangeset for help on using the changeset viewer.