Changeset 202910 in webkit

Timestamp:

Jul 7, 2016 9:24:14 AM (8 years ago)

Author:

commit-queue@webkit.org

Message:

[Fetch API] Response constructor should throw in case of bad reason phrase
​https://bugs.webkit.org/show_bug.cgi?id=159508

Patch by Youenn Fablet <​youenn@apple.com> on 2016-07-07
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

• web-platform-tests/fetch/api/response/response-error-expected.txt:

Source/WebCore:

Covered by rebased test.

• Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::initializeWith): Validating reason phrase with new routine.
Throwing a TypeError in case of error.

• platform/network/HTTPParsers.cpp:

(WebCore::isValidReasonPhrase): Added to validate reason phrase according
​https://tools.ietf.org/html/rfc7230#section-3.1.2

• platform/network/HTTPParsers.h:

Location:

trunk

Files:

• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/fetch/api/response/response-error-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/fetch/FetchResponse.cpp (modified) (2 diffs)
• Source/WebCore/platform/network/HTTPParsers.cpp (modified) (1 diff)
• Source/WebCore/platform/network/HTTPParsers.h (modified) (1 diff)

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2016-07-07  Youenn Fablet  <youenn@apple.com>
+
+        [Fetch API] Response constructor should throw in case of bad reason phrase
+        https://bugs.webkit.org/show_bug.cgi?id=159508
+
+        Reviewed by Alex Christensen.
+
+        * web-platform-tests/fetch/api/response/response-error-expected.txt:
+
 2016-07-07  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/response/response-error-expected.txt

@@ -5 +5 @@
 PASS Throws RangeError when responseInit's status is 600 
 PASS Throws RangeError when responseInit's status is 1000 
-FAIL Throws TypeError when responseInit's statusText is 
- assert_throws: Expect TypeError exception 
- function "function () { new Response("", { "statusText" : statusTex..." did not throw
-FAIL Throws TypeError when responseInit's statusText is Ā assert_throws: Expect TypeError exception Ā function "function () { new Response("", { "statusText" : statusTex..." did not throw
+PASS Throws TypeError when responseInit's statusText is 
+ 
+PASS Throws TypeError when responseInit's statusText is Ā 
 PASS Throws TypeError when building a response with body and a body status of 204 
 PASS Throws TypeError when building a response with body and a body status of 205 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-07-07  Youenn Fablet  <youenn@apple.com>
+
+        [Fetch API] Response constructor should throw in case of bad reason phrase
+        https://bugs.webkit.org/show_bug.cgi?id=159508
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased test.
+
+        * Modules/fetch/FetchResponse.cpp:
+        (WebCore::FetchResponse::initializeWith): Validating reason phrase with new routine.
+        Throwing a TypeError in case of error.
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isValidReasonPhrase): Added to validate reason phrase according
+        https://tools.ietf.org/html/rfc7230#section-3.1.2
+        * platform/network/HTTPParsers.h:
+
 2016-07-07  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/Modules/fetch/FetchResponse.cpp

@@ -35 +35 @@
 #include "ExceptionCode.h"
 #include "FetchRequest.h"
+#include "HTTPParsers.h"
 #include "JSFetchResponse.h"
 #include "ScriptExecutionContext.h"
@@ -87 +88 @@
     }
 
-    // FIXME: Validate reason phrase (https://tools.ietf.org/html/rfc7230#section-3.1.2).
     String statusText;
-    if (!init.get("statusText", statusText)) {
+    if (!init.get("statusText", statusText) || !isValidReasonPhrase(statusText)) {
         ec = TypeError;
         return;

trunk/Source/WebCore/platform/network/HTTPParsers.cpp

@@ -103 +103 @@
 }
 
+// See RFC 7230, Section 3.1.2.
+bool isValidReasonPhrase(const String& value)
+{
+    for (unsigned i = 0; i < value.length(); ++i) {
+        UChar c = value[i];
+        if (c == 0x7F || c > 0xFF || (c < 0x20 && c != '\t'))
+            return false;
+    }
+    return true;
+}
+
 // See RFC 7230, Section 3.2.3.
 bool isValidHTTPHeaderValue(const String& value)

trunk/Source/WebCore/platform/network/HTTPParsers.h

@@ -70 +70 @@
 
 ContentDispositionType contentDispositionType(const String&);
+bool isValidReasonPhrase(const String&);
 bool isValidHTTPHeaderValue(const String&);
 bool isValidHTTPToken(const String&);
 bool parseHTTPRefresh(const String& refresh, bool fromHttpEquivMeta, double& delay, String& url);
 Optional<std::chrono::system_clock::time_point> parseHTTPDate(const String&);
-String filenameFromHTTPContentDisposition(const String&); 
+String filenameFromHTTPContentDisposition(const String&);
 String extractMIMETypeFromMediaType(const String&);
-String extractCharsetFromMediaType(const String&); 
+String extractCharsetFromMediaType(const String&);
 void findCharsetInMediaType(const String& mediaType, unsigned int& charsetPos, unsigned int& charsetLen, unsigned int start = 0);
 XSSProtectionDisposition parseXSSProtectionHeader(const String& header, String& failureReason, unsigned& failurePosition, String& reportURL);