Changeset 212972 in webkit


Ignore:
Timestamp:
Feb 24, 2017 4:02:24 PM (7 years ago)
Author:
Chris Dumez
Message:

Download attribute should be sanitized before being used as suggested filename
https://bugs.webkit.org/show_bug.cgi?id=168839
<rdar://problem/30683109>

Reviewed by Darin Adler.

Source/WebCore:

Sanitize Download attribute before using it as a suggested filename for the download.
We rely on ResourceResponse's sanitizing of the suggested filename to do so, which has
the benefit of being consistent with downloads without the download attribute.

Tests: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html

fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::handleClick):

  • platform/network/ResourceResponseBase.cpp:

(WebCore::ResourceResponseBase::sanitizeSuggestedFilename):

  • platform/network/ResourceResponseBase.h:

LayoutTests:

Add layout test coverage.

  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html: Added.
  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt: Added.
  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html: Added.
  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt: Added.
  • fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html: Added.
  • platform/ios-simulator-wk1/TestExpectations:
  • platform/ios-simulator-wk2/TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/win/TestExpectations:
Location:
trunk
Files:
6 added
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r212966 r212972  
     12017-02-24  Chris Dumez  <cdumez@apple.com>
     2
     3        Download attribute should be sanitized before being used as suggested filename
     4        https://bugs.webkit.org/show_bug.cgi?id=168839
     5        <rdar://problem/30683109>
     6
     7        Reviewed by Darin Adler.
     8
     9        Add layout test coverage.
     10
     11        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
     12        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html: Added.
     13        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt: Added.
     14        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html: Added.
     15        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt: Added.
     16        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html: Added.
     17        * platform/ios-simulator-wk1/TestExpectations:
     18        * platform/ios-simulator-wk2/TestExpectations:
     19        * platform/mac-wk1/TestExpectations:
     20        * platform/win/TestExpectations:
     21
    1222017-02-24  Antti Koivisto  <antti@apple.com>
    223
  • trunk/LayoutTests/platform/ios-simulator-wk1/TestExpectations

    r212235 r212972  
    13281328webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
    13291329webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
     1330webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
     1331webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
     1332webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
    13301333webkit.org/b/156069 http/tests/download/area-download.html [ Skip ]
    13311334webkit.org/b/156069 http/tests/security/anchor-download-allow-blob.html [ Skip ]
  • trunk/LayoutTests/platform/ios-simulator-wk2/TestExpectations

    r212812 r212972  
    18161816webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html [ Skip ]
    18171817webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
     1818webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
     1819webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
     1820webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
    18181821webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html [ Skip ]
    18191822webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-nodownload-set.html [ Skip ]
  • trunk/LayoutTests/platform/mac-wk1/TestExpectations

    r212812 r212972  
    215215webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
    216216webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
     217webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
     218webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
     219webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
    217220webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html [ Skip ]
    218221webkit.org/b/156069 http/tests/download/anchor-download-no-extension.html [ Skip ]
  • trunk/LayoutTests/platform/win/TestExpectations

    r212944 r212972  
    446446fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
    447447fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
     448fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
     449fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
     450fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
    448451fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html [ Skip ]
    449452http/tests/download/anchor-download-no-extension.html [ Skip ]
  • trunk/Source/WebCore/ChangeLog

    r212968 r212972  
     12017-02-24  Chris Dumez  <cdumez@apple.com>
     2
     3        Download attribute should be sanitized before being used as suggested filename
     4        https://bugs.webkit.org/show_bug.cgi?id=168839
     5        <rdar://problem/30683109>
     6
     7        Reviewed by Darin Adler.
     8
     9        Sanitize Download attribute before using it as a suggested filename for the download.
     10        We rely on ResourceResponse's sanitizing of the suggested filename to do so, which has
     11        the benefit of being consistent with downloads without the download attribute.
     12
     13        Tests: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html
     14               fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
     15               fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html
     16
     17        * html/HTMLAnchorElement.cpp:
     18        (WebCore::HTMLAnchorElement::handleClick):
     19        * platform/network/ResourceResponseBase.cpp:
     20        (WebCore::ResourceResponseBase::sanitizeSuggestedFilename):
     21        * platform/network/ResourceResponseBase.h:
     22
    1232017-02-24  Miguel Gomez  <magomez@igalia.com>
    224
  • trunk/Source/WebCore/html/HTMLAnchorElement.cpp

    r211964 r212972  
    376376    URL completedURL = document().completeURL(url.toString());
    377377
    378     auto downloadAttribute = nullAtom;
     378    String downloadAttribute;
    379379#if ENABLE(DOWNLOAD_ATTRIBUTE)
    380380    if (RuntimeEnabledFeatures::sharedFeatures().downloadAttributeEnabled()) {
     
    382382        bool isSameOrigin = completedURL.protocolIsData() || document().securityOrigin().canRequest(completedURL);
    383383        if (isSameOrigin)
    384             downloadAttribute = attributeWithoutSynchronization(downloadAttr);
     384            downloadAttribute = ResourceResponse::sanitizeSuggestedFilename(attributeWithoutSynchronization(downloadAttr));
    385385        else if (hasAttributeWithoutSynchronization(downloadAttr))
    386386            document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "The download attribute on anchor was ignored because its href URL has a different security origin.");
  • trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp

    r212944 r212972  
    225225}
    226226
     227String ResourceResponseBase::sanitizeSuggestedFilename(const String& suggestedFilename)
     228{
     229    if (suggestedFilename.isEmpty())
     230        return suggestedFilename;
     231
     232    ResourceResponse response(URL(ParsedURLString, "http://example.com"), String(), -1, String());
     233    response.setHTTPStatusCode(200);
     234    String escapedSuggestedFilename = String(suggestedFilename).replace('\"', "\\\"");
     235    String value = makeString("attachment; filename=\"", escapedSuggestedFilename, '"');
     236    response.setHTTPHeaderField(HTTPHeaderName::ContentDisposition, value);
     237    return response.suggestedFilename();
     238}
     239
    227240bool ResourceResponseBase::isSuccessful() const
    228241{
  • trunk/Source/WebCore/platform/network/ResourceResponseBase.h

    r212944 r212972  
    115115    WEBCORE_EXPORT bool isAttachment() const;
    116116    WEBCORE_EXPORT String suggestedFilename() const;
     117    WEBCORE_EXPORT static String sanitizeSuggestedFilename(const String&);
    117118
    118119    WEBCORE_EXPORT void includeCertificateInfo() const;
Note: See TracChangeset for help on using the changeset viewer.