Diff
Modified: trunk/LayoutTests/ChangeLog (201739 => 201740)
--- trunk/LayoutTests/ChangeLog 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/ChangeLog 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,3 +1,36 @@
+2016-06-06 Jiewen Tan <[email protected]>
+
+ URLs containing tabs or newlines are parsed incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=143381
+ <rdar://problem/26567214>
+
+ Reviewed by Brent Fulgham.
+
+ * fast/dom/DOMURL/set-href-attribute-host-expected.txt:
+ * fast/dom/DOMURL/set-href-attribute-host.html:
+ * fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js:
+ * fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt:
+ * fast/url/segments-expected.txt:
+ * fast/url/segments-from-data-url-expected.txt:
+ * fast/url/segments-from-data-url.html:
+ * fast/url/segments.html:
+ * fast/url/tab-and-newline-stripping-expected.txt: Added.
+ * fast/url/tab-and-newline-stripping.html: Added.
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-location-htmldom-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-getAttribute-value-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-htmldom-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttribute-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNS-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNode-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNodeNS-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-getAttribute-value-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-htmldom-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttribute-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNS-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNode-expected.txt:
+ * http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNodeNS-expected.txt:
+ * http/tests/security/xssAuditor/_javascript_-link-control-char2-expected.txt:
+
2016-06-02 Ryosuke Niwa <[email protected]>
Update the list of elements attachShadow is allowed
Modified: trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host-expected.txt (201739 => 201740)
--- trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -25,9 +25,6 @@
PASS a.href is 'file://mydomain.com/path/'
Set host containing slashes in it
PASS a.href is 'https://www.otherdom/ain.com/path/'
-Set host to a malformed URL
-PASS a.href = "" threw exception TypeError: Type error.
-PASS a.href is 'https:/\[email protected]:8080/path/'
Set host that starts with ':'
PASS a.href is 'https://domain.com:8080/path/'
Set host to URL containing username and ..
Modified: trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host.html (201739 => 201740)
--- trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host.html 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/dom/DOMURL/set-href-attribute-host.html 2016-06-07 05:46:44 UTC (rev 201740)
@@ -83,13 +83,6 @@
debug("Exception: " + e.description);
}
-// WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid
-// and gets a different result than Firefox or Chrome; we should probably strip it
-debug("Set host to a malformed URL");
-shouldThrow('a.href = ""
-a.host = "www.other!domain.com:15";
-shouldBe("a.href", "'https:/\\[email protected]:8080/path/'");
-
// IE8 throws an "Object Error" exception.
// Firefox 3.5.2 accepts this but throws an exception later
// WebKit should just reject
Modified: trunk/LayoutTests/fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js (201739 => 201740)
--- trunk/LayoutTests/fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js 2016-06-07 05:46:44 UTC (rev 201740)
@@ -74,13 +74,6 @@
debug("Exception: " + e.description);
}
-// WebKit fails to strip the \r in the authority, and therefore treats the URL as invalid
-// and gets a different result than Firefox or Chrome; we should probably strip it
-debug("Set host to a malformed URL");
-a.href = ""
-a.host = "www.other!domain.com:15";
-shouldBe("a.href", "'https:/\\[email protected]:8080/path/'");
-
// IE8 throws an "Object Error" exception.
// Firefox 3.5.2 accepts this but throws an exception later
// WebKit should just reject
Modified: trunk/LayoutTests/fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt (201739 => 201740)
--- trunk/LayoutTests/fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -25,8 +25,6 @@
PASS a.href is 'file://mydomain.com/path/'
Set host containing slashes in it
PASS a.href is 'https://www.otherdom/ain.com/path/'
-Set host to a malformed URL
-PASS a.href is 'https:/\[email protected]:8080/path/'
Set host that starts with ':'
PASS a.href is 'https://domain.com:8080/path/'
Set host to URL containing username and ..
Modified: trunk/LayoutTests/fast/url/segments-expected.txt (201739 => 201740)
--- trunk/LayoutTests/fast/url/segments-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/url/segments-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -15,7 +15,7 @@
FAIL segments('http://f:00000000000000000000080/c') should be ["http:","f","0","/c","",""]. Was ["http:","f","80","/c","",""].
PASS segments('http://f:b/c') is '[":","","","","",""]'
PASS segments('http://f: /c') is '[":","","","","",""]'
-PASS segments('http://f:\n/c') is '[":","","","","",""]'
+PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]'
PASS segments('http://f:fifty-two/c') is '[":","","","","",""]'
FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""].
PASS segments('http://f: 21 / b ? d # e ') is '[":","","","","",""]'
Modified: trunk/LayoutTests/fast/url/segments-from-data-url-expected.txt (201739 => 201740)
--- trunk/LayoutTests/fast/url/segments-from-data-url-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/url/segments-from-data-url-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -15,7 +15,7 @@
FAIL segments('http://f:00000000000000000000080/c') should be ["http:","f","0","/c","",""]. Was ["http:","f","80","/c","",""].
PASS segments('http://f:b/c') is '[":","","","","",""]'
PASS segments('http://f: /c') is '[":","","","","",""]'
-PASS segments('http://f:\n/c') is '[":","","","","",""]'
+PASS segments('http://f:\n/c') is '["http:","f","","/c","",""]'
PASS segments('http://f:fifty-two/c') is '[":","","","","",""]'
FAIL segments('http://f:999999/c') should be [":","","0","","",""]. Was ["http:","f","65535","/c","",""].
PASS segments('http://f: 21 / b ? d # e ') is '[":","","","","",""]'
Modified: trunk/LayoutTests/fast/url/segments-from-data-url.html (201739 => 201740)
--- trunk/LayoutTests/fast/url/segments-from-data-url.html 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/url/segments-from-data-url.html 2016-06-07 05:46:44 UTC (rev 201740)
@@ -22,7 +22,7 @@
["http://f:00000000000000000000080/c", ["http:","f","0","/c","",""]],
["http://f:b/c", [":","","","","",""]],
["http://f: /c", [":","","","","",""]],
- ["http://f:\\n/c", [":","","","","",""]],
+ ["http://f:\\n/c", ["http:","f","","/c","",""]],
["http://f:fifty-two/c", [":","","","","",""]],
["http://f:999999/c", [":","","0","","",""]],
["http://f: 21 / b ? d # e ", [":","","","","",""]],
Modified: trunk/LayoutTests/fast/url/segments.html (201739 => 201740)
--- trunk/LayoutTests/fast/url/segments.html 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/fast/url/segments.html 2016-06-07 05:46:44 UTC (rev 201740)
@@ -23,7 +23,7 @@
["http://f:00000000000000000000080/c", ["http:","f","0","/c","",""]],
["http://f:b/c", [":","","","","",""]],
["http://f: /c", [":","","","","",""]],
- ["http://f:\\n/c", [":","","","","",""]],
+ ["http://f:\\n/c", ["http:","f","","/c","",""]],
["http://f:fifty-two/c", [":","","","","",""]],
["http://f:999999/c", [":","","0","","",""]],
["http://f: 21 / b ? d # e ", [":","","","","",""]],
Added: trunk/LayoutTests/fast/url/tab-and-newline-stripping-expected.txt (0 => 201740)
--- trunk/LayoutTests/fast/url/tab-and-newline-stripping-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/url/tab-and-newline-stripping-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -0,0 +1,32 @@
+Strip tabs and newlines according to URL spec: https://url.spec.whatwg.org/#concept-basic-url-parser
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS canonicalize('scheme://username:[email protected]:5000/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('\tsch\neme\r://username:[email protected]:5000/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme:\t/\n/username:[email protected]:5000/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://\tuser\rname\n:\rpassw\nord\[email protected]:5000/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://username:password@\tho\nst\r.\tna\nme\r:5000/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://username:[email protected]:\t5\n000\r/path?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://username:[email protected]:5000/\tpa\nth\r?query#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://username:[email protected]:5000/path?\tqu\nery\r#fragment') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('scheme://username:[email protected]:5000/path?query#\tfr\nagment\r') is 'scheme://username:[email protected]:5000/path?query#fragment'
+PASS canonicalize('\tht\ntp\r://www.example.com/') is 'http://www.example.com/'
+PASS canonicalize('\tht\ntps\r://www.example.com/') is 'https://www.example.com/'
+PASS canonicalize('\tfi\nle\r:///var/tmp') is 'file:///var/tmp'
+PASS canonicalize('file://\n/v\tar\r/\ttm\np\r') is 'file:///var/tmp'
+PASS canonicalize('http://\n12\r7\t.0.0.1\t/') is 'http://127.0.0.1/'
+PASS canonicalize('http://\n[\r200\t1\r:\t5:\n:042:44::0370:7334\r]\t/') is 'http://[2001:5::042:44::0370:7334]/'
+PASS canonicalize('http://\tlo\ncalhost\r') is 'http://localhost/'
+PASS canonicalize('\t/\n/\rsch\teme\n/relative\r') is 'file://scheme/relative'
+PASS canonicalize('\t/\npa\rth\t/\nabsolute\r') is 'file:///path/absolute'
+PASS canonicalize('\td\nata\r:image/png;base64,invalidData') is 'data:image/png;base64,invalidData'
+PASS canonicalize('data:\tim\rage/png\n;\tbas\ne64\r,\tinv\nalidData\r') is 'data:image/png;base64,invalidData'
+PASS canonicalize('\tjav\nascript\r:alert(1);') is '_javascript_:alert(1);'
+PASS canonicalize('_javascript_:\tal\rert\n(\n1)\t;\r') is '_javascript_:alert(1);'
+PASS canonicalize(relativePathSchemeLessURL) is expectedRelativePathSchemeLessURL
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/url/tab-and-newline-stripping.html (0 => 201740)
--- trunk/LayoutTests/fast/url/tab-and-newline-stripping.html (rev 0)
+++ trunk/LayoutTests/fast/url/tab-and-newline-stripping.html 2016-06-07 05:46:44 UTC (rev 201740)
@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<script>
+description("Strip tabs and newlines according to URL spec: https://url.spec.whatwg.org/#concept-basic-url-parser");
+
+var expectedGeneralizedResult = "scheme://username:[email protected]:5000/path?query#fragment";
+generalizedCases = [
+ //normal case
+ ["scheme://username:[email protected]:5000/path?query#fragment"],
+ //add tabs and newlines at scheme
+ ["\\tsch\\neme\\r://username:[email protected]:5000/path?query#fragment"],
+ //add tabs and newlines after scheme
+ ["scheme:\\t/\\n/username:[email protected]:5000/path?query#fragment"],
+ //add tabs and newlines at credential
+ ["scheme://\\tuser\\rname\\n:\\rpassw\\nord\\[email protected]:5000/path?query#fragment"],
+ //add tabs and newlines at host
+ ["scheme://username:password@\\tho\\nst\\r.\\tna\\nme\\r:5000/path?query#fragment"],
+ //add tabs and newlines at port
+ ["scheme://username:[email protected]:\\t5\\n000\\r/path?query#fragment"],
+ //add tabs and newlines at path
+ ["scheme://username:[email protected]:5000/\\tpa\\nth\\r?query#fragment"],
+ //add tabs and newlines at query
+ ["scheme://username:[email protected]:5000/path?\\tqu\\nery\\r#fragment"],
+ //add tabs and newlines at fragment
+ ["scheme://username:[email protected]:5000/path?query#\\tfr\\nagment\\r"],
+];
+
+for (var i = 0; i < generalizedCases.length; ++i)
+ shouldBe("canonicalize('" + generalizedCases[i] + "')",
+ "'" + expectedGeneralizedResult + "'");
+
+specialCases = [
+ //http & https
+ ["\\tht\\ntp\\r://www.example.com/", "http://www.example.com/"],
+ ["\\tht\\ntps\\r://www.example.com/", "https://www.example.com/"],
+ //file URL
+ ["\\tfi\\nle\\r:///var/tmp", "file:///var/tmp"],
+ ["file://\\n/v\\tar\\r/\\ttm\\np\\r", "file:///var/tmp"],
+ //ipv4, ipv6
+ ["http://\\n12\\r7\\t.0.0.1\\t/", "http://127.0.0.1/"],
+ ["http://\\n[\\r200\\t1\\r:\\t5:\\n:042:44::0370:7334\\r]\\t/", "http://[2001:5::042:44::0370:7334]/"],
+ //localhost
+ ["http://\\tlo\\ncalhost\\r", "http://localhost/"],
+ //relative path
+ ["\\t/\\n/\\rsch\\teme\\n/relative\\r", "file://scheme/relative"],
+ ["\\t/\\npa\\rth\\t/\\nabsolute\\r", "file:///path/absolute"],
+ //data URL
+ ["\\td\\nata\\r:image/png;base64,invalidData", "data:image/png;base64,invalidData"],
+ ["data:\\tim\\rage/png\\n;\\tbas\\ne64\\r,\\tinv\\nalidData\\r", "data:image/png;base64,invalidData"],
+ //_javascript_ URL
+ ["\\tjav\\nascript\\r:alert(1);", "_javascript_:alert(1);"],
+ ["_javascript_:\\tal\\rert\\n(\\n1)\\t;\\r", "_javascript_:alert(1);"],
+];
+
+for (var i = 0; i < specialCases.length; ++i)
+ shouldBe("canonicalize('" + specialCases[i][0] + "')",
+ "'" + specialCases[i][1] + "'");
+
+// relative path scheme less URL
+var URLParts = window.location.href.split( '/' );
+var path = URLParts[0];
+var len = URLParts.length - 1;
+for (i = 1; i < len; i++)
+ path += "/" + URLParts[i];
+
+var relativePathSchemeLessURL = "\tpa\nth\r/\trelative/\nscheme/less\r";
+var expectedRelativePathSchemeLessURL = path + "/path/relative/scheme/less";
+shouldBe("canonicalize(relativePathSchemeLessURL)", "expectedRelativePathSchemeLessURL");
+</script>
+<script src=""
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-location-htmldom-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-location-htmldom-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-location-htmldom-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-getAttribute-value-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-getAttribute-value-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-getAttribute-value-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-htmldom-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-htmldom-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-htmldom-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttribute-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttribute-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttribute-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNS-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNS-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNS-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 32: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 33: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 35: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNode-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNode-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNode-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNodeNS-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNodeNS-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-frame-src-setAttributeNodeNS-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 34: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 25: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-getAttribute-value-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-getAttribute-value-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-getAttribute-value-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-htmldom-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-htmldom-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-htmldom-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttribute-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttribute-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttribute-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNS-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNS-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNS-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 38: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNode-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNode-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNode-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNodeNS-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNodeNS-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/_javascript_URL/_javascript_URL-execution-context-iframe-src-setAttributeNodeNS-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 30: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This test passes as long as the word 'FAIL' and an accompanying message do not appear in the subframe.
Modified: trunk/LayoutTests/http/tests/security/xssAuditor/_javascript_-link-control-char2-expected.txt (201739 => 201740)
--- trunk/LayoutTests/http/tests/security/xssAuditor/_javascript_-link-control-char2-expected.txt 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/_javascript_-link-control-char2-expected.txt 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1 +1,2 @@
+CONSOLE MESSAGE: line 14: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag-click-and-notify.pl?elmid=anchorLink&q=%3Ca+id%3DanchorLink+href%3D%22%26%23x1javasc%09ript%3Aalert%28/XSS%05/%29%22%3Etest%3C/a%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
Modified: trunk/Source/WebCore/ChangeLog (201739 => 201740)
--- trunk/Source/WebCore/ChangeLog 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/Source/WebCore/ChangeLog 2016-06-07 05:46:44 UTC (rev 201740)
@@ -1,3 +1,25 @@
+2016-06-06 Jiewen Tan <[email protected]>
+
+ URLs containing tabs or newlines are parsed incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=143381
+ <rdar://problem/26567214>
+
+ Reviewed by Brent Fulgham.
+
+ 1. Strip any tabs and newlines in the URL input.
+ 2. Replace the original stripping URL leading and trailing white spaces logic with WTFString's
+ builtin, and move this logic to the very begining of the URL parser.
+ 3. Enhance the protocolIs method to ignore any leading whitespace/control characters, and
+ tabs/newlines of the examining url.
+
+ Test: fast/url/tab-and-newline-stripping.html
+
+ * platform/URL.cpp:
+ (WebCore::isTabNewline):
+ (WebCore::shouldTrimFromURL):
+ (WebCore::URL::init):
+ (WebCore::protocolIs):
+
2016-06-02 Ryosuke Niwa <[email protected]>
Update the list of elements attachShadow is allowed
Modified: trunk/Source/WebCore/platform/URL.cpp (201739 => 201740)
--- trunk/Source/WebCore/platform/URL.cpp 2016-06-07 04:02:11 UTC (rev 201739)
+++ trunk/Source/WebCore/platform/URL.cpp 2016-06-07 05:46:44 UTC (rev 201740)
@@ -104,15 +104,19 @@
PathSegmentEndChar = 1 << 5,
// not allowed in path
- BadChar = 1 << 6
+ BadChar = 1 << 6,
+
+ // "\t" | "\n" | "\r"
+ TabNewline = 1 << 7
};
static const unsigned char characterClassTable[256] = {
/* 0 nul */ PathSegmentEndChar, /* 1 soh */ BadChar,
/* 2 stx */ BadChar, /* 3 etx */ BadChar,
/* 4 eot */ BadChar, /* 5 enq */ BadChar, /* 6 ack */ BadChar, /* 7 bel */ BadChar,
- /* 8 bs */ BadChar, /* 9 ht */ BadChar, /* 10 nl */ BadChar, /* 11 vt */ BadChar,
- /* 12 np */ BadChar, /* 13 cr */ BadChar, /* 14 so */ BadChar, /* 15 si */ BadChar,
+ /* 8 bs */ BadChar, /* 9 ht */ BadChar | TabNewline, /* 10 nl */ BadChar | TabNewline,
+ /* 11 vt */ BadChar, /* 12 np */ BadChar, /* 13 cr */ BadChar | TabNewline,
+ /* 14 so */ BadChar, /* 15 si */ BadChar,
/* 16 dle */ BadChar, /* 17 dc1 */ BadChar, /* 18 dc2 */ BadChar, /* 19 dc3 */ BadChar,
/* 20 dc4 */ BadChar, /* 21 nak */ BadChar, /* 22 syn */ BadChar, /* 23 etb */ BadChar,
/* 24 can */ BadChar, /* 25 em */ BadChar, /* 26 sub */ BadChar, /* 27 esc */ BadChar,
@@ -350,6 +354,7 @@
static inline bool isPathSegmentEndChar(char c) { return characterClassTable[static_cast<unsigned char>(c)] & PathSegmentEndChar; }
static inline bool isPathSegmentEndChar(UChar c) { return c <= 0xff && (characterClassTable[c] & PathSegmentEndChar); }
static inline bool isBadChar(unsigned char c) { return characterClassTable[c] & BadChar; }
+static inline bool isTabNewline(UChar c) { return c <= 0xff && (characterClassTable[c] & TabNewline); }
static inline bool isSchemeCharacterMatchIgnoringCase(char character, char schemeCharacter)
{
@@ -455,7 +460,7 @@
init(base, relative, encoding.encodingForFormSubmission());
}
-static bool shouldTrimFromURL(unsigned char c)
+static bool shouldTrimFromURL(UChar c)
{
// Browsers ignore leading/trailing whitespace and control
// characters from URLs. Note that c is an *unsigned* char here
@@ -473,9 +478,14 @@
return;
}
+ // Get rid of leading and trailing whitespace and control characters.
+ String rel = relative.stripWhiteSpace(shouldTrimFromURL);
+
+ // Get rid of any tabs and newlines.
+ rel = rel.removeCharacters(isTabNewline);
+
// For compatibility with Win IE, treat backslashes as if they were slashes,
// as long as we're not dealing with _javascript_: or data: URLs.
- String rel = relative;
if (rel.contains('\\') && !(protocolIsJavaScript(rel) || protocolIs(rel, "data")))
rel = substituteBackslashes(rel);
@@ -500,16 +510,6 @@
len = strlen(str);
}
- // Get rid of leading whitespace and control characters.
- while (len && shouldTrimFromURL(*str)) {
- str++;
- --len;
- }
-
- // Get rid of trailing whitespace and control characters.
- while (len && shouldTrimFromURL(str[len - 1]))
- str[--len] = '\0';
-
// According to the RFC, the reference should be interpreted as an
// absolute URI if possible, using the "leftmost, longest"
// algorithm. If the URI reference is absolute it will have a
@@ -1934,12 +1934,26 @@
{
// Do the comparison without making a new string object.
assertProtocolIsGood(protocol);
- for (int i = 0; ; ++i) {
- if (!protocol[i])
+ bool isLeading = true;
+ for (int i = 0, j = 0; url[i]; ++i) {
+ // skip leading whitespace and control characters.
+ if (isLeading && shouldTrimFromURL(url[i]))
+ continue;
+ isLeading = false;
+
+ // skip any tabs and newlines.
+ if (isTabNewline(url[i]))
+ continue;
+
+ if (!protocol[j])
return url[i] == ':';
- if (!isLetterMatchIgnoringCase(url[i], protocol[i]))
+ if (!isLetterMatchIgnoringCase(url[i], protocol[j]))
return false;
+
+ ++j;
}
+
+ return false;
}
bool isValidProtocol(const String& protocol)
