[webkit-changes] [232572] trunk

Wed, 06 Jun 2018 21:22:20 -0700

Title: [232572] trunk
Revision
232572
Author
[email protected]
Date
2018-06-06 21:21:21 -0700 (Wed, 06 Jun 2018)

Log Message

HTTP Header values validation is too strict
https://bugs.webkit.org/show_bug.cgi?id=167112

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebased from WPT repository.

* web-platform-tests/fetch/api/headers/header-values-normalize-exptected.txt: Added.
* web-platform-tests/fetch/api/headers/header-values-expected.txt: Added.

Source/WebCore:

Moving header values and names from DOMString to ByteString as per spec.
Updating WebCore::isValidHTTPHeaderValue as per https://fetch.spec.whatwg.org/#terminology-headers.

Covered by rebased and updated tests.
Updated test is now also passing in other browsers.

* platform/network/HTTPParsers.cpp:
(WebCore::isValidHTTPHeaderValue):

LayoutTests:

* http/tests/xmlhttprequest/set-bad-headervalue.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (232571 => 232572)


--- trunk/LayoutTests/ChangeLog	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/LayoutTests/ChangeLog	2018-06-07 04:21:21 UTC (rev 232572)
@@ -1,3 +1,12 @@
+2018-06-06  Youenn Fablet  <[email protected]>
+
+        HTTP Header values validation is too strict
+        https://bugs.webkit.org/show_bug.cgi?id=167112
+
+        Reviewed by Alex Christensen.
+
+        * http/tests/xmlhttprequest/set-bad-headervalue.html:
+
 2018-06-06  David Fenton  <[email protected]>
 
         Layout Test imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html is a flaky failure.

Modified: trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html (232571 => 232572)


--- trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html	2018-06-07 04:21:21 UTC (rev 232572)
@@ -24,12 +24,12 @@
       try_value("t\rt", {name:'SyntaxError'})
       try_value("t\nt", {name:'SyntaxError'})
       try_value("テスト", {name:'TypeError'})
-      try_value("t\bt", {name:'SyntaxError'})
-      try_value("t\vt", {name:'SyntaxError'})
+      try_value("t\bt")
+      try_value("t\vt")
       try_value("t\tt")
       try_value("t t")
       try_value("\xd0\xa1")
-      try_value("\x7f", {name:'SyntaxError'})
+      try_value("\x7f")
       test(function() {
         var client = new XMLHttpRequest()
         client.open("GET", "...")

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (232571 => 232572)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2018-06-07 04:21:21 UTC (rev 232572)
@@ -1,5 +1,17 @@
 2018-06-06  Youenn Fablet  <[email protected]>
 
+        HTTP Header values validation is too strict
+        https://bugs.webkit.org/show_bug.cgi?id=167112
+
+        Reviewed by Alex Christensen.
+
+        Rebased from WPT repository.
+
+        * web-platform-tests/fetch/api/headers/header-values-normalize-exptected.txt: Added.
+        * web-platform-tests/fetch/api/headers/header-values-expected.txt: Added.
+
+2018-06-06  Youenn Fablet  <[email protected]>
+
         Add Accept-Encoding: identity to Range requests
         https://bugs.webkit.org/show_bug.cgi?id=186335
         <rdar://problem/40837190>

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-expected.txt (232571 => 232572)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-expected.txt	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-expected.txt	2018-06-07 04:21:21 UTC (rev 232572)
@@ -5,6 +5,6 @@
 PASS fetch() with value x%0Ax needs to throw 
 PASS XMLHttpRequest with value x%0Dx needs to throw 
 PASS fetch() with value x%0Dx needs to throw 
-FAIL XMLHttpRequest with all valid values The string did not match the expected pattern.
-FAIL fetch() with all valid values Header 'val0' has invalid value: 'xx'
+PASS XMLHttpRequest with all valid values 
+PASS fetch() with all valid values

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-normalize-expected.txt (232571 => 232572)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-normalize-expected.txt	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/header-values-normalize-expected.txt	2018-06-07 04:21:21 UTC (rev 232572)
@@ -1,22 +1,22 @@
 
 PASS XMLHttpRequest with value %00 
 PASS fetch() with value %00 
-FAIL XMLHttpRequest with value %01 The string did not match the expected pattern.
-FAIL fetch() with value %01 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %02 The string did not match the expected pattern.
-FAIL fetch() with value %02 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %03 The string did not match the expected pattern.
-FAIL fetch() with value %03 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %04 The string did not match the expected pattern.
-FAIL fetch() with value %04 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %05 The string did not match the expected pattern.
-FAIL fetch() with value %05 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %06 The string did not match the expected pattern.
-FAIL fetch() with value %06 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %07 The string did not match the expected pattern.
-FAIL fetch() with value %07 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %08 The string did not match the expected pattern.
-FAIL fetch() with value %08 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
+PASS XMLHttpRequest with value %01 
+PASS fetch() with value %01 
+PASS XMLHttpRequest with value %02 
+PASS fetch() with value %02 
+PASS XMLHttpRequest with value %03 
+PASS fetch() with value %03 
+PASS XMLHttpRequest with value %04 
+PASS fetch() with value %04 
+PASS XMLHttpRequest with value %05 
+PASS fetch() with value %05 
+PASS XMLHttpRequest with value %06 
+PASS fetch() with value %06 
+PASS XMLHttpRequest with value %07 
+PASS fetch() with value %07 
+PASS XMLHttpRequest with value %08 
+PASS fetch() with value %08 
 PASS XMLHttpRequest with value %09 
 PASS fetch() with value %09 
 PASS XMLHttpRequest with value %0A 
@@ -23,42 +23,42 @@
 PASS fetch() with value %0A 
 PASS XMLHttpRequest with value %0D 
 PASS fetch() with value %0D 
-FAIL XMLHttpRequest with value %0E The string did not match the expected pattern.
-FAIL fetch() with value %0E promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %0F The string did not match the expected pattern.
-FAIL fetch() with value %0F promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %10 The string did not match the expected pattern.
-FAIL fetch() with value %10 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %11 The string did not match the expected pattern.
-FAIL fetch() with value %11 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %12 The string did not match the expected pattern.
-FAIL fetch() with value %12 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %13 The string did not match the expected pattern.
-FAIL fetch() with value %13 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %14 The string did not match the expected pattern.
-FAIL fetch() with value %14 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %15 The string did not match the expected pattern.
-FAIL fetch() with value %15 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %16 The string did not match the expected pattern.
-FAIL fetch() with value %16 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %17 The string did not match the expected pattern.
-FAIL fetch() with value %17 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %18 The string did not match the expected pattern.
-FAIL fetch() with value %18 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %19 The string did not match the expected pattern.
-FAIL fetch() with value %19 promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1A The string did not match the expected pattern.
-FAIL fetch() with value %1A promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1B The string did not match the expected pattern.
-FAIL fetch() with value %1B promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1C The string did not match the expected pattern.
-FAIL fetch() with value %1C promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1D The string did not match the expected pattern.
-FAIL fetch() with value %1D promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1E The string did not match the expected pattern.
-FAIL fetch() with value %1E promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
-FAIL XMLHttpRequest with value %1F The string did not match the expected pattern.
-FAIL fetch() with value %1F promise_test: Unhandled rejection with value: object "TypeError: Header 'val1' has invalid value: ''"
+PASS XMLHttpRequest with value %0E 
+PASS fetch() with value %0E 
+PASS XMLHttpRequest with value %0F 
+PASS fetch() with value %0F 
+PASS XMLHttpRequest with value %10 
+PASS fetch() with value %10 
+PASS XMLHttpRequest with value %11 
+PASS fetch() with value %11 
+PASS XMLHttpRequest with value %12 
+PASS fetch() with value %12 
+PASS XMLHttpRequest with value %13 
+PASS fetch() with value %13 
+PASS XMLHttpRequest with value %14 
+PASS fetch() with value %14 
+PASS XMLHttpRequest with value %15 
+PASS fetch() with value %15 
+PASS XMLHttpRequest with value %16 
+PASS fetch() with value %16 
+PASS XMLHttpRequest with value %17 
+PASS fetch() with value %17 
+PASS XMLHttpRequest with value %18 
+PASS fetch() with value %18 
+PASS XMLHttpRequest with value %19 
+PASS fetch() with value %19 
+PASS XMLHttpRequest with value %1A 
+PASS fetch() with value %1A 
+PASS XMLHttpRequest with value %1B 
+PASS fetch() with value %1B 
+PASS XMLHttpRequest with value %1C 
+PASS fetch() with value %1C 
+PASS XMLHttpRequest with value %1D 
+PASS fetch() with value %1D 
+PASS XMLHttpRequest with value %1E 
+PASS fetch() with value %1E 
+PASS XMLHttpRequest with value %1F 
+PASS fetch() with value %1F 
 PASS XMLHttpRequest with value %20 
 PASS fetch() with value %20

Modified: trunk/Source/WebCore/ChangeLog (232571 => 232572)


--- trunk/Source/WebCore/ChangeLog	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/Source/WebCore/ChangeLog	2018-06-07 04:21:21 UTC (rev 232572)
@@ -1,5 +1,21 @@
 2018-06-06  Youenn Fablet  <[email protected]>
 
+        HTTP Header values validation is too strict
+        https://bugs.webkit.org/show_bug.cgi?id=167112
+
+        Reviewed by Alex Christensen.
+
+        Moving header values and names from DOMString to ByteString as per spec.
+        Updating WebCore::isValidHTTPHeaderValue as per https://fetch.spec.whatwg.org/#terminology-headers.
+
+        Covered by rebased and updated tests.
+        Updated test is now also passing in other browsers.
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isValidHTTPHeaderValue):
+
+2018-06-06  Youenn Fablet  <[email protected]>
+
         Add Accept-Encoding: identity to Range requests
         https://bugs.webkit.org/show_bug.cgi?id=186335
         <rdar://problem/40837190>

Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (232571 => 232572)


--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2018-06-07 04:03:31 UTC (rev 232571)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2018-06-07 04:21:21 UTC (rev 232572)
@@ -85,7 +85,7 @@
     return skipWhiteSpace(str, pos) && str[pos++] == '=' && skipWhiteSpace(str, pos);
 }
 
-// True if a value present, incrementing pos to next space or semicolon, if any.  
+// True if a value present, incrementing pos to next space or semicolon, if any.
 // Note: might return pos == str.length().
 static inline bool skipValue(const String& str, unsigned& pos)
 {
@@ -110,7 +110,7 @@
     return true;
 }
 
-// See RFC 7230, Section 3.2.3.
+// See https://fetch.spec.whatwg.org/#concept-header
 bool isValidHTTPHeaderValue(const String& value)
 {
     UChar c = value[0];
@@ -121,7 +121,8 @@
         return false;
     for (unsigned i = 0; i < value.length(); ++i) {
         c = value[i];
-        if (c == 0x7F || c > 0xFF || (c < 0x20 && c != '\t'))
+        ASSERT(c <= 0xFF);
+        if (c == 0x00 || c == 0x0A || c == 0x0D)
             return false;
     }
     return true;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to