Diff
Modified: trunk/LayoutTests/ChangeLog (262510 => 262511)
--- trunk/LayoutTests/ChangeLog 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/ChangeLog 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,3 +1,23 @@
+2020-06-03 Rob Buis <[email protected]>
+
+ Disallow responses when a response contains invalid header values
+ https://bugs.webkit.org/show_bug.cgi?id=184493
+
+ Reviewed by Darin Adler.
+
+ Update improved test results.
+
+ * platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+ * platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+ * platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+ * platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+ * platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+
2020-06-03 Andres Gonzalez <[email protected]>
AX: SVG text node with content is described as "empty group" even if it's not empty
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,3 +1,30 @@
+2020-06-03 Rob Buis <[email protected]>
+
+ Disallow responses when a response contains invalid header values
+ https://bugs.webkit.org/show_bug.cgi?id=184493
+
+ Reviewed by Darin Adler.
+
+ Update improved test results and import fetch/h1-parsing.
+
+ * web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt:
+ * web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt:
+ * web-platform-tests/fetch/api/basic/header-value-null-byte.any-expected.txt:
+ * web-platform-tests/fetch/api/basic/header-value-null-byte.any.worker-expected.txt:
+ * web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window-expected.txt: Added.
+ * web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.html: Added.
+ * web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js: Added.
+ (async_test.t.t.step_timeout):
+ * web-platform-tests/fetch/h1-parsing/resources/README.md: Added.
+ * web-platform-tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis: Added.
+ * web-platform-tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py: Added.
+ (main):
+ * web-platform-tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py: Added.
+ (main):
+ * web-platform-tests/fetch/h1-parsing/resources/w3c-import.log: Added.
+ * web-platform-tests/fetch/h1-parsing/w3c-import.log: Added.
+ * web-platform-tests/xhr/headers-normalize-response-expected.txt:
+
2020-06-01 Chris Dumez <[email protected]>
Update web-platform-tests/webaudio from upstream
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,8 +1,8 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
-FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
+PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,8 +1,8 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
-FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
+PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,3 +1,3 @@
-FAIL Ensure fetch() rejects null bytes in headers assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Ensure fetch() rejects null bytes in headers
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/header-value-null-byte.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,3 +1,3 @@
-FAIL Ensure fetch() rejects null bytes in headers assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS Ensure fetch() rejects null bytes in headers
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/README.md (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/README.md (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/README.md 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,6 @@
+`blue-with-0x00-in-a-header.asis` is a copy from `../../images/blue.png` with the following prepended using Control Pictures to signify actual newlines and 0x00:
+```
+HTTP/1.1 200 AN IMAGE␍␊
+Content-Type: image/png␍␊
+Custom: ␀␍␊␍␊
+```
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,9 @@
+HTTP/1.1 200 AN IMAGE
+Content-Type: image/png
+Custom: ��
+
+\x89PNG
+�
+������+IHDR������\x85������j���������\xAA�<�������sRGB��\xAE\xCE�\xE9�������gAMA����\xB1\x8F�\xFCa������� pHYs�����\xC3�����\xC3�\xC7o\xA8d�����zIDATx^\xED\xD3A+�����\x83\xC0\xFA7\xBD\xD9\xE0qI��H\xB7\x9D\x95�\xE8\xD12ТqV=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�-�-�\xFFУe\xA0E\xE3�z\xB4�\xB4h\xFCC\x8F\x96\x81�\x8D\xE8\xD12Т\xF1�=Z�Z4\xFE\xA1G\xCB@\x8B\xC6?\xF4h�h\xD1\xF8\x87�%�� \xEC\x
DE�\xCD� 1��������IEND\xAEB`\x82
\ No newline at end of file
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,4 @@
+def main(request, response):
+ response.headers.set("Content-Type", "text/html")
+ response.headers.set("Custom", "\0")
+ return "<!doctype html><b>This is a document.</b>"
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,4 @@
+def main(request, response):
+ response.headers.set("Content-Type", "text/_javascript_")
+ response.headers.set("Custom", "\0")
+ return "var thisIsJavaScript = 0"
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/w3c-import.log (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/w3c-import.log (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/w3c-import.log 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,20 @@
+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the WPT github:
+ https://github.com/web-platform-tests/wpt
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/README.md
+/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis
+/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py
+/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window-expected.txt (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,5 @@
+
+PASS Expect network error for script with 0x00 in a header
+FAIL Expect network error for frame navigation to resource with 0x00 in a header assert_equals: expected null but got Document node with 1 child
+PASS Expect network error for image with 0x00 in a header
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.html (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.html 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
\ No newline at end of file
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,31 @@
+async_test(t => {
+ const script = document.createElement("script");
+ t.add_cleanup(() => script.remove());
+ script.src = ""
+ script._onerror_ = t.step_func_done();
+ script._onload_ = t.unreached_func();
+ document.body.append(script);
+}, "Expect network error for script with 0x00 in a header");
+
+async_test(t => {
+ const frame = document.createElement("iframe");
+ t.add_cleanup(() => frame.remove());
+ frame.src = ""
+ // If network errors result in load events for frames per
+ // https://github.com/whatwg/html/issues/125 and https://github.com/whatwg/html/issues/1230 this
+ // should be changed to use the load event instead.
+ t.step_timeout(() => {
+ assert_equals(frame.contentDocument, null);
+ t.done();
+ }, 2000);
+ document.body.append(frame);
+}, "Expect network error for frame navigation to resource with 0x00 in a header");
+
+async_test(t => {
+ const img = document.createElement("img");
+ t.add_cleanup(() => img.remove());
+ img.src = ""
+ img._onerror_ = t.step_func_done();
+ img._onload_ = t.unreached_func();
+ document.body.append(img);
+}, "Expect network error for image with 0x00 in a header");
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/w3c-import.log (0 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/w3c-import.log (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/w3c-import.log 2020-06-03 19:59:04 UTC (rev 262511)
@@ -0,0 +1,17 @@
+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the WPT github:
+ https://github.com/web-platform-tests/wpt
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/headers-normalize-response-expected.txt (262510 => 262511)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/headers-normalize-response-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/headers-normalize-response-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
-FAIL Header value: hello world\0 assert_throws: function "() => client.send()" did not throw
-FAIL Header value: \0hello world assert_throws: function "() => client.send()" did not throw
-FAIL Header value: hello\0world assert_throws: function "() => client.send()" did not throw
+PASS Header value: hello world\0
+PASS Header value: \0hello world
+PASS Header value: hello\0world
PASS Header value: __hello_world
PASS Header value: hello_world__
PASS Header value: __hello_world__
@@ -10,7 +10,7 @@
PASS Header value: [tab]hello_world[tab]
PASS Header value: hello______world
PASS Header value: hello[tab]world
-FAIL Header value: \0 assert_throws: function "() => client.send()" did not throw
+PASS Header value: \0
PASS Header value: ___
PASS Header value: [tab]
PASS Header value:
Modified: trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/ios/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/ios-12/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/mac/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
PASS response.headers.get('heya') expects , ��, 1, , , 2
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt (262510 => 262511)
--- trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/LayoutTests/platform/mac-mojave/imported/w3c/web-platform-tests/fetch/api/basic/header-value-combining.any.worker-expected.txt 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,7 +1,7 @@
PASS response.headers.get('content-length') expects 0
PASS response.headers.get('content-length') expects 0, 0
-FAIL response.headers.get('double-trouble') expects , assert_equals: expected (string) ", " but got (object) null
+PASS response.headers.get('double-trouble') expects ,
PASS response.headers.get('foo-test') expects 1, 2, 3
FAIL response.headers.get('heya') expects , ��, 1, , , 2 assert_equals: expected ", \v\f, 1, , , 2" but got ", , 1, , , 2"
PASS response.headers.get('www-authenticate') expects 1, 2, 3, 4
Modified: trunk/Source/WebCore/ChangeLog (262510 => 262511)
--- trunk/Source/WebCore/ChangeLog 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/ChangeLog 2020-06-03 19:59:04 UTC (rev 262511)
@@ -1,3 +1,37 @@
+2020-06-03 Rob Buis <[email protected]>
+
+ Disallow responses when a response contains invalid header values
+ https://bugs.webkit.org/show_bug.cgi?id=184493
+
+ Reviewed by Darin Adler.
+
+ From the Fetch specification [1]:
+ "A value is a byte sequence that matches the following conditions:
+ "- Contains no 0x00 (NUL) or HTTP newline bytes."
+
+ [1] https://fetch.spec.whatwg.org/#concept-header-value
+
+ Tests: imported/w3c/web-platform-tests/fetch/h1-parsing/resources-with-0x00-in-header.window.html
+ imported/web-platform-tests/fetch/api/basic/header-value-combining.any.html
+ imported/web-platform-tests/fetch/api/basic/header-value-combining.any.worker.html
+ imported/web-platform-tests/fetch/api/basic/header-value-null-byte.any.html
+ imported/web-platform-tests/fetch/api/basic/header-value-null-byte.any.worker.html
+ imported/web-platform-tests/xhr/headers-normalize-response.htm
+
+ * Modules/fetch/FetchHeaders.cpp:
+ (WebCore::canWriteHeader):
+ (WebCore::appendToHeaderMap):
+ (WebCore::FetchHeaders::filterAndFill):
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::loadRequest):
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::didReceiveResponse):
+ * platform/network/HTTPParsers.cpp:
+ (WebCore::isValidHTTPHeaderValue):
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::ResourceResponseBase::containsInvalidHTTPHeaders const):
+ * platform/network/ResourceResponseBase.h:
+
2020-06-03 Wenson Hsieh <[email protected]>
dataTransfer.types is empty when handling the "dragstart" event
Modified: trunk/Source/WebCore/Modules/fetch/FetchHeaders.cpp (262510 => 262511)
--- trunk/Source/WebCore/Modules/fetch/FetchHeaders.cpp 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/Modules/fetch/FetchHeaders.cpp 2020-06-03 19:59:04 UTC (rev 262511)
@@ -43,7 +43,8 @@
{
if (!isValidHTTPToken(name))
return Exception { TypeError, makeString("Invalid header name: '", name, "'") };
- if (!isValidHTTPHeaderValue(value))
+ ASSERT(value.isEmpty() || (!isHTTPSpace(value[0]) && !isHTTPSpace(value[value.length() - 1])));
+ if (!isValidHTTPHeaderValue((value)))
return Exception { TypeError, makeString("Header '", name, "' has invalid value: '", value, "'") };
if (guard == FetchHeaders::Guard::Immutable)
return Exception { TypeError, "Headers object's guard is 'immutable'"_s };
@@ -77,7 +78,8 @@
static ExceptionOr<void> appendToHeaderMap(const HTTPHeaderMap::HTTPHeaderMapConstIterator::KeyValue& header, HTTPHeaderMap& headers, FetchHeaders::Guard guard)
{
- auto canWriteResult = canWriteHeader(header.key, header.value, header.value, guard);
+ String normalizedValue = stripLeadingAndTrailingHTTPSpaces(header.value);
+ auto canWriteResult = canWriteHeader(header.key, normalizedValue, header.value, guard);
if (canWriteResult.hasException())
return canWriteResult.releaseException();
if (!canWriteResult.releaseReturnValue())
@@ -207,7 +209,8 @@
void FetchHeaders::filterAndFill(const HTTPHeaderMap& headers, Guard guard)
{
for (auto& header : headers) {
- auto canWriteResult = canWriteHeader(header.key, header.value, header.value, guard);
+ String normalizedValue = stripLeadingAndTrailingHTTPSpaces(header.value);
+ auto canWriteResult = canWriteHeader(header.key, normalizedValue, header.value, guard);
if (canWriteResult.hasException())
continue;
if (!canWriteResult.releaseReturnValue())
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (262510 => 262511)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2020-06-03 19:59:04 UTC (rev 262511)
@@ -599,6 +599,11 @@
return;
}
+ if (response.containsInvalidHTTPHeaders()) {
+ didFail(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), "Response contained invalid HTTP headers", ResourceError::Type::General));
+ return;
+ }
+
if (!shouldPerformSecurityChecks()) {
// FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
// request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (262510 => 262511)
--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2020-06-03 19:59:04 UTC (rev 262511)
@@ -352,6 +352,11 @@
CompletionHandlerCallingScope completionHandlerCaller(WTFMove(policyCompletionHandler));
+ if (response.containsInvalidHTTPHeaders()) {
+ didFail(ResourceError(errorDomainWebKitInternal, 0, request().url(), "Response contained invalid HTTP headers", ResourceError::Type::General));
+ return;
+ }
+
#if USE(QUICK_LOOK)
if (shouldCreatePreviewLoaderForResponse(response)) {
m_previewLoader = makeUnique<LegacyPreviewLoader>(*this, response);
@@ -436,6 +441,7 @@
return;
}
}
+
m_resource->responseReceived(response);
if (reachedTerminalState())
return;
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (262510 => 262511)
--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2020-06-03 19:59:04 UTC (rev 262511)
@@ -129,7 +129,6 @@
return false;
for (unsigned i = 0; i < value.length(); ++i) {
c = value[i];
- ASSERT(isLatin1(c));
if (c == 0x00 || c == 0x0A || c == 0x0D)
return false;
}
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (262510 => 262511)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2020-06-03 19:59:04 UTC (rev 262511)
@@ -838,4 +838,13 @@
return ResourceResponse::platformCompare(a, b);
}
+bool ResourceResponseBase::containsInvalidHTTPHeaders() const
+{
+ for (auto& header : httpHeaderFields()) {
+ if (!isValidHTTPHeaderValue(stripLeadingAndTrailingHTTPSpaces(header.value)))
+ return true;
+ }
+ return false;
}
+
+}
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (262510 => 262511)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2020-06-03 19:55:31 UTC (rev 262510)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2020-06-03 19:59:04 UTC (rev 262511)
@@ -208,6 +208,8 @@
bool isRangeRequested() const { return m_isRangeRequested; }
void setAsRangeRequested() { m_isRangeRequested = true; }
+ bool containsInvalidHTTPHeaders() const;
+
protected:
enum InitLevel {
Uninitialized,
