Diff
Modified: trunk/LayoutTests/ChangeLog (188332 => 188333)
--- trunk/LayoutTests/ChangeLog 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/LayoutTests/ChangeLog 2015-08-12 10:12:28 UTC (rev 188333)
@@ -1,3 +1,18 @@
+2015-08-12 Youenn Fablet <[email protected]>
+
+ XHR.setRequestHeader should remove trailing and leading whitespaces from the header value
+ https://bugs.webkit.org/show_bug.cgi?id=147445
+
+ Reviewed by Darin Adler.
+
+ * http/tests/xmlhttprequest/inject-header-expected.txt:
+ * http/tests/xmlhttprequest/inject-header.html:
+ * http/tests/xmlhttprequest/resources/print-xtest-header.cgi: Added.
+ * http/tests/xmlhttprequest/set-bad-headervalue-expected.txt:
+ * http/tests/xmlhttprequest/set-bad-headervalue.html:
+ * http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value-expected.txt: Added.
+ * http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value.htm: Added.
+
2015-08-11 Myles C. Maxfield <[email protected]>
[font-features] Map OpenType feature tags to TrueType feature selectors
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/inject-header-expected.txt (188332 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/inject-header-expected.txt 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/inject-header-expected.txt 2015-08-12 10:12:28 UTC (rev 188333)
@@ -1,9 +1,9 @@
Test that setRequestHeader properly checks for line feeds in header values.
-%0AEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
+a%0AEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
-%0DEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
+a%0DEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
-%0D%0AEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
+a%0D%0AEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
-%0A%0DEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
+a%0A%0DEvil%3A%20on -> SUCCESS, setRequestHeader() raised an exception Error: SyntaxError: DOM Exception 12
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/inject-header.html (188332 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/inject-header.html 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/inject-header.html 2015-08-12 10:12:28 UTC (rev 188333)
@@ -28,10 +28,10 @@
}
}
-test("\nEvil: on");
-test("\rEvil: on");
-test("\r\nEvil: on");
-test("\n\rEvil: on");
+test("a\nEvil: on");
+test("a\rEvil: on");
+test("a\r\nEvil: on");
+test("a\n\rEvil: on");
</script>
</body>
</html>
Added: trunk/LayoutTests/http/tests/xmlhttprequest/resources/print-xtest-header.cgi (0 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/resources/print-xtest-header.cgi (rev 0)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/resources/print-xtest-header.cgi 2015-08-12 10:12:28 UTC (rev 188333)
@@ -0,0 +1,8 @@
+#!/usr/bin/perl -w
+
+use CGI qw(:standard);
+my $cgi = new CGI;
+
+print "Cache-Control: no-cache, no-store\n";
+print "Content-type: text/plain\n\n";
+print "x-test: $ENV{\"HTTP_X_TEST\"}\n";
Property changes on: trunk/LayoutTests/http/tests/xmlhttprequest/resources/print-xtest-header.cgi
___________________________________________________________________
Added: svn:executable
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt (188332 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt 2015-08-12 10:12:28 UTC (rev 188333)
@@ -9,6 +9,4 @@
PASS XMLHttpRequest: setRequestHeader() value argument checks 7
PASS XMLHttpRequest: setRequestHeader() value argument checks 8
PASS XMLHttpRequest: setRequestHeader() value argument checks 9
-PASS XMLHttpRequest: setRequestHeader() value argument checks 10
-PASS XMLHttpRequest: setRequestHeader() value argument checks 11
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html (188332 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html 2015-08-12 10:12:28 UTC (rev 188333)
@@ -28,8 +28,6 @@
try_value("t\vt", true)
try_value("t\tt", false)
try_value("t t", false)
- try_value(" t", true)
- try_value("t ", true)
try_value("\xd0\xa1", false)
try_value("\x7f", true)
test(function() {
Added: trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value-expected.txt (0 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value-expected.txt 2015-08-12 10:12:28 UTC (rev 188333)
@@ -0,0 +1,6 @@
+
+PASS XMLHttpRequest: setRequestHeader() - header value with whitespace ( )
+PASS XMLHttpRequest: setRequestHeader() - header value with whitespace ( t)
+PASS XMLHttpRequest: setRequestHeader() - header value with whitespace (t )
+PASS XMLHttpRequest: setRequestHeader() - header value with whitespace ( t )
+
Added: trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value.htm (0 => 188333)
--- trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value.htm (rev 0)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/setrequestheader-allow-whitespace-in-value.htm 2015-08-12 10:12:28 UTC (rev 188333)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>XMLHttpRequest: setRequestHeader() - header value with whitespace</title>
+ <script src=""
+ <script src=""
+ <link rel="help" href="" data-tested-assertations="/following::ol/li[4]/p[contains(@class,'note')] /following::ol/li[6]" />
+ </head>
+ <body>
+ <!-- This is an adaptation of https://github.com/w3c/web-platform-tests/blob/4f91feb51adfdbfd150743bb3b94744b13b1edae/XMLHttpRequest/setrequestheader-allow-whitespace-in-value.htm -->
+ <div id="log"></div>
+ <script>
+ function request(value) {
+ test(function() {
+ var client = new XMLHttpRequest()
+ client.open("POST", "resources/print-xtest-header.cgi", false)
+ client.setRequestHeader("X-Test", value)
+ client.send(null)
+ assert_equals(client.responseText, "x-test: " + String(value.trim()).toLowerCase() + "\n" )
+ }, document.title + " (" + value + ")")
+ }
+ request(" ")
+ request(" t")
+ request("t ")
+ request(" t ")
+ </script>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (188332 => 188333)
--- trunk/Source/WebCore/ChangeLog 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/Source/WebCore/ChangeLog 2015-08-12 10:12:28 UTC (rev 188333)
@@ -1,3 +1,18 @@
+2015-08-12 Youenn Fablet <[email protected]>
+
+ XHR.setRequestHeader should remove trailing and leading whitespaces from the header value
+ https://bugs.webkit.org/show_bug.cgi?id=147445
+
+ Reviewed by Darin Adler.
+
+ Covered by added and modifed tests.
+
+ * platform/network/HTTPParsers.h:
+ (WebCore::isHTTPSpace):
+ (WebCore::stripLeadingAndTrailingHTTPSpaces):
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::setRequestHeader): strip trailing and leading whitespace before testing for header value validity and storing.
+
2015-08-11 Carlos Garcia Campos <[email protected]>
NetworkProcess: DNS prefetch happens in the Web Process
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.h (188332 => 188333)
--- trunk/Source/WebCore/platform/network/HTTPParsers.h 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.h 2015-08-12 10:12:28 UTC (rev 188333)
@@ -87,6 +87,17 @@
size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, String& nameStr, String& valueStr, bool strict = true);
size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body);
+inline bool isHTTPSpace(UChar character)
+{
+ return character <= ' ' && (character == ' ' || character == '\n' || character == '\t' || character == '\r');
}
+// Strip leading and trailing whitespace as defined in https://fetch.spec.whatwg.org/#concept-header-value-normalize.
+inline String stripLeadingAndTrailingHTTPSpaces(const String& string)
+{
+ return string.stripWhiteSpace(isHTTPSpace);
+}
+
+}
+
#endif
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (188332 => 188333)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2015-08-12 07:29:33 UTC (rev 188332)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2015-08-12 10:12:28 UTC (rev 188333)
@@ -940,7 +940,8 @@
return;
}
- if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(value)) {
+ String normalizedValue = stripLeadingAndTrailingHTTPSpaces(value);
+ if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(normalizedValue)) {
ec = SYNTAX_ERR;
return;
}
@@ -951,7 +952,7 @@
return;
}
- setRequestHeaderInternal(name, value);
+ setRequestHeaderInternal(name, normalizedValue);
}
void XMLHttpRequest::setRequestHeaderInternal(const String& name, const String& value)
