WebKit Bugzilla
Attachment 358376 Details for
Bug 193155
: Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for landing
bug-193155-20190104145241.patch (text/plain), 5.05 KB, created by
Brent Fulgham
on 2019-01-04 14:52:41 PST
(
hide
)
Description:
Patch for landing
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2019-01-04 14:52:41 PST
Size:
5.05 KB
patch
obsolete
>Subversion Revision: 239618 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 9c6713e6cb81a05b27dd3a361c984d754082ef8b..8c7d599fd93bf8987991affd9929e03bac9d2dad 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,20 @@ >+2019-01-04 Brent Fulgham <bfulgham@apple.com> >+ >+ Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox >+ https://bugs.webkit.org/show_bug.cgi?id=193155 >+ <rdar://problem/40230982> >+ >+ Reviewed by Chris Dumez. >+ >+ Test: fast/loader/comment-only-javascript-url.html >+ >+ Make a special case for URLs beginning with 'javascript:'. We should always >+ treat these as JS URLs, even if the content contained within the URL >+ string might match other parts of the URL parsing spec. >+ >+ * html/URLUtils.h: >+ (WebCore::URLUtils<T>::protocol const): >+ > 2019-01-04 Chris Fleizach <cfleizach@apple.com> > > AX: String check: "Rule" does not reflect the meaning of the <hr> html tag >diff --git a/Source/WebCore/html/URLUtils.h b/Source/WebCore/html/URLUtils.h >index 3a8d5413f93148e13f49f968550629f4c09c3404..696c0051bd544723bb48e5f87e1d8703a829027d 100644 >--- a/Source/WebCore/html/URLUtils.h >+++ b/Source/WebCore/html/URLUtils.h >@@ -90,6 +90,8 @@ String URLUtils<T>::origin() const > template <typename T> > String URLUtils<T>::protocol() const > { >+ if (WTF::protocolIsJavaScript(href())) >+ return "javascript:"_s; > return makeString(href().protocol(), ':'); > } > >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 6c934d69ca102d357ac6e6648f09e4b7166575bb..c473f51a6439c648f20003cbe4501737de3eacc4 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,14 @@ >+2019-01-04 Brent Fulgham <bfulgham@apple.com> >+ >+ Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox >+ https://bugs.webkit.org/show_bug.cgi?id=193155 >+ <rdar://problem/40230982> >+ >+ Reviewed by Chris Dumez. >+ >+ * fast/loader/comment-only-javascript-url-expected.txt: Added. >+ * fast/loader/comment-only-javascript-url.html: Added. >+ > 2019-01-04 Chris Fleizach <cfleizach@apple.com> > > AX: String check: "Rule" does not reflect the meaning of the <hr> html tag >diff --git a/LayoutTests/fast/loader/comment-only-javascript-url-expected.txt b/LayoutTests/fast/loader/comment-only-javascript-url-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..1242759b8be25734a1b22cb3772bdf9699a9ff3f >--- /dev/null >+++ b/LayoutTests/fast/loader/comment-only-javascript-url-expected.txt >@@ -0,0 +1,18 @@ >+ALERT: 0 >+ALERT: 1 >+ALERT: 2 >+ALERT: 3 >+ALERT: 4 >+ALERT: 5 >+ALERT: 6 >+Tests that we properly handle JavaScript URLs containing comment characters, newlines, and carriage returns. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS No JavaScript URLs executed. >+PASS JavaScript URLs were executed. >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/fast/loader/comment-only-javascript-url.html b/LayoutTests/fast/loader/comment-only-javascript-url.html >new file mode 100644 >index 0000000000000000000000000000000000000000..ac05de1d1f31a47097a4081596c8dccf64265808 >--- /dev/null >+++ b/LayoutTests/fast/loader/comment-only-javascript-url.html >@@ -0,0 +1,66 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="../../resources/js-test.js"></script> >+<script> >+if (window.testRunner) { >+ testRunner.waitUntilDone(); >+ testRunner.dumpAsText(); >+} >+jsTestIsAsync = true; >+var count = 0; >+</script> >+</head> >+<body> >+<script> >+function filtered(url){ >+ var parser = document.createElement('a'); >+ parser.href = url; >+ if (parser.protocol.indexOf("javascript") == -1) { >+ parser.click(); >+ } >+} >+ >+function unfiltered(url){ >+ var parser = document.createElement('a'); >+ parser.href = url; >+ if (parser.protocol === "javascript:") { >+ parser.click(); >+ }; >+} >+ >+description("Tests that we properly handle JavaScript URLs containing comment characters, newlines, and carriage returns."); >+ >+let cases = [ "javascript:alert(count); ++count;", >+ "javascript:// A fun test%0aalert(count); ++count;", >+ "javascript://:%0aalert(count); ++count;", >+ "javascript://:%0dalert(count); ++count;", >+ "javascript://:%0a%0dalert(count); ++count;", >+ "javascript://%0a://%0dalert(count); ++count;", >+ "javascript://%0d//:%0aalert(count); ++count;" >+]; >+ >+for (var c in cases) >+ filtered(cases[c]); >+ >+setTimeout(function () { >+ if (!count) >+ testPassed("No JavaScript URLs executed."); >+ else >+ testFailed("JavaScript URLs were executed.") >+ >+ for (var c in cases) >+ unfiltered(cases[c]); >+ >+ setTimeout(function() { >+ if (count == cases.length) >+ testPassed("JavaScript URLs were executed.") >+ else >+ testFailed("No JavaScript URLs executed."); >+ >+ finishJSTest(); >+ }, 0); >+}, 0); >+</script> >+</body> >+</html>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=358376">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193155
:
358355
|
358371
| 358376