[webkit-changes] [WebKit/WebKit] 048ca0: URLPattern canonicalisation of hostname should che...

youennf noreply at github.com
Wed Jan 15 04:01:41 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 048ca0693a470cccab74bd26636b43ff3fa07332
      https://github.com/WebKit/WebKit/commit/048ca0693a470cccab74bd26636b43ff3fa07332
  Author: Youenn Fablet <youenn at apple.com>
  Date:   2025-01-15 (Wed, 15 Jan 2025)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.serviceworker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.sharedworker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.worker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.serviceworker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.sharedworker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.worker-expected.txt
    M Source/WTF/wtf/URLParser.cpp
    M Source/WTF/wtf/URLParser.h
    M Source/WebCore/Modules/url-pattern/URLPatternCanonical.cpp

  Log Message:
  -----------
  URLPattern canonicalisation of hostname should check for forbidden host code points
rdar://142950591
https://bugs.webkit.org/show_bug.cgi?id=285976

Reviewed by Anne van Kesteren.

URLPattern is relying on URL.setHost to validate the hostname.
This is not exactly matching the basic URL parser with hostname state as state override.
In particular, setHost will split based on some forbidden code points like /, # or ?.
To fix this, we add a specific forbidden host code point check in canonicalizeHostname.
We skip these checks for IPv6 hostnames that will need further validation in a follow-up.

Covered by rebased tests.

* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.serviceworker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.sharedworker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.serviceworker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.sharedworker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/urlpattern/urlpattern.https.any.worker-expected.txt:
* Source/WTF/wtf/URLParser.cpp:
(WTF::isForbiddenHostCodePoint):
(WTF::URLParser::isForbiddenHostCodePoint):
* Source/WTF/wtf/URLParser.h:
* Source/WebCore/Modules/url-pattern/URLPatternCanonical.cpp:
(WebCore::canonicalizeHostname):

Canonical link: https://commits.webkit.org/288927@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list