<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[284588] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/284588">284588</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2021-10-20 17:03:30 -0700 (Wed, 20 Oct 2021)</dd>
</dl>
<h3>Log Message</h3>
<pre>URLParser should reject hosts with C0 control characters or U+007F
https://bugs.webkit.org/show_bug.cgi?id=232034
Patch by Alex Christensen <achristensen@webkit.org> on 2021-10-20
Reviewed by Tim Horton.
LayoutTests/imported/w3c:
* web-platform-tests/url/a-element-origin-expected.txt:
* web-platform-tests/url/a-element-origin-xhtml-expected.txt:
* web-platform-tests/url/failure-expected.txt:
* web-platform-tests/url/resources/urltestdata.json:
* web-platform-tests/url/url-character-sets.any-expected.txt: Added.
* web-platform-tests/url/url-character-sets.any.html: Added.
* web-platform-tests/url/url-character-sets.any.js: Added.
(cp.test):
* web-platform-tests/url/url-character-sets.any.worker-expected.txt: Added.
* web-platform-tests/url/url-character-sets.any.worker.html: Added.
* web-platform-tests/url/url-origin.any-expected.txt:
* web-platform-tests/url/url-origin.any.worker-expected.txt:
* web-platform-tests/url/url-setters-stripping.any.js:
Source/WTF:
This matches Chrome and Firefox and was proposed to the standard at
https://github.com/whatwg/url/issues/627
* wtf/URLParser.cpp:
(WTF::isC0Control):
(WTF::isForbiddenHostCodePoint):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlaelementoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlaelementoriginxhtmlexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlfailureexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlresourcesurltestdatajson">trunk/LayoutTests/imported/w3c/web-platform-tests/url/resources/urltestdata.json</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurloriginanyexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurloriginanyworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlsettersstrippinganyjs">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-setters-stripping.any.js</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfURLParsercpp">trunk/Source/WTF/wtf/URLParser.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyjs">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.js</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyworkerexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyworkerhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2021-10-20 Alex Christensen <achristensen@webkit.org>
+
+ URLParser should reject hosts with C0 control characters or U+007F
+ https://bugs.webkit.org/show_bug.cgi?id=232034
+
+ Reviewed by Tim Horton.
+
+ * web-platform-tests/url/a-element-origin-expected.txt:
+ * web-platform-tests/url/a-element-origin-xhtml-expected.txt:
+ * web-platform-tests/url/failure-expected.txt:
+ * web-platform-tests/url/resources/urltestdata.json:
+ * web-platform-tests/url/url-character-sets.any-expected.txt: Added.
+ * web-platform-tests/url/url-character-sets.any.html: Added.
+ * web-platform-tests/url/url-character-sets.any.js: Added.
+ (cp.test):
+ * web-platform-tests/url/url-character-sets.any.worker-expected.txt: Added.
+ * web-platform-tests/url/url-character-sets.any.worker.html: Added.
+ * web-platform-tests/url/url-origin.any-expected.txt:
+ * web-platform-tests/url/url-origin.any.worker-expected.txt:
+ * web-platform-tests/url/url-setters-stripping.any.js:
+
</ins><span class="cx"> 2021-10-20 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><span class="cx"> Add support for requestVideoFrameCallback API and MediaStreamTrack-based backend support
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlaelementoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -264,8 +264,6 @@
</span><span class="cx"> PASS Parsing origin: <wow:%1G> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <wow:\x{FFFF}> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <http://example.com/U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}?U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}> against <about:blank>
</span><del>-PASS Parsing origin: <http://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
-PASS Parsing origin: <sc://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
</del><span class="cx"> PASS Parsing origin: <ftp://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <https://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlaelementoriginxhtmlexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -264,8 +264,6 @@
</span><span class="cx"> PASS Parsing origin: <wow:%1G> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <wow:\x{FFFF}> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <http://example.com/U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}?U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}> against <about:blank>
</span><del>-PASS Parsing origin: <http://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
-PASS Parsing origin: <sc://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
</del><span class="cx"> PASS Parsing origin: <ftp://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <https://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Parsing origin: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlfailureexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -312,6 +312,18 @@
</span><span class="cx"> PASS sendBeacon(): http://ho%7Cst/ should throw
</span><span class="cx"> PASS Location's href: http://ho%7Cst/ should throw
</span><span class="cx"> PASS window.open(): http://ho%7Cst/ should throw
</span><ins>+PASS URL's constructor's base argument: http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS URL's href: http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS XHR: http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS sendBeacon(): http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS Location's href: http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS window.open(): http://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS URL's constructor's base argument: sc://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS URL's href: sc://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS XHR: sc://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS sendBeacon(): sc://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS Location's href: sc://�!"$&'()*+,-.;=_`{}~/ should throw
+PASS window.open(): sc://�!"$&'()*+,-.;=_`{}~/ should throw
</ins><span class="cx"> PASS URL's constructor's base argument: ftp://example.com%80/ should throw
</span><span class="cx"> PASS URL's href: ftp://example.com%80/ should throw
</span><span class="cx"> PASS XHR: ftp://example.com%80/ should throw
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlresourcesurltestdatajson"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/resources/urltestdata.json (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/resources/urltestdata.json 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/resources/urltestdata.json 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -4853,32 +4853,12 @@
</span><span class="cx"> {
</span><span class="cx"> "input": "http://\u001F!\"$&'()*+,-.;=_`{}~/",
</span><span class="cx"> "base": "about:blank",
</span><del>- "href": "http://\u001F!\"$&'()*+,-.;=_`{}~/",
- "origin": "http://\u001F!\"$&'()*+,-.;=_`{}~",
- "protocol": "http:",
- "username": "",
- "password": "",
- "host": "\u001F!\"$&'()*+,-.;=_`{}~",
- "hostname": "\u001F!\"$&'()*+,-.;=_`{}~",
- "port": "",
- "pathname": "/",
- "search": "",
- "hash": ""
</del><ins>+ "failure": true
</ins><span class="cx"> },
</span><span class="cx"> {
</span><span class="cx"> "input": "sc://\u001F!\"$&'()*+,-.;=_`{}~/",
</span><span class="cx"> "base": "about:blank",
</span><del>- "href": "sc://%1F!\"$&'()*+,-.;=_`{}~/",
- "origin": "null",
- "protocol": "sc:",
- "username": "",
- "password": "",
- "host": "%1F!\"$&'()*+,-.;=_`{}~",
- "hostname": "%1F!\"$&'()*+,-.;=_`{}~",
- "port": "",
- "pathname": "/",
- "search": "",
- "hash": ""
</del><ins>+ "failure": true
</ins><span class="cx"> },
</span><span class="cx"> "# Hosts and percent-encoding",
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any-expected.txt (0 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -0,0 +1,131 @@
</span><ins>+
+PASS https host code point 0x0 (\0)
+PASS https host code point 0x1 (�)
+PASS https host code point 0x2 (�)
+PASS https host code point 0x3 (�)
+PASS https host code point 0x4 (�)
+PASS https host code point 0x5 (�)
+PASS https host code point 0x6 (�)
+PASS https host code point 0x7 (�)
+PASS https host code point 0x8 (�)
+PASS https host code point 0x9 ( )
+PASS https host code point 0xa (
+)
+PASS https host code point 0xb (�)
+PASS https host code point 0xc (�)
+PASS https host code point 0xd (\r)
+PASS https host code point 0xe (�)
+PASS https host code point 0xf (�)
+PASS https host code point 0x10 (�)
+PASS https host code point 0x11 (�)
+PASS https host code point 0x12 (�)
+PASS https host code point 0x13 (�)
+PASS https host code point 0x14 (�)
+PASS https host code point 0x15 (�)
+PASS https host code point 0x16 (�)
+PASS https host code point 0x17 (�)
+PASS https host code point 0x18 (�)
+PASS https host code point 0x19 (�)
+PASS https host code point 0x1a (�)
+PASS https host code point 0x1b (�)
+PASS https host code point 0x1c (�)
+PASS https host code point 0x1d (�)
+PASS https host code point 0x1e (�)
+PASS https host code point 0x1f (�)
+PASS https host code point 0x20 ( )
+PASS https host code point 0x21 (!)
+PASS https host code point 0x22 (")
+PASS https host code point 0x23 (#)
+PASS https host code point 0x24 ($)
+PASS https host code point 0x25 (%)
+PASS https host code point 0x26 (&)
+PASS https host code point 0x27 (')
+PASS https host code point 0x28 (()
+PASS https host code point 0x29 ())
+PASS https host code point 0x2a (*)
+PASS https host code point 0x2b (+)
+PASS https host code point 0x2c (,)
+PASS https host code point 0x2d (-)
+PASS https host code point 0x2e (.)
+PASS https host code point 0x2f (/)
+PASS https host code point 0x30 (0)
+PASS https host code point 0x31 (1)
+PASS https host code point 0x32 (2)
+PASS https host code point 0x33 (3)
+PASS https host code point 0x34 (4)
+PASS https host code point 0x35 (5)
+PASS https host code point 0x36 (6)
+PASS https host code point 0x37 (7)
+PASS https host code point 0x38 (8)
+PASS https host code point 0x39 (9)
+PASS https host code point 0x3a (:)
+PASS https host code point 0x3b (;)
+PASS https host code point 0x3c (<)
+PASS https host code point 0x3d (=)
+PASS https host code point 0x3e (>)
+PASS https host code point 0x3f (?)
+PASS https host code point 0x40 (@)
+PASS https host code point 0x41 (A)
+PASS https host code point 0x42 (B)
+PASS https host code point 0x43 (C)
+PASS https host code point 0x44 (D)
+PASS https host code point 0x45 (E)
+PASS https host code point 0x46 (F)
+PASS https host code point 0x47 (G)
+PASS https host code point 0x48 (H)
+PASS https host code point 0x49 (I)
+PASS https host code point 0x4a (J)
+PASS https host code point 0x4b (K)
+PASS https host code point 0x4c (L)
+PASS https host code point 0x4d (M)
+PASS https host code point 0x4e (N)
+PASS https host code point 0x4f (O)
+PASS https host code point 0x50 (P)
+PASS https host code point 0x51 (Q)
+PASS https host code point 0x52 (R)
+PASS https host code point 0x53 (S)
+PASS https host code point 0x54 (T)
+PASS https host code point 0x55 (U)
+PASS https host code point 0x56 (V)
+PASS https host code point 0x57 (W)
+PASS https host code point 0x58 (X)
+PASS https host code point 0x59 (Y)
+PASS https host code point 0x5a (Z)
+PASS https host code point 0x5b ([)
+PASS https host code point 0x5c (\)
+PASS https host code point 0x5d (])
+PASS https host code point 0x5e (^)
+PASS https host code point 0x5f (_)
+PASS https host code point 0x60 (`)
+PASS https host code point 0x61 (a)
+PASS https host code point 0x62 (b)
+PASS https host code point 0x63 (c)
+PASS https host code point 0x64 (d)
+PASS https host code point 0x65 (e)
+PASS https host code point 0x66 (f)
+PASS https host code point 0x67 (g)
+PASS https host code point 0x68 (h)
+PASS https host code point 0x69 (i)
+PASS https host code point 0x6a (j)
+PASS https host code point 0x6b (k)
+PASS https host code point 0x6c (l)
+PASS https host code point 0x6d (m)
+PASS https host code point 0x6e (n)
+PASS https host code point 0x6f (o)
+PASS https host code point 0x70 (p)
+PASS https host code point 0x71 (q)
+PASS https host code point 0x72 (r)
+PASS https host code point 0x73 (s)
+PASS https host code point 0x74 (t)
+PASS https host code point 0x75 (u)
+PASS https host code point 0x76 (v)
+PASS https host code point 0x77 (w)
+PASS https host code point 0x78 (x)
+PASS https host code point 0x79 (y)
+PASS https host code point 0x7a (z)
+PASS https host code point 0x7b ({)
+PASS https host code point 0x7c (|)
+PASS https host code point 0x7d (})
+PASS https host code point 0x7e (~)
+PASS https host code point 0x7f ()
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.html (0 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.html 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+<!-- This file is required for WebKit test infrastructure to run the templated test -->
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.js (0 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.js 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -0,0 +1,40 @@
</span><ins>+function checkHostCodePoint(codePoint, forbidden) {
+ let caught = false;
+ try {
+ new URL("https://%" + codePoint.toString(16));
+ } catch (e) {
+ caught = true;
+ }
+ assert_equals(caught, forbidden, "percent encoded");
+ caught = false;
+ try {
+ new URL("https://" + String.fromCodePoint(codePoint));
+ } catch (e) {
+ caught = true;
+ }
+ assert_equals(caught, forbidden, "not percent encoded");
+}
+
+function isForbiddenHostCodePoint(codePoint) {
+ return codePoint <= 0x20
+ || codePoint == 0x23
+ || codePoint == 0x25
+ || codePoint == 0x2F
+ || codePoint == 0x3A
+ || codePoint == 0x3C
+ || codePoint == 0x3E
+ || codePoint == 0x3F
+ || codePoint == 0x40
+ || codePoint == 0x5B
+ || codePoint == 0x5C
+ || codePoint == 0x5D
+ || codePoint == 0x5E
+ || codePoint == 0x7C
+ || codePoint == 0x7F;
+}
+
+for (let codePoint = 0; codePoint <= 0x7f; codePoint++) {
+ test(() => {
+ checkHostCodePoint(codePoint, isForbiddenHostCodePoint(codePoint));
+ }, "https host code point 0x" + codePoint.toString(16) + " (" + String.fromCodePoint(codePoint) + ")")
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyworkerexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker-expected.txt (0 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -0,0 +1,131 @@
</span><ins>+
+PASS https host code point 0x0 (\0)
+PASS https host code point 0x1 (�)
+PASS https host code point 0x2 (�)
+PASS https host code point 0x3 (�)
+PASS https host code point 0x4 (�)
+PASS https host code point 0x5 (�)
+PASS https host code point 0x6 (�)
+PASS https host code point 0x7 (�)
+PASS https host code point 0x8 (�)
+PASS https host code point 0x9 ( )
+PASS https host code point 0xa (
+)
+PASS https host code point 0xb (�)
+PASS https host code point 0xc (�)
+PASS https host code point 0xd (\r)
+PASS https host code point 0xe (�)
+PASS https host code point 0xf (�)
+PASS https host code point 0x10 (�)
+PASS https host code point 0x11 (�)
+PASS https host code point 0x12 (�)
+PASS https host code point 0x13 (�)
+PASS https host code point 0x14 (�)
+PASS https host code point 0x15 (�)
+PASS https host code point 0x16 (�)
+PASS https host code point 0x17 (�)
+PASS https host code point 0x18 (�)
+PASS https host code point 0x19 (�)
+PASS https host code point 0x1a (�)
+PASS https host code point 0x1b (�)
+PASS https host code point 0x1c (�)
+PASS https host code point 0x1d (�)
+PASS https host code point 0x1e (�)
+PASS https host code point 0x1f (�)
+PASS https host code point 0x20 ( )
+PASS https host code point 0x21 (!)
+PASS https host code point 0x22 (")
+PASS https host code point 0x23 (#)
+PASS https host code point 0x24 ($)
+PASS https host code point 0x25 (%)
+PASS https host code point 0x26 (&)
+PASS https host code point 0x27 (')
+PASS https host code point 0x28 (()
+PASS https host code point 0x29 ())
+PASS https host code point 0x2a (*)
+PASS https host code point 0x2b (+)
+PASS https host code point 0x2c (,)
+PASS https host code point 0x2d (-)
+PASS https host code point 0x2e (.)
+PASS https host code point 0x2f (/)
+PASS https host code point 0x30 (0)
+PASS https host code point 0x31 (1)
+PASS https host code point 0x32 (2)
+PASS https host code point 0x33 (3)
+PASS https host code point 0x34 (4)
+PASS https host code point 0x35 (5)
+PASS https host code point 0x36 (6)
+PASS https host code point 0x37 (7)
+PASS https host code point 0x38 (8)
+PASS https host code point 0x39 (9)
+PASS https host code point 0x3a (:)
+PASS https host code point 0x3b (;)
+PASS https host code point 0x3c (<)
+PASS https host code point 0x3d (=)
+PASS https host code point 0x3e (>)
+PASS https host code point 0x3f (?)
+PASS https host code point 0x40 (@)
+PASS https host code point 0x41 (A)
+PASS https host code point 0x42 (B)
+PASS https host code point 0x43 (C)
+PASS https host code point 0x44 (D)
+PASS https host code point 0x45 (E)
+PASS https host code point 0x46 (F)
+PASS https host code point 0x47 (G)
+PASS https host code point 0x48 (H)
+PASS https host code point 0x49 (I)
+PASS https host code point 0x4a (J)
+PASS https host code point 0x4b (K)
+PASS https host code point 0x4c (L)
+PASS https host code point 0x4d (M)
+PASS https host code point 0x4e (N)
+PASS https host code point 0x4f (O)
+PASS https host code point 0x50 (P)
+PASS https host code point 0x51 (Q)
+PASS https host code point 0x52 (R)
+PASS https host code point 0x53 (S)
+PASS https host code point 0x54 (T)
+PASS https host code point 0x55 (U)
+PASS https host code point 0x56 (V)
+PASS https host code point 0x57 (W)
+PASS https host code point 0x58 (X)
+PASS https host code point 0x59 (Y)
+PASS https host code point 0x5a (Z)
+PASS https host code point 0x5b ([)
+PASS https host code point 0x5c (\)
+PASS https host code point 0x5d (])
+PASS https host code point 0x5e (^)
+PASS https host code point 0x5f (_)
+PASS https host code point 0x60 (`)
+PASS https host code point 0x61 (a)
+PASS https host code point 0x62 (b)
+PASS https host code point 0x63 (c)
+PASS https host code point 0x64 (d)
+PASS https host code point 0x65 (e)
+PASS https host code point 0x66 (f)
+PASS https host code point 0x67 (g)
+PASS https host code point 0x68 (h)
+PASS https host code point 0x69 (i)
+PASS https host code point 0x6a (j)
+PASS https host code point 0x6b (k)
+PASS https host code point 0x6c (l)
+PASS https host code point 0x6d (m)
+PASS https host code point 0x6e (n)
+PASS https host code point 0x6f (o)
+PASS https host code point 0x70 (p)
+PASS https host code point 0x71 (q)
+PASS https host code point 0x72 (r)
+PASS https host code point 0x73 (s)
+PASS https host code point 0x74 (t)
+PASS https host code point 0x75 (u)
+PASS https host code point 0x76 (v)
+PASS https host code point 0x77 (w)
+PASS https host code point 0x78 (x)
+PASS https host code point 0x79 (y)
+PASS https host code point 0x7a (z)
+PASS https host code point 0x7b ({)
+PASS https host code point 0x7c (|)
+PASS https host code point 0x7d (})
+PASS https host code point 0x7e (~)
+PASS https host code point 0x7f ()
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlcharactersetsanyworkerhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker.html (0 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-character-sets.any.worker.html 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+<!-- This file is required for WebKit test infrastructure to run the templated test -->
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurloriginanyexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -263,8 +263,6 @@
</span><span class="cx"> PASS Origin parsing: <wow:%1G> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <wow:\x{FFFF}> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <http://example.com/U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}?U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}> against <about:blank>
</span><del>-PASS Origin parsing: <http://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
-PASS Origin parsing: <sc://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
</del><span class="cx"> PASS Origin parsing: <ftp://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <https://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurloriginanyworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -263,8 +263,6 @@
</span><span class="cx"> PASS Origin parsing: <wow:%1G> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <wow:\x{FFFF}> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <http://example.com/U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}?U+d800U+dfff\x{FDD0}﷏\x{FDEF}ﷰ\x{FFFE}\x{FFFF}> against <about:blank>
</span><del>-PASS Origin parsing: <http://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
-PASS Origin parsing: <sc://�!"$&'()*+,-.;=_`{}~/> against <about:blank>
</del><span class="cx"> PASS Origin parsing: <ftp://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <https://%e2%98%83> against <about:blank>
</span><span class="cx"> PASS Origin parsing: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestsurlurlsettersstrippinganyjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-setters-stripping.any.js (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-setters-stripping.any.js 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-setters-stripping.any.js 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -66,7 +66,7 @@
</span><span class="cx"> ["trailing", "test" + (scheme === "https" ? cpString : encodeURIComponent(cpString)), "test" + String.fromCodePoint(i)]
</span><span class="cx"> ]) {
</span><span class="cx"> test(() => {
</span><del>- const expected = i === 0x00 ? "host" : stripped ? "test" : expectedPart;
</del><ins>+ const expected = stripped ? "test" : "host";
</ins><span class="cx"> const url = urlRecord(scheme);
</span><span class="cx"> url.host = input;
</span><span class="cx"> assert_equals(url.host, expected + ":8000", "property");
</span><span class="lines">@@ -74,7 +74,7 @@
</span><span class="cx"> }, `Setting host with ${type} ${cpReference} (${scheme}:)`);
</span><span class="cx">
</span><span class="cx"> test(() => {
</span><del>- const expected = i === 0x00 ? "host" : stripped ? "test" : expectedPart;
</del><ins>+ const expected = stripped ? "test" : "host";
</ins><span class="cx"> const url = urlRecord(scheme);
</span><span class="cx"> url.hostname = input;
</span><span class="cx"> assert_equals(url.hostname, expected, "property");
</span></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/Source/WTF/ChangeLog 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2021-10-20 Alex Christensen <achristensen@webkit.org>
+
+ URLParser should reject hosts with C0 control characters or U+007F
+ https://bugs.webkit.org/show_bug.cgi?id=232034
+
+ Reviewed by Tim Horton.
+
+ This matches Chrome and Firefox and was proposed to the standard at
+ https://github.com/whatwg/url/issues/627
+
+ * wtf/URLParser.cpp:
+ (WTF::isC0Control):
+ (WTF::isForbiddenHostCodePoint):
+
</ins><span class="cx"> 2021-10-20 Michael Catanzaro <mcatanzaro@gnome.org>
</span><span class="cx">
</span><span class="cx"> Do not use strerror()
</span></span></pre></div>
<a id="trunkSourceWTFwtfURLParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/URLParser.cpp (284587 => 284588)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/URLParser.cpp 2021-10-21 00:02:20 UTC (rev 284587)
+++ trunk/Source/WTF/wtf/URLParser.cpp 2021-10-21 00:03:30 UTC (rev 284588)
</span><span class="lines">@@ -63,37 +63,37 @@
</span><span class="cx">
</span><span class="cx"> static const uint8_t characterClassTable[256] = {
</span><span class="cx"> UserInfo | Default | QueryPercent | ForbiddenHost, // 0x0
</span><del>- UserInfo | Default | QueryPercent, // 0x1
- UserInfo | Default | QueryPercent, // 0x2
- UserInfo | Default | QueryPercent, // 0x3
- UserInfo | Default | QueryPercent, // 0x4
- UserInfo | Default | QueryPercent, // 0x5
- UserInfo | Default | QueryPercent, // 0x6
- UserInfo | Default | QueryPercent, // 0x7
- UserInfo | Default | QueryPercent, // 0x8
</del><ins>+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x2
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x3
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x4
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x5
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x6
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x7
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x8
</ins><span class="cx"> UserInfo | Default | QueryPercent | ForbiddenHost, // 0x9
</span><span class="cx"> UserInfo | Default | QueryPercent | ForbiddenHost, // 0xA
</span><del>- UserInfo | Default | QueryPercent, // 0xB
- UserInfo | Default | QueryPercent, // 0xC
</del><ins>+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0xB
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0xC
</ins><span class="cx"> UserInfo | Default | QueryPercent | ForbiddenHost, // 0xD
</span><del>- UserInfo | Default | QueryPercent, // 0xE
- UserInfo | Default | QueryPercent, // 0xF
- UserInfo | Default | QueryPercent, // 0x10
- UserInfo | Default | QueryPercent, // 0x11
- UserInfo | Default | QueryPercent, // 0x12
- UserInfo | Default | QueryPercent, // 0x13
- UserInfo | Default | QueryPercent, // 0x14
- UserInfo | Default | QueryPercent, // 0x15
- UserInfo | Default | QueryPercent, // 0x16
- UserInfo | Default | QueryPercent, // 0x17
- UserInfo | Default | QueryPercent, // 0x18
- UserInfo | Default | QueryPercent, // 0x19
- UserInfo | Default | QueryPercent, // 0x1A
- UserInfo | Default | QueryPercent, // 0x1B
- UserInfo | Default | QueryPercent, // 0x1C
- UserInfo | Default | QueryPercent, // 0x1D
- UserInfo | Default | QueryPercent, // 0x1E
- UserInfo | Default | QueryPercent, // 0x1F
</del><ins>+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0xE
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0xF
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x10
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x11
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x12
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x13
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x14
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x15
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x16
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x17
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x18
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x19
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1A
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1B
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1C
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1D
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1E
+ UserInfo | Default | QueryPercent | ForbiddenHost, // 0x1F
</ins><span class="cx"> UserInfo | Default | QueryPercent | ForbiddenHost, // ' '
</span><span class="cx"> 0, // '!'
</span><span class="cx"> UserInfo | Default | QueryPercent, // '"'
</span><span class="lines">@@ -189,7 +189,7 @@
</span><span class="cx"> UserInfo | ForbiddenHost, // '|'
</span><span class="cx"> UserInfo | Default, // '}'
</span><span class="cx"> 0, // '~'
</span><del>- QueryPercent, // 0x7F
</del><ins>+ QueryPercent | ForbiddenHost, // 0x7F
</ins><span class="cx"> QueryPercent, // 0x80
</span><span class="cx"> QueryPercent, // 0x81
</span><span class="cx"> QueryPercent, // 0x82
</span><span class="lines">@@ -330,7 +330,7 @@
</span><span class="cx"> template<typename CharacterType> ALWAYS_INLINE static bool isPercentOrNonASCII(CharacterType character) { return !isASCII(character) || character == '%'; }
</span><span class="cx"> template<typename CharacterType> ALWAYS_INLINE static bool isSlashQuestionOrHash(CharacterType character) { return character <= '\\' && characterClassTable[character] & SlashQuestionOrHash; }
</span><span class="cx"> template<typename CharacterType> ALWAYS_INLINE static bool isValidSchemeCharacter(CharacterType character) { return character <= 'z' && characterClassTable[character] & ValidScheme; }
</span><del>-template<typename CharacterType> ALWAYS_INLINE static bool isForbiddenHostCodePoint(CharacterType character) { return character <= '|' && characterClassTable[character] & ForbiddenHost; }
</del><ins>+template<typename CharacterType> ALWAYS_INLINE static bool isForbiddenHostCodePoint(CharacterType character) { return character <= 0x7F && characterClassTable[character] & ForbiddenHost; }
</ins><span class="cx"> ALWAYS_INLINE static bool shouldPercentEncodeQueryByte(uint8_t byte, const bool& urlIsSpecial)
</span><span class="cx"> {
</span><span class="cx"> if (characterClassTable[byte] & QueryPercent)
</span></span></pre>
</div>
</div>
</body>
</html>