[Webkit-unassigned] [Bug 28262] New: SecurityOrigin::createFromDatabaseIdentifier contains bugs

Thu Aug 13 09:33:15 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=28262

           Summary: SecurityOrigin::createFromDatabaseIdentifier contains
                    bugs
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: steveblock at google.com
                CC: andreip at google.com, jorlow at chromium.org

SecurityOrigin::createFromDatabaseIdentifier contains the following two bugs.

Line 286
When testing that the identifier contains at least two separators, the test is
reversed. As a result, identifiers with at least two separators are erroneously
rejected.
This was introduced in http://trac.webkit.org/changeset/44423.

Test case ...
INPUT:    "http_webkit.org_80"
ACTUAL:   SecurityOrigin(KURL()) (input rejected)
EXPECTED: SecurityOrigin(KURL("http://webkit.org:80"))

Line 292
When testing that the port is either a valid integer or absent, the logic is
incorrect. Instead, the logic tests that the port is a valid integer or
present. Hence identifiers where the port is absent are erroneously rejected
and those where the port is present but invalid are erroneously accepted.
This was introduced in http://trac.webkit.org/changeset/29386.

Test cases ...
INPUT:    "http_webkit.org_"
ACTUAL:   SecurityOrigin(KURL()) (input rejected)
EXPECTED: SecurityOrigin(KURL("http://webkit.org:0"))

INPUT:    "http_webkit.org_string"
ACTUAL:   SecurityOrigin(KURL("http://webkit.org:0"))
EXPECTED: SecurityOrigin(KURL()) (input rejected)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.