[Webkit-unassigned] [Bug 26270] New: Exception on XMLHTTPRequest with certain characters in username or password

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 9 01:36:54 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26270

           Summary: Exception on XMLHTTPRequest with certain characters in
                    username or password
           Product: WebKit
           Version: 525.x (Safari 3.2)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: josh at joshtriplett.org


(Also filed as 6885749 in Apple's bug-tracking system at
http://developer.apple.com/bugreporter/ .)

Attempting to open an XMLHTTPRequest with an HTTP Auth username and password
will throw an exception unless the username and password consist exclusively of
alphanumeric characters or a limited set of symbols.

Steps to Reproduce:

The attached test file will use JavaScript to check which characters Safari
allows in usernames and passwords.  Place the attached test file
xhr-char-test.html on a webserver.  Access it in Safari via HTTP.  When the
included JavaScript finishes running, it will display a table of all characters
from 0-255 and whether Safari threw an exception when attempting to use them.

Alternatively, access the test page at
http://ext.serialist.net/tests/xhr-char-test.html to see the same results.

Expected Results:

Safari should allow requests via XMLHTTPRequest to use any username or
password, without throwing an exception.

Actual Results:

Safari throws an exception if attempting to perform an XMLHTTPRequest unless
the username and password consist exclusively of letters, numbers, or a limited
set of symbols.

Notes:

We tested running this same test case in Firefox 3, Internet Explorer 7, and
Konqueror 3.5.9, all of which allow any character in usernames or passwords. 
We also tested in Arora, which uses WebKit, and it threw an exception on
exactly the same characters as Safari.

I'll also attach a copy of the results from Safari, for convenience.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list