[Webkit-unassigned] [Bug 54438] Add check for invalid characters in the protocol field in registerProtocolHandler.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 15 09:43:35 PST 2011


https://bugs.webkit.org/show_bug.cgi?id=54438


Darin Adler <darin at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #82418|review?                     |review-
               Flag|                            |




--- Comment #2 from Darin Adler <darin at apple.com>  2011-02-15 09:43:35 PST ---
(From update of attachment 82418)
View in context: https://bugs.webkit.org/attachment.cgi?id=82418&action=review

Looks fine. Should use the code already present in KURL.cpp to check if the protocol is valid.

> Source/WebCore/page/Navigator.cpp:204
> +bool isInvalidSchemeChar(UChar c)

Since this is local to the file it should have static so it gets internal linkage.

The word “character” should be spelled out in the function name. And the argument name should be a word, not a character.

> Source/WebCore/page/Navigator.cpp:206
> +    c = tolower(c);

This will have unpredictable effects depending on the locale setting, so we avoid it and use the functions from <wtf/ASCIICType.h> instead. In this case it would be toASCIILower, but you actually don’t need that at all.

> Source/WebCore/page/Navigator.cpp:207
> +    bool valid = (c >= 'a' && c <= 'z') || c == '-' || c == '.';

This can be written with isASCIIAlpha instead of handwriting the equivalent. For one thing, isASCIIAlpha is more efficient. For another it’s arguably easier to read.

> Source/WebCore/page/Navigator.cpp:218
> +    if (scheme.find(isInvalidSchemeChar, 0) != notFound) {

We should not write a new function for this.

KURL.cpp already has a function named isValidProtocol that does the same thing. This function should be made public in KURL.h and used here.

The function in KURL.cpp implements the RFC rules correctly covering cases not handled correctly here including disallowing the empty string, forbidding non-alphanumerics for the first character, and allowing "+" as well as "-" and ".".

It’s possible that the use of a separate URL library for Google will cause difficulty for Chromium, but that should be resolved. Our use of an alternate URL library for one port does not justify putting duplicate URL code here.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list