[Webkit-unassigned] [Bug 87734] REGRESSION (r118735): svg/dom/complex-svgView-specification.html, svg/dom/SVGViewSpec.html, svg/dom/viewspec-parser.html failing on GTK Linux 64-bit Release

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 26 04:59:02 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=87734


Zan Dobersek <zandobersek at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |danw at gnome.org,
                   |                            |mrobinson at webkit.org,
                   |                            |svillar at igalia.com




--- Comment #1 from Zan Dobersek <zandobersek at gmail.com>  2012-06-26 04:59:01 PST ---
The cause of these test failures is that the fragment identifier passed into SVGViewSpec::parseViewSpec[1] contains percent-encoded spaces (%20).

The solution to this could be resetting the fragment identifier in soupURIToKURL[2] to the return value of soup_uri_normalize called on the SoupURI's fragment, with a space passed into that function call as an extra character to unescape.

This would also require to modify soup_uri_normalize behavior a bit. In uri_normalized_copy[3], the normalized value is marked for a fixup when it comes upon a \0 character (as g_ascii_isgraph returns false for that character). This should be avoided as in the fixup process, spaces are changed back into their percent-encoded form.
Also, %00 characters shouldn't be changed to \0 as this cuts off the string and can cause problems (http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html is a test depending on this not to happen).

[1] - http://trac.webkit.org/browser/trunk/Source/WebCore/svg/SVGSVGElement.cpp#L680
[2] - http://trac.webkit.org/browser/trunk/Source/WebCore/platform/network/soup/SoupURIUtils.cpp#L32
[3] - http://git.gnome.org/browse/libsoup/tree/libsoup/soup-uri.c#n702
[4] - http://trac.webkit.org/browser/trunk/LayoutTests/http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list