[Webkit-unassigned] [Bug 156364] Add support for creating invalid URLs directly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 8 12:05:16 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156364
--- Comment #6 from Jiewen Tan <jiewen_tan at apple.com> ---
(In reply to comment #5)
> The danger here is that if we start exposing invalid URLs to clients, that
> increases the attack surface. Any bugs clients have in handling URLs would
> be more exploitable.
I think we are doing this now. In the URL parser (URL::parse(const char* url, const String* originalString)), we assign the m_string to original string and invalidate the URL if we fail to parse it.
There is only one place at ToT that we change the the m_string to about:blank, which we fail IDNA toASCII conversion.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160408/0ad336db/attachment.html>
More information about the webkit-unassigned
mailing list