[Webkit-unassigned] [Bug 165521] Add Link header support for preload.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 18 02:20:06 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=165521

--- Comment #17 from Yoav Weiss <yoav at yoav.ws> ---
Comment on attachment 297011
  --> https://bugs.webkit.org/attachment.cgi?id=297011
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=297011&action=review

>> Source/WebCore/loader/LinkHeader.cpp:42
>> +static bool isValidURLChar(CharType chr)
> 
> This seems very strange.  Determining if a character is valid for a URL without context isn't something you should be able to do.  For example, if you have an invalid surrogate pair with a valid begin and an invalid end that is one of the characters that is determined here to be "invalid" then this would naively think the second half of an invalid surrogate pair is an invalid character when in fact the whole thing is something that will be URL encoded to be the replacement character.  It's bad enough that CSP has its own definition of what parsing part of a URL from a header should be (and maybe we should align with that "parsing") that is separate from the URL spec.  Let's not add a third definition of what a URL is supposed to look like.

OK. Since URL validation is not critical here (and will happen further down the pipe), I've changed this to just detect ">" as the URL boundary.

>> Source/WebCore/loader/LinkHeader.cpp:95
>> +static bool parseURL(CharType*& position, CharType* end, String& url)
> 
> end should definitely be const
> I don't like the name "parseURL".  This function doesn't parse the URL, it just finds the end of the URL.
> This should return a std::optional<String>

Good point regarding end. Changed parseURL into FindURLBoundaries with an optional return value.

>> Source/WebCore/loader/LinkHeader.cpp:122
>> +    ASSERT(position <= end);
> 
> This assertion should be at every function that has a position and an end.
> It seems like an iterator type would be better than raw pointers in this whole patch.  StringView.h has code point and code unit iterators.

Good point regarding the assertion. Added everywhere else.

Regarding switching to StringView's iterators I tried to convert the logic to that, but it seems to be missing some concepts needed here (skipWhile, skipExactly and/or getting an iterator for a position in the middle of a StringView).
For now I kept it using pointers, but if we want to go the iterator route, it'd require adding a new iterator type (e.g. ParserStringView) which will include the required concepts. Let me know if you think this is the route we should take and if so, where should such a class be located.

>> Source/WebCore/loader/LinkHeader.cpp:138
>> +static bool parseParameterDelimiter(CharType*& position, CharType* end, bool& isValid)
> 
> This should return std::optional<bool> instead of a bool with a bool& parameter.

OK

>> Source/WebCore/loader/LinkHeader.cpp:274
>> +    else if (name == LinkParameterAnchor)
> 
> It looks like a switch would be better here.

switched

>> Source/WebCore/loader/LinkHeader.h:78
>> +    LinkHeader& operator[](size_t i) { return m_headerSet[i]; }
> 
> This doesn't have bounds checks.

This  as well as size() don't seem to be required. Removed both

>> Source/WebCore/loader/LinkHeader.h:82
>> +    template <typename CharType>
> 
> typename CharacterType

OK

>> Source/WebCore/loader/LinkHeader.h:83
>> +    void init(CharType* headerValue, unsigned len);
> 
> unsigned len -> size_t length
> Or even better, use an iterator type.  See below.

switched to size_t for now

>> Source/WebCore/loader/LinkLoader.cpp:99
>> +        if (url == baseURL)
> 
> What if url and baseURL only differ in the fragment?

Good point. Switched to use equalIgnoringFragmentIdentifier

>> LayoutTests/http/tests/preload/resources/download_resources_from_header.php:2
>> +header("Link: <../resources/dummy.js>; rel=preload; as=script", false);
> 
> Can we put a complete absolute URL here?  We should add a test with a URL that looks like http://localhost:8000/preload/resources/something.html on a page with CSP that doesn't allow loading from localhost.  We should also add a test with an invalid URL like http://host:invalidport/ just to see what happens.  It's hard to make a URL fail to parse when only giving the path.  A fragment-only URL might also be interesting. Also a lowercase "link", a missing colon, no <> or URL, <> but no characters inside it, and a missing space after the colon.  Also what about emojis, invalid surrogate pairs, and null characters in the middle of the URL?

Added tests for CSP blocked, invalid port, fragment-only, lower-case link, missing colon, missing spaces, missing URL, etc.
(Invalid port passes the isPreloaded() test, but I'm guessing that it's being blocked further down the stack)

I'm not sure how to add emojis, invalid surrogate pairs and null chars in PHP... Any examples you can point me to?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170118/5acd2cf1/attachment.html>

More information about the webkit-unassigned mailing list