[Webkit-unassigned] [Bug 227073] New: [URL] Prevent the pathname setter from erasing the path of path-only URLs

Wed Jun 16 08:45:29 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=227073

            Bug ID: 227073
           Summary: [URL] Prevent the pathname setter from erasing the
                    path of path-only URLs
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: razielim at gmail.com

Given a URL, "foo:/hello/world?someQuery", which is path-only and hierarchical (cannot-be-a-base is false),
it is possible to set pathname to the empty string, resulting in "foo:?someQuery", which is non-hierarchical but not internally marked as such
(cannot-be-a-base is still false).

That means it is possible to perform actions which typically cannot be performed on non-hierarchical URLs, such as setting certain components or using them as base URLs.

Moreover, re-parsing the same URL "foo:?someQuery" correctly sets the cannot-be-a-base flag, meaning that idempotence is broken.

Issue: https://github.com/whatwg/url/issues/581
PR to update the URL Standard: https://github.com/whatwg/url/pull/582

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210616/df36dcbf/attachment-0001.htm>