[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9
ap at apple.com
ap at apple.com
Thu Feb 4 21:25:07 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 7557077156268691bd404264056735ce64fadcda
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 22 20:59:13 2010 +0000
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=34008
Assertion failure in KURL::setProtocol when running DOM Fuzzer
Test: fast/dom/Window/invalid-protocol.html
* bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::setProtocol): Raise an exception
if KURL::setProtocol fails.
* html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::setProtocol): Move argument
tweaking logic into KURL. This way, the ':' trick applies to both JSLocation and
HTMLAnchorElement, matching IE (but not Firefox). IE behavior is more permissive, and even
more logical in my opinion.
* loader/FrameLoader.cpp: (WebCore::FrameLoader::iconURL): Assert that setting protocol
succeeded.
* platform/KURL.cpp: (WebCore::KURL::setProtocol): Remove everything past ':', if present.
Return false if the protocol to set is not valid.
(WebCore::isValidProtocol): Made this work correctly for empty strings.
* platform/KURL.h: isValidProtocol() is now static in KURL.cpp, it's only used in setProtocol().
* platform/KURLGoogle.cpp:
(WebCore::KURL::setProtocol): Always return true. This should hopefully prevent Chromium build
breakage, alhough tests will likely fail.
(WebCore::isValidProtocol): Removed, as this isn't used at the moment.
* websockets/WebSocketHandshake.cpp: (WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
Assert that setting protocol succeeded.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53712 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 04b8dee..78bdb28 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-01-22 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=34008
+ Assertion failure in KURL::setProtocol when running DOM Fuzzer
+
+ * fast/dom/Window/invalid-protocol-expected.txt: Added.
+ * fast/dom/Window/invalid-protocol.html: Added.
+ * fast/dom/Window/script-tests/invalid-protocol.js: Added.
+
2010-01-22 Enrica Casucci <enrica at apple.com>
Reviewed by Adele Peterson.
diff --git a/LayoutTests/fast/dom/Window/invalid-protocol-expected.txt b/LayoutTests/fast/dom/Window/invalid-protocol-expected.txt
new file mode 100644
index 0000000..bb0e6f0
--- /dev/null
+++ b/LayoutTests/fast/dom/Window/invalid-protocol-expected.txt
@@ -0,0 +1,18 @@
+Test URL protocol setter.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS location.protocol = '' threw exception Error: SYNTAX_ERR: DOM Exception 12.
+PASS location.protocol = ':' threw exception Error: SYNTAX_ERR: DOM Exception 12.
+PASS location.protocol = 'é' threw exception Error: SYNTAX_ERR: DOM Exception 12.
+PASS location.protocol = '[' threw exception Error: SYNTAX_ERR: DOM Exception 12.
+PASS location.protocol = '0' threw exception Error: SYNTAX_ERR: DOM Exception 12.
+PASS a.protocol is 'http:'
+PASS a.href is 'https://www.apple.com/'
+PASS a.href is 'http://www.apple.com/'
+PASS a.href is 'https://www.apple.com/'
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/dom/Window/invalid-protocol.html b/LayoutTests/fast/dom/Window/invalid-protocol.html
new file mode 100644
index 0000000..cbb3ea2
--- /dev/null
+++ b/LayoutTests/fast/dom/Window/invalid-protocol.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../js/resources/js-test-style.css">
+<script src="../../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/invalid-protocol.js"></script>
+<script src="../../js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/dom/Window/script-tests/invalid-protocol.js b/LayoutTests/fast/dom/Window/script-tests/invalid-protocol.js
new file mode 100644
index 0000000..aadfe93
--- /dev/null
+++ b/LayoutTests/fast/dom/Window/script-tests/invalid-protocol.js
@@ -0,0 +1,29 @@
+description("Test URL protocol setter.");
+
+var a = document.createElement("a");
+a.setAttribute("href", "http://www.apple.com/");
+document.body.appendChild(a);
+
+shouldThrow("location.protocol = ''");
+shouldThrow("location.protocol = ':'");
+shouldThrow("location.protocol = 'é'");
+shouldThrow("location.protocol = '['");
+shouldThrow("location.protocol = '0'");
+
+// IE raises exceptions for anchors, too - but Firefox does not. In either case, protocol shouldn't change.
+try { a.protocol = '' } catch (ex) { }
+try { a.protocol = 'é' } catch (ex) { }
+try { a.protocol = '[' } catch (ex) { }
+try { a.protocol = '0' } catch (ex) { }
+shouldBe("a.protocol", "'http:'");
+
+a.protocol = "https";
+shouldBe("a.href", "'https://www.apple.com/'");
+
+a.protocol = "http:";
+shouldBe("a.href", "'http://www.apple.com/'");
+
+a.protocol = "https://foobar";
+shouldBe("a.href", "'https://www.apple.com/'");
+
+successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d67c4e6..313b203 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,37 @@
+2010-01-22 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=34008
+ Assertion failure in KURL::setProtocol when running DOM Fuzzer
+
+ Test: fast/dom/Window/invalid-protocol.html
+
+ * bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::setProtocol): Raise an exception
+ if KURL::setProtocol fails.
+
+ * html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::setProtocol): Move argument
+ tweaking logic into KURL. This way, the ':' trick applies to both JSLocation and
+ HTMLAnchorElement, matching IE (but not Firefox). IE behavior is more permissive, and even
+ more logical in my opinion.
+
+ * loader/FrameLoader.cpp: (WebCore::FrameLoader::iconURL): Assert that setting protocol
+ succeeded.
+
+ * platform/KURL.cpp: (WebCore::KURL::setProtocol): Remove everything past ':', if present.
+ Return false if the protocol to set is not valid.
+ (WebCore::isValidProtocol): Made this work correctly for empty strings.
+
+ * platform/KURL.h: isValidProtocol() is now static in KURL.cpp, it's only used in setProtocol().
+
+ * platform/KURLGoogle.cpp:
+ (WebCore::KURL::setProtocol): Always return true. This should hopefully prevent Chromium build
+ breakage, alhough tests will likely fail.
+ (WebCore::isValidProtocol): Removed, as this isn't used at the moment.
+
+ * websockets/WebSocketHandshake.cpp: (WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
+ Assert that setting protocol succeeded.
+
2010-01-22 Eric Carlson <eric.carlson at apple.com>
Reviewed by Adam Roben.
diff --git a/WebCore/bindings/js/JSLocationCustom.cpp b/WebCore/bindings/js/JSLocationCustom.cpp
index 78d00de..8599242 100644
--- a/WebCore/bindings/js/JSLocationCustom.cpp
+++ b/WebCore/bindings/js/JSLocationCustom.cpp
@@ -24,6 +24,7 @@
#include "JSLocationCustom.h"
#include "DOMWindow.h"
+#include "ExceptionCode.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "JSDOMBinding.h"
@@ -214,7 +215,10 @@ void JSLocation::setProtocol(ExecState* exec, JSValue value)
ASSERT(frame);
KURL url = frame->loader()->url();
- url.setProtocol(value.toString(exec));
+ if (!url.setProtocol(value.toString(exec))) {
+ setDOMException(exec, SYNTAX_ERR);
+ return;
+ }
navigateIfAllowed(exec, frame, url, !frame->script()->anyPageIsProcessingUserGesture(), false);
}
diff --git a/WebCore/html/HTMLAnchorElement.cpp b/WebCore/html/HTMLAnchorElement.cpp
index 1d5d569..f3b6ddd 100644
--- a/WebCore/html/HTMLAnchorElement.cpp
+++ b/WebCore/html/HTMLAnchorElement.cpp
@@ -497,20 +497,8 @@ String HTMLAnchorElement::protocol() const
void HTMLAnchorElement::setProtocol(const String& value)
{
- int separator = value.find(':');
-
- if (!separator)
- return;
- if (value.isEmpty())
- return;
-
KURL url = href();
- // Following Firefox 3.5.2 which removes anything after the first ":"
- String newProtocol = value.substring(0, separator);
- if (!isValidProtocol(newProtocol))
- return;
- url.setProtocol(newProtocol);
-
+ url.setProtocol(value);
setHref(url.string());
}
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index 7e7842e..28cee79 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -620,7 +620,8 @@ KURL FrameLoader::iconURL()
return KURL();
KURL url;
- url.setProtocol(m_URL.protocol());
+ bool couldSetProtocol = url.setProtocol(m_URL.protocol());
+ ASSERT_UNUSED(couldSetProtocol, couldSetProtocol);
url.setHost(m_URL.host());
if (m_URL.hasPort())
url.setPort(m_URL.port());
diff --git a/WebCore/platform/KURL.cpp b/WebCore/platform/KURL.cpp
index a8f7969..733b943 100644
--- a/WebCore/platform/KURL.cpp
+++ b/WebCore/platform/KURL.cpp
@@ -214,6 +214,7 @@ static const unsigned char characterClassTable[256] = {
static int copyPathRemovingDots(char* dst, const char* src, int srcStart, int srcEnd);
static void encodeRelativeString(const String& rel, const TextEncoding&, CharBuffer& ouput);
static String substituteBackslashes(const String&);
+static bool isValidProtocol(const String&);
static inline bool isSchemeFirstChar(char c) { return characterClassTable[static_cast<unsigned char>(c)] & SchemeFirstChar; }
static inline bool isSchemeFirstChar(UChar c) { return c <= 0xff && (characterClassTable[c] & SchemeFirstChar); }
@@ -659,17 +660,22 @@ String KURL::path() const
return decodeURLEscapeSequences(m_string.substring(m_portEnd, m_pathEnd - m_portEnd));
}
-void KURL::setProtocol(const String& s)
+bool KURL::setProtocol(const String& s)
{
- // FIXME: Non-ASCII characters must be encoded and escaped to match parse() expectations,
- // and to avoid changing more than just the protocol.
+ // Firefox and IE remove everything after the first ':'.
+ int separatorPosition = s.find(':');
+ String newProtocol = s.substring(0, separatorPosition);
+
+ if (!isValidProtocol(newProtocol))
+ return false;
if (!m_isValid) {
- parse(s + ":" + m_string);
- return;
+ parse(newProtocol + ":" + m_string);
+ return true;
}
- parse(s + m_string.substring(m_schemeEnd));
+ parse(newProtocol + m_string.substring(m_schemeEnd));
+ return true;
}
void KURL::setHost(const String& s)
@@ -1630,6 +1636,9 @@ bool protocolIsJavaScript(const String& url)
bool isValidProtocol(const String& protocol)
{
+ // RFC3986: ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+ if (protocol.isEmpty())
+ return false;
if (!isSchemeFirstChar(protocol[0]))
return false;
unsigned protocolLength = protocol.length();
diff --git a/WebCore/platform/KURL.h b/WebCore/platform/KURL.h
index 8e7a28c..6cd8f96 100644
--- a/WebCore/platform/KURL.h
+++ b/WebCore/platform/KURL.h
@@ -144,7 +144,7 @@ public:
bool protocolInHTTPFamily() const;
bool isLocalFile() const;
- void setProtocol(const String&);
+ bool setProtocol(const String&);
void setHost(const String&);
void removePort();
@@ -266,7 +266,6 @@ const KURL& blankURL();
bool protocolIs(const String& url, const char* protocol);
bool protocolIsJavaScript(const String& url);
-bool isValidProtocol(const String& protocol);
bool isDefaultPortForProtocol(unsigned short port, const String& protocol);
bool portAllowed(const KURL&); // Blacklist ports that should never be used for Web resources.
diff --git a/WebCore/platform/KURLGoogle.cpp b/WebCore/platform/KURLGoogle.cpp
index f22ada5..65ca346 100644
--- a/WebCore/platform/KURLGoogle.cpp
+++ b/WebCore/platform/KURLGoogle.cpp
@@ -570,12 +570,13 @@ String KURL::path() const
return m_url.componentString(m_url.m_parsed.path);
}
-void KURL::setProtocol(const String& protocol)
+bool KURL::setProtocol(const String& protocol)
{
KURLGooglePrivate::Replacements replacements;
replacements.SetScheme(CharactersOrEmpty(protocol),
url_parse::Component(0, protocol.length()));
m_url.replaceComponents(replacements);
+ return true;
}
void KURL::setHost(const String& host)
@@ -734,18 +735,6 @@ bool protocolIsJavaScript(const String& url)
return protocolIs(url, "javascript");
}
-bool isValidProtocol(const String& protocol)
-{
- if (!isSchemeFirstChar(protocol[0]))
- return false;
- unsigned protocolLength = protocol.length();
- for (unsigned i = 1; i < protocolLength; i++) {
- if (!isSchemeChar(protocol[i]))
- return false;
- }
- return true;
-}
-
// We copied the KURL version here on Dec 4, 2009 while doing a WebKit
// merge.
//
diff --git a/WebCore/websockets/WebSocketHandshake.cpp b/WebCore/websockets/WebSocketHandshake.cpp
index f2d6436..883f84b 100644
--- a/WebCore/websockets/WebSocketHandshake.cpp
+++ b/WebCore/websockets/WebSocketHandshake.cpp
@@ -355,7 +355,8 @@ void WebSocketHandshake::setServerSetCookie2(const String& setCookie2)
KURL WebSocketHandshake::httpURLForAuthenticationAndCookies() const
{
KURL url = m_url.copy();
- url.setProtocol(m_secure ? "https" : "http");
+ bool couldSetProtocol = url.setProtocol(m_secure ? "https" : "http");
+ ASSERT_UNUSED(couldSetProtocol, couldSetProtocol);
return url;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list