Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-10-05 14:51:18 UTC (rev 267965)
@@ -1,5 +1,18 @@
2020-10-05 Alex Christensen <achristen...@webkit.org>
+ URLParser should fail to parse URLs with hosts containing invalid punycode encodings
+ https://bugs.webkit.org/show_bug.cgi?id=217285
+
+ Reviewed by Darin Adler.
+
+ * web-platform-tests/url/a-element-expected.txt:
+ * web-platform-tests/url/a-element-xhtml-expected.txt:
+ * web-platform-tests/url/failure-expected.txt:
+ * web-platform-tests/url/toascii.window-expected.txt:
+ * web-platform-tests/url/url-constructor-expected.txt:
+
+2020-10-05 Alex Christensen <achristen...@webkit.org>
+
When appending a Windows drive letter to a file URL, remove any path we may have copied from the base URL
https://bugs.webkit.org/show_bug.cgi?id=217284
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt 2020-10-05 14:51:18 UTC (rev 267965)
@@ -579,7 +579,7 @@
PASS Parsing: <file://a%C2%ADb/p> against <about:blank>
PASS Parsing: <file:///p> against <about:blank>
PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
+PASS Parsing: <file://xn--/p> against <about:blank>
PASS Parsing: <#link> against <https://example.org/##link>
PASS Parsing: <non-special:cannot-be-a-base-url-\0���~> against <about:blank>
PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt 2020-10-05 14:51:18 UTC (rev 267965)
@@ -579,7 +579,7 @@
PASS Parsing: <file://a%C2%ADb/p> against <about:blank>
PASS Parsing: <file:///p> against <about:blank>
PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
+PASS Parsing: <file://xn--/p> against <about:blank>
PASS Parsing: <#link> against <https://example.org/##link>
PASS Parsing: <non-special:cannot-be-a-base-url-\0���~> against <about:blank>
PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt 2020-10-05 14:51:18 UTC (rev 267965)
@@ -3,8 +3,6 @@
CONSOLE MESSAGE: Beacon API cannot load http://./Y: due to access control checks.
Blocked access to external URL http://./y:
CONSOLE MESSAGE: Beacon API cannot load http://./y: due to access control checks.
-CONSOLE MESSAGE: Not allowed to load local resource: p
-CONSOLE MESSAGE: Not allowed to load local resource: p
PASS Loading data…
FAIL URL's constructor's base argument: file://example:1/ should throw assert_throws_js: function "() => new URL("about:blank", test.input)" did not throw
@@ -379,10 +377,10 @@
PASS sendBeacon(): file://%C2%AD/p should throw
FAIL Location's href: file://%C2%AD/p should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
PASS window.open(): file://%C2%AD/p should throw
-FAIL URL's constructor's base argument: file://xn--/p should throw assert_throws_js: function "() => new URL("about:blank", test.input)" did not throw
-FAIL URL's href: file://xn--/p should throw assert_throws_js: function "() => url.href = "" did not throw
-FAIL XHR: file://xn--/p should throw assert_throws_dom: function "() => client.open("GET", test.input)" did not throw
+PASS URL's constructor's base argument: file://xn--/p should throw
+PASS URL's href: file://xn--/p should throw
+PASS XHR: file://xn--/p should throw
PASS sendBeacon(): file://xn--/p should throw
FAIL Location's href: file://xn--/p should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
-FAIL window.open(): file://xn--/p should throw assert_throws_dom: function "() => self.open(test.input).close()" did not throw
+PASS window.open(): file://xn--/p should throw
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/toascii.window-expected.txt (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/toascii.window-expected.txt 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/toascii.window-expected.txt 2020-10-05 14:51:18 UTC (rev 267965)
@@ -99,24 +99,24 @@
FAIL x..β (using <area>) Type error
FAIL x..β (using <area>.host) assert_equals: expected "x..xn--nxa" but got "x"
FAIL x..β (using <area>.hostname) assert_equals: expected "x..xn--nxa" but got "x"
-FAIL xn--a (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a (using URL.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using URL.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <a>) assert_equals: expected "" but got "xn--a"
-FAIL xn--a (using <a>.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <a>.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <area>) assert_equals: expected "" but got "xn--a"
-FAIL xn--a (using <area>.host) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a (using <area>.hostname) assert_equals: expected "x" but got "xn--a"
-FAIL xn--a.xn--nxa (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a.xn--nxa (using URL.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using URL.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>) assert_equals: expected "" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <a>.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>) assert_equals: expected "" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>.host) assert_equals: expected "x" but got "xn--a.xn--nxa"
-FAIL xn--a.xn--nxa (using <area>.hostname) assert_equals: expected "x" but got "xn--a.xn--nxa"
+PASS xn--a (using URL)
+PASS xn--a (using URL.host)
+PASS xn--a (using URL.hostname)
+PASS xn--a (using <a>)
+PASS xn--a (using <a>.host)
+PASS xn--a (using <a>.hostname)
+PASS xn--a (using <area>)
+PASS xn--a (using <area>.host)
+PASS xn--a (using <area>.hostname)
+PASS xn--a.xn--nxa (using URL)
+PASS xn--a.xn--nxa (using URL.host)
+PASS xn--a.xn--nxa (using URL.hostname)
+PASS xn--a.xn--nxa (using <a>)
+PASS xn--a.xn--nxa (using <a>.host)
+PASS xn--a.xn--nxa (using <a>.hostname)
+PASS xn--a.xn--nxa (using <area>)
+PASS xn--a.xn--nxa (using <area>.host)
+PASS xn--a.xn--nxa (using <area>.hostname)
PASS xn--a.β (using URL)
PASS xn--a.β (using URL.host)
PASS xn--a.β (using URL.hostname)
@@ -171,15 +171,15 @@
PASS .example (using <area>)
PASS .example (using <area>.host)
PASS .example (using <area>.hostname)
-FAIL xn--1ug.example (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--1ug.example (using URL.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using URL.hostname) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>) assert_equals: expected "" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <a>.hostname) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>) assert_equals: expected "" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>.host) assert_equals: expected "x" but got "xn--1ug.example"
-FAIL xn--1ug.example (using <area>.hostname) assert_equals: expected "x" but got "xn--1ug.example"
+PASS xn--1ug.example (using URL)
+PASS xn--1ug.example (using URL.host)
+PASS xn--1ug.example (using URL.hostname)
+PASS xn--1ug.example (using <a>)
+PASS xn--1ug.example (using <a>.host)
+PASS xn--1ug.example (using <a>.hostname)
+PASS xn--1ug.example (using <area>)
+PASS xn--1ug.example (using <area>.host)
+PASS xn--1ug.example (using <area>.hostname)
PASS يa (using URL)
PASS يa (using URL.host)
PASS يa (using URL.hostname)
@@ -189,15 +189,15 @@
PASS يa (using <area>)
PASS يa (using <area>.host)
PASS يa (using <area>.hostname)
-FAIL xn--a-yoc (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--a-yoc (using URL.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using URL.hostname) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>) assert_equals: expected "" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <a>.hostname) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>) assert_equals: expected "" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>.host) assert_equals: expected "x" but got "xn--a-yoc"
-FAIL xn--a-yoc (using <area>.hostname) assert_equals: expected "x" but got "xn--a-yoc"
+PASS xn--a-yoc (using URL)
+PASS xn--a-yoc (using URL.host)
+PASS xn--a-yoc (using URL.hostname)
+PASS xn--a-yoc (using <a>)
+PASS xn--a-yoc (using <a>.host)
+PASS xn--a-yoc (using <a>.hostname)
+PASS xn--a-yoc (using <area>)
+PASS xn--a-yoc (using <area>.host)
+PASS xn--a-yoc (using <area>.hostname)
PASS ශ්රී (using URL)
PASS ශ්රී (using URL.host)
PASS ශ්රී (using URL.hostname)
@@ -225,15 +225,15 @@
PASS �.com (using <area>)
PASS �.com (using <area>.host)
PASS �.com (using <area>.hostname)
-FAIL xn--zn7c.com (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn--zn7c.com (using URL.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using URL.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>) assert_equals: expected "" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <a>.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>) assert_equals: expected "" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>.host) assert_equals: expected "x" but got "xn--zn7c.com"
-FAIL xn--zn7c.com (using <area>.hostname) assert_equals: expected "x" but got "xn--zn7c.com"
+PASS xn--zn7c.com (using URL)
+PASS xn--zn7c.com (using URL.host)
+PASS xn--zn7c.com (using URL.hostname)
+PASS xn--zn7c.com (using <a>)
+PASS xn--zn7c.com (using <a>.host)
+PASS xn--zn7c.com (using <a>.hostname)
+PASS xn--zn7c.com (using <area>)
+PASS xn--zn7c.com (using <area>.host)
+PASS xn--zn7c.com (using <area>.hostname)
PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL)
PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL.host)
PASS x01234567890123456789012345678901234567890123456789012345678901x (using URL.hostname)
@@ -333,13 +333,13 @@
PASS %C2%AD (using <area>)
PASS %C2%AD (using <area>.host)
PASS %C2%AD (using <area>.hostname)
-FAIL xn-- (using URL) assert_throws_js: function "() => makeURL("url", hostTest.input)" did not throw
-FAIL xn-- (using URL.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using URL.hostname) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <a>) assert_equals: expected "" but got "xn--"
-FAIL xn-- (using <a>.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <a>.hostname) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <area>) assert_equals: expected "" but got "xn--"
-FAIL xn-- (using <area>.host) assert_equals: expected "x" but got "xn--"
-FAIL xn-- (using <area>.hostname) assert_equals: expected "x" but got "xn--"
+PASS xn-- (using URL)
+PASS xn-- (using URL.host)
+PASS xn-- (using URL.hostname)
+PASS xn-- (using <a>)
+PASS xn-- (using <a>.host)
+PASS xn-- (using <a>.hostname)
+PASS xn-- (using <area>)
+PASS xn-- (using <area>.host)
+PASS xn-- (using <area>.hostname)
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt (267964 => 267965)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/url/url-constructor-expected.txt 2020-10-05 14:51:18 UTC (rev 267965)
@@ -580,9 +580,7 @@
PASS Parsing: <file://a%C2%ADb/p> against <about:blank>
PASS Parsing: <file:///p> against <about:blank>
PASS Parsing: <file://%C2%AD/p> against <about:blank>
-FAIL Parsing: <file://xn--/p> against <about:blank> assert_throws_js: function "function () {
- bURL(expected.input, expected.base)
- }" did not throw
+PASS Parsing: <file://xn--/p> against <about:blank>
PASS Parsing: <#link> against <https://example.org/##link>
PASS Parsing: <non-special:cannot-be-a-base-url-\0���~> against <about:blank>
PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
Modified: trunk/Source/WTF/ChangeLog (267964 => 267965)
--- trunk/Source/WTF/ChangeLog 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/Source/WTF/ChangeLog 2020-10-05 14:51:18 UTC (rev 267965)
@@ -1,5 +1,21 @@
2020-10-05 Alex Christensen <achristen...@webkit.org>
+ URLParser should fail to parse URLs with hosts containing invalid punycode encodings
+ https://bugs.webkit.org/show_bug.cgi?id=217285
+
+ Reviewed by Darin Adler.
+
+ URLParser has a fast path for parsing hosts that are all ASCII, but that does not validate hosts that are invalid punycode, such as "xn--".
+ Since all punycode encoded strings start with "xn--", if the input string starts with "xn--" then skip the fast path and let ICU decide if it's valid.
+
+ * wtf/URLParser.cpp:
+ (WTF::URLParser::domainToASCII):
+ (WTF::URLParser::startsWithXNDashDash):
+ (WTF::URLParser::parseHostAndPort):
+ * wtf/URLParser.h:
+
+2020-10-05 Alex Christensen <achristen...@webkit.org>
+
When appending a Windows drive letter to a file URL, remove any path we may have copied from the base URL
https://bugs.webkit.org/show_bug.cgi?id=217284
Modified: trunk/Source/WTF/wtf/URLParser.cpp (267964 => 267965)
--- trunk/Source/WTF/wtf/URLParser.cpp 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/Source/WTF/wtf/URLParser.cpp 2020-10-05 14:51:18 UTC (rev 267965)
@@ -2517,7 +2517,7 @@
template<typename CharacterType> Optional<URLParser::LCharBuffer> URLParser::domainToASCII(StringImpl& domain, const CodePointIterator<CharacterType>& iteratorForSyntaxViolationPosition)
{
LCharBuffer ascii;
- if (domain.isAllASCII()) {
+ if (domain.isAllASCII() && !startsWithLettersIgnoringASCIICase(domain, "xn--")) {
size_t length = domain.length();
if (domain.is8Bit()) {
const LChar* characters = domain.characters8();
@@ -2625,6 +2625,23 @@
}
template<typename CharacterType>
+bool URLParser::startsWithXNDashDash(CodePointIterator<CharacterType> iterator)
+{
+ if (iterator.atEnd() || (*iterator != 'x' && *iterator != 'X'))
+ return false;
+ advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+ if (iterator.atEnd() || (*iterator != 'n' && *iterator != 'N'))
+ return false;
+ advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+ if (iterator.atEnd() || *iterator != '-')
+ return false;
+ advance<CharacterType, ReportSyntaxViolation::No>(iterator);
+ if (iterator.atEnd() || *iterator != '-')
+ return false;
+ return true;
+}
+
+template<typename CharacterType>
bool URLParser::parseHostAndPort(CodePointIterator<CharacterType> iterator)
{
if (iterator.atEnd())
@@ -2673,7 +2690,7 @@
return parsePort(iterator);
}
- if (LIKELY(!m_hostHasPercentOrNonASCII)) {
+ if (LIKELY(!m_hostHasPercentOrNonASCII && !startsWithXNDashDash(iterator))) {
auto hostIterator = iterator;
for (; !iterator.atEnd(); ++iterator) {
if (isTabOrNewline(*iterator))
Modified: trunk/Source/WTF/wtf/URLParser.h (267964 => 267965)
--- trunk/Source/WTF/wtf/URLParser.h 2020-10-05 14:43:04 UTC (rev 267964)
+++ trunk/Source/WTF/wtf/URLParser.h 2020-10-05 14:51:18 UTC (rev 267965)
@@ -113,6 +113,7 @@
bool copyBaseWindowsDriveLetter(const URL&);
StringView parsedDataView(size_t start, size_t length);
UChar parsedDataView(size_t position);
+ template<typename CharacterType> bool startsWithXNDashDash(CodePointIterator<CharacterType>);
bool needsNonSpecialDotSlash() const;
void addNonSpecialDotSlash();
