- Revision
- 203725
- Author
- wilan...@apple.com
- Date
- 2016-07-26 09:57:24 -0700 (Tue, 26 Jul 2016)
Log Message
Stop supporting compressed character sets BOCU-1 and SCSU
https://bugs.webkit.org/show_bug.cgi?id=159581
Reviewed by Brent Fulgham.
WebKit should not support the compressed character sets BOCU-1 and SCSU.
Chrome and Firefox don't and these old formats may pass server-side character
filters while still rendering in WebKit.
The HTML specification says "The above prohibits supporting, for example,
CESU-8, UTF-7, BOCU-1, SCSU, EBCDIC, and UTF-32."
https://html.spec.whatwg.org/#character-encodings
Source/WebCore:
Tests: http/tests/misc/char-encoding-bocu-1-blacklisted.html
http/tests/misc/char-encoding-scsu-blacklisted.html
* platform/text/TextEncodingRegistry.cpp:
Blacklisted BOCU-1 and SCSU character sets.
LayoutTests:
* http/tests/misc/char-encoding-bocu-1-blacklisted-expected.txt: Added.
* http/tests/misc/char-encoding-bocu-1-blacklisted.html: Added.
* http/tests/misc/char-encoding-scsu-blacklisted-expected.txt: Added.
* http/tests/misc/char-encoding-scsu-blacklisted.html: Added.
* http/tests/misc/resources/bocu-1-cyrillic.php: Added.
* http/tests/misc/resources/scsu-cyrillic.php: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (203724 => 203725)
--- trunk/LayoutTests/ChangeLog 2016-07-26 16:32:21 UTC (rev 203724)
+++ trunk/LayoutTests/ChangeLog 2016-07-26 16:57:24 UTC (rev 203725)
@@ -1,3 +1,25 @@
+2016-07-26 John Wilander <wilan...@apple.com>
+
+ Stop supporting compressed character sets BOCU-1 and SCSU
+ https://bugs.webkit.org/show_bug.cgi?id=159581
+
+ Reviewed by Brent Fulgham.
+
+ WebKit should not support the compressed character sets BOCU-1 and SCSU.
+ Chrome and Firefox don't and these old formats may pass server-side character
+ filters while still rendering in WebKit.
+
+ The HTML specification says "The above prohibits supporting, for example,
+ CESU-8, UTF-7, BOCU-1, SCSU, EBCDIC, and UTF-32."
+ https://html.spec.whatwg.org/#character-encodings
+
+ * http/tests/misc/char-encoding-bocu-1-blacklisted-expected.txt: Added.
+ * http/tests/misc/char-encoding-bocu-1-blacklisted.html: Added.
+ * http/tests/misc/char-encoding-scsu-blacklisted-expected.txt: Added.
+ * http/tests/misc/char-encoding-scsu-blacklisted.html: Added.
+ * http/tests/misc/resources/bocu-1-cyrillic.php: Added.
+ * http/tests/misc/resources/scsu-cyrillic.php: Added.
+
2016-07-26 Youenn Fablet <you...@apple.com>
Remove ClientCredentialPolicy cross-origin option from ResourceLoaderOptions
Added: trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted-expected.txt (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted-expected.txt 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,10 @@
+Test that character set BOCU-1 is not supported and we default to ISO-8859-1. With support for BOCU-1 the iframe renders a Cyrillic string. Without it renders garbage.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS charset is ISO-8859-1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted.html (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted.html (rev 0)
+++ trunk/LayoutTests/http/tests/misc/char-encoding-bocu-1-blacklisted.html 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>BOCU-1 character set blacklisted</title>
+ <script src=""
+</head>
+<body>
+<script>
+ description("Test that character set BOCU-1 is not supported and we default to ISO-8859-1. With support for BOCU-1 the iframe renders a Cyrillic string. Without it renders garbage.");
+ window.jsTestIsAsync = true;
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ }
+ function run() {
+ var bocu1Frame = document.getElementById("bocu1Frame");
+ if (bocu1Frame.contentDocument.charset == "ISO-8859-1") {
+ testPassed("charset is ISO-8859-1");
+ } else {
+ testFailed("charset is " + bocu1Frame.contentDocument.charset);
+ }
+ finishJSTest();
+ }
+</script>
+<iframe id="bocu1Frame" src="" _onload_="run()"></iframe>
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted-expected.txt (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted-expected.txt 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,10 @@
+Test that character set SCSU is not supported and we default to ISO-8859-1. With support for SCSU the iframe renders a Cyrillic string. Without it renders garbage.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS charset is ISO-8859-1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted.html (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted.html (rev 0)
+++ trunk/LayoutTests/http/tests/misc/char-encoding-scsu-blacklisted.html 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>SCSU character set blacklisted</title>
+ <script src=""
+</head>
+<body>
+<script>
+ description("Test that character set SCSU is not supported and we default to ISO-8859-1. With support for SCSU the iframe renders a Cyrillic string. Without it renders garbage.");
+ window.jsTestIsAsync = true;
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ }
+ function run() {
+ var scsuFrame = document.getElementById("scsuFrame");
+ if (scsuFrame.contentDocument.charset === "ISO-8859-1") {
+ testPassed("charset is ISO-8859-1");
+ } else {
+ testFailed("charset is " + scsuFrame.contentDocument.charset);
+ }
+ finishJSTest();
+ }
+</script>
+<iframe id="scsuFrame" src="" _onload_="run()"></iframe>
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/misc/resources/bocu-1-cyrillic.php (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/resources/bocu-1-cyrillic.php (rev 0)
+++ trunk/LayoutTests/http/tests/misc/resources/bocu-1-cyrillic.php 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,4 @@
+<?php
+header('Content-Type: text/html; charset=BOCU-1');
+?>
+\x9E\x8A\xD3ӓ\x8F\x8A\x88\x8D
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/misc/resources/scsu-cyrillic.php (0 => 203725)
--- trunk/LayoutTests/http/tests/misc/resources/scsu-cyrillic.php (rev 0)
+++ trunk/LayoutTests/http/tests/misc/resources/scsu-cyrillic.php 2016-07-26 16:57:24 UTC (rev 203725)
@@ -0,0 +1,4 @@
+<?php
+header('Content-Type: text/html; charset=SCSU');
+?>
+N:�\x9Fÿ\xBA\xB8\xBD
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (203724 => 203725)
--- trunk/Source/WebCore/ChangeLog 2016-07-26 16:32:21 UTC (rev 203724)
+++ trunk/Source/WebCore/ChangeLog 2016-07-26 16:57:24 UTC (rev 203725)
@@ -1,3 +1,24 @@
+2016-07-26 John Wilander <wilan...@apple.com>
+
+ Stop supporting compressed character sets BOCU-1 and SCSU
+ https://bugs.webkit.org/show_bug.cgi?id=159581
+
+ Reviewed by Brent Fulgham.
+
+ WebKit should not support the compressed character sets BOCU-1 and SCSU.
+ Chrome and Firefox don't and these old formats may pass server-side character
+ filters while still rendering in WebKit.
+
+ The HTML specification says "The above prohibits supporting, for example,
+ CESU-8, UTF-7, BOCU-1, SCSU, EBCDIC, and UTF-32."
+ https://html.spec.whatwg.org/#character-encodings
+
+ Tests: http/tests/misc/char-encoding-bocu-1-blacklisted.html
+ http/tests/misc/char-encoding-scsu-blacklisted.html
+
+ * platform/text/TextEncodingRegistry.cpp:
+ Blacklisted BOCU-1 and SCSU character sets.
+
2016-07-26 Carlos Garcia Campos <cgar...@igalia.com>
ASSERTION FAILED: !m_frame->page()->defersLoading() || InspectorInstrumentation::isDebuggerPaused(m_frame)
Modified: trunk/Source/WebCore/platform/text/TextEncodingRegistry.cpp (203724 => 203725)
--- trunk/Source/WebCore/platform/text/TextEncodingRegistry.cpp 2016-07-26 16:32:21 UTC (rev 203724)
+++ trunk/Source/WebCore/platform/text/TextEncodingRegistry.cpp 2016-07-26 16:57:24 UTC (rev 203725)
@@ -116,7 +116,7 @@
static HashSet<const char*>* japaneseEncodings;
static HashSet<const char*>* nonBackslashEncodings;
-static const char* const textEncodingNameBlacklist[] = { "UTF-7" };
+static const char* const textEncodingNameBlacklist[] = { "UTF-7", "BOCU-1", "SCSU" };
#if ERROR_DISABLED
