155186 2016-03-08 13:17:21 -0800 CSP: Avoid decoding Base64url hash using Base64 2023-05-22 04:23:28 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Local Build All All NEW InRadar P2 Normal --- 155007 1 dbates webkit-unassigned annevk ap bfulgham webkit-bug-importer oldest_to_newest 1172162 0 dbates 2016-03-08 13:17:21 -0800 We should consider normalizing a Base64url hash to a Base64 hash so that we decode the hash once using WTF::base64Decode() instead of attempting to decode a Base64url hash twice: once using WTF::base64Decode() and once using using WTF::base64URLDecode(). 1197174 1 webkit-bug-importer 2016-05-27 12:37:37 -0700 <rdar://problem/26522835> 1956917 2 annevk 2023-05-22 04:23:28 -0700 One edge cases here to be mindful of: an input containing a unique base64url and unique base64 character. That needs to continue to be an error.