37357 2010-04-09 13:39:49 -0700 UserContentURLPattern matches a pattern of "http://ple.com/" for "http://apple.com/" 2010-04-21 09:42:23 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 timothy timothy aroben hyatt oldest_to_newest 210892 0 timothy 2010-04-09 13:39:49 -0700 The matchesHost function matches domains when it shouldn't. bool UserContentURLPattern::matchesHost(const KURL& test) const { if (test.host() == m_host) return true; if (!m_matchSubdomains) return false; // If we're matching subdomains, and we have no host, that means the pattern // was <scheme>://*/<whatever>, so we match anything. if (!m_host.length()) return true; // Check if the test host is a subdomain of our host. return test.host().endsWith(m_host, false); } The error is in the last line. Consider test.host() is "apple.com" and m_host from the pattern is "ple.com", this will return true. We need to look for a period after it checks for the suffix. Something like: const String& host = test.host(); // Check if the domain is a subdomain of our host. if (!host.endsWith(m_host, false)) return false; ASSERT(host.length() > m_host.length()); // Check that the character before the suffix is a period. return host[host.length() - m_host.length() - 1] == '.'; 215354 1 53963 timothy 2010-04-21 09:25:59 -0700 Created attachment 53963 Proposed change 215356 2 53963 darin 2010-04-21 09:28:41 -0700 Comment on attachment 53963 Proposed change Is there any way to make tests for UserContentURLPattern? I don't like seeing a bug fix without a test. Can we rig things so this can be tested with DumpRenderTree? r=me 215365 3 timothy 2010-04-21 09:42:23 -0700 Landed in r57990. There is no testing harness for UserContentURLPattern yet. I filed bug 37931. 53963 2010-04-21 09:25:59 -0700 2010-04-21 09:28:40 -0700 Proposed change 0001-Make-UserContentURLPattern-correctly-check-for-subdo.patch text/plain 4677 timothy RnJvbSAzNzc2YWI1OWZlYjgwYzczYjdmMDNkMzg0OTk5ODFjZmEzNDJjZjQwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBUaW1vdGh5IEhhdGNoZXIgPHRpbW90aHlAYXBwbGUuY29tPgpE YXRlOiBXZWQsIDIxIEFwciAyMDEwIDA5OjI1OjI1IC0wNzAwClN1YmplY3Q6IFtQQVRDSF0gTWFr ZSBVc2VyQ29udGVudFVSTFBhdHRlcm4gY29ycmVjdGx5IGNoZWNrIGZvciBzdWJkb21haW5zIGFu ZCB0aGUgVVJMCiBoYXMgdGhlIHNhbWUgc3VmZml4IGFzIHRoZSBwYXR0ZXJuLiBBbHNvIGltcHJv dmUgdGhlIHBhcnNpbmcgb2YgdGhlIGhvc3QuCgpodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MzczNTcKClJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgoKKiBwYWdlL1Vz ZXJDb250ZW50VVJMUGF0dGVybi5jcHA6CihXZWJDb3JlOjpVc2VyQ29udGVudFVSTFBhdHRlcm46 OnBhcnNlKTogU2ltcGxpZnkgdGhlIHN1YmRvbWFpbiBwYXR0ZXJuIHBhcnNpbmcgdG8Kc2ltcGx5 IGNoZWNrIGZvciAiKiIgb25seSBvciBhICIqLiIgcHJlZml4IGFuZCB0aGVuIGRvIGEgc3Vic3Ry aW5nLgooV2ViQ29yZTo6VXNlckNvbnRlbnRVUkxQYXR0ZXJuOjptYXRjaGVzSG9zdCk6IENoZWNr IHRoYXQgdGhlIGhvc3QgaGFzIGEgIi4iIGluIHRoZQpwb3NpdGlvbiBiZWZvcmUgdGhlIHN1ZmZp eCB0byBlbnN1cmUgaXQgYSBzdWJkb21haW4gYW5kIG5vdCBqdXN0IGEgc3VmZml4IG1hdGNoLgot LS0KIFdlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAgIHwgICAxNSArKysrKysr KysrKysrCiBXZWJDb3JlL3BhZ2UvVXNlckNvbnRlbnRVUkxQYXR0ZXJuLmNwcCB8ICAgMzcgKysr KysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tLQogMiBmaWxlcyBjaGFuZ2VkLCAzNiBpbnNlcnRp b25zKCspLCAxNiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9XZWJDb3JlL0NoYW5nZUxvZyBi L1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IDhlMmFjMTAuLmJiNjJhYmYgMTAwNjQ0Ci0tLSBhL1dl YkNvcmUvQ2hhbmdlTG9nCisrKyBiL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTggQEAK KzIwMTAtMDQtMjEgIFRpbW90aHkgSGF0Y2hlciAgPHRpbW90aHlAYXBwbGUuY29tPgorCisgICAg ICAgIE1ha2UgVXNlckNvbnRlbnRVUkxQYXR0ZXJuIGNvcnJlY3RseSBjaGVjayBmb3Igc3ViZG9t YWlucyBhbmQgdGhlIFVSTAorICAgICAgICBoYXMgdGhlIHNhbWUgc3VmZml4IGFzIHRoZSBwYXR0 ZXJuLiBBbHNvIGltcHJvdmUgdGhlIHBhcnNpbmcgb2YgdGhlIGhvc3QuCisKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTM3MzU3CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBwYWdlL1VzZXJDb250ZW50VVJM UGF0dGVybi5jcHA6CisgICAgICAgIChXZWJDb3JlOjpVc2VyQ29udGVudFVSTFBhdHRlcm46OnBh cnNlKTogU2ltcGxpZnkgdGhlIHN1YmRvbWFpbiBwYXR0ZXJuIHBhcnNpbmcgdG8KKyAgICAgICAg c2ltcGx5IGNoZWNrIGZvciAiKiIgb25seSBvciBhICIqLiIgcHJlZml4IGFuZCB0aGVuIGRvIGEg c3Vic3RyaW5nLgorICAgICAgICAoV2ViQ29yZTo6VXNlckNvbnRlbnRVUkxQYXR0ZXJuOjptYXRj aGVzSG9zdCk6IENoZWNrIHRoYXQgdGhlIGhvc3QgaGFzIGEgIi4iIGluIHRoZQorICAgICAgICBw b3NpdGlvbiBiZWZvcmUgdGhlIHN1ZmZpeCB0byBlbnN1cmUgaXQgYSBzdWJkb21haW4gYW5kIG5v dCBqdXN0IGEgc3VmZml4IG1hdGNoLgorCiAyMDEwLTA0LTIwICBUaW1vdGh5IEhhdGNoZXIgIDx0 aW1vdGh5QGFwcGxlLmNvbT4KIAogICAgICAgICBGaXggbWF0Y2hpbmcgb2YgImZpbGU6Ly8vKiIg cGF0dGVybnMgYnkgbm90IHRyeWluZyB0byBjb21wYXJlIHRoZSBob3N0LiBUaGUgaG9zdCBpcwpk aWZmIC0tZ2l0IGEvV2ViQ29yZS9wYWdlL1VzZXJDb250ZW50VVJMUGF0dGVybi5jcHAgYi9XZWJD b3JlL3BhZ2UvVXNlckNvbnRlbnRVUkxQYXR0ZXJuLmNwcAppbmRleCA4NzQyNjRiLi4wOWViNjc4 IDEwMDY0NAotLS0gYS9XZWJDb3JlL3BhZ2UvVXNlckNvbnRlbnRVUkxQYXR0ZXJuLmNwcAorKysg Yi9XZWJDb3JlL3BhZ2UvVXNlckNvbnRlbnRVUkxQYXR0ZXJuLmNwcApAQCAtMSw1ICsxLDUgQEAK IC8qCi0gKiBDb3B5cmlnaHQgKEMpIDIwMDkgQXBwbGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVk LgorICogQ29weXJpZ2h0IChDKSAyMDA5LCAyMDEwIEFwcGxlIEluYy4gQWxsIHJpZ2h0cyByZXNl cnZlZC4KICAqCiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5 IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICAqIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBw cm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucwpAQCAtODEsMjIgKzgxLDIwIEBA IGJvb2wgVXNlckNvbnRlbnRVUkxQYXR0ZXJuOjpwYXJzZShjb25zdCBTdHJpbmcmIHBhdHRlcm4p CiAgICAgICAgIGludCBob3N0RW5kUG9zID0gcGF0dGVybi5maW5kKCIvIiwgaG9zdFN0YXJ0UG9z KTsKICAgICAgICAgaWYgKGhvc3RFbmRQb3MgPT0gLTEpCiAgICAgICAgICAgICByZXR1cm4gZmFs c2U7Ci0gICAgCisKICAgICAgICAgbV9ob3N0ID0gcGF0dGVybi5zdWJzdHJpbmcoaG9zdFN0YXJ0 UG9zLCBob3N0RW5kUG9zIC0gaG9zdFN0YXJ0UG9zKTsKKyAgICAgICAgbV9tYXRjaFN1YmRvbWFp bnMgPSBmYWxzZTsKIAotICAgICAgICAvLyBUaGUgZmlyc3QgY29tcG9uZW50IGNhbiBiZSAnKics IHdoaWNoIG1lYW5zIHRvIG1hdGNoIGFsbCBzdWJkb21haW5zLgotICAgICAgICBWZWN0b3I8U3Ry aW5nPiBob3N0Q29tcG9uZW50czsKLSAgICAgICAgbV9ob3N0LnNwbGl0KCIuIiwgaG9zdENvbXBv bmVudHMpOyAKLSAgICAgICAgaWYgKGhvc3RDb21wb25lbnRzWzBdID09ICIqIikgewotICAgICAg ICAgICAgbV9tYXRjaFN1YmRvbWFpbnMgPSB0cnVlOworICAgICAgICBpZiAobV9ob3N0ID09ICIq IikgeworICAgICAgICAgICAgLy8gVGhlIHBhdHRlcm4gY2FuIGJlIGp1c3QgJyonLCB3aGljaCBt ZWFucyBtYXRjaCBhbGwgZG9tYWlucy4KICAgICAgICAgICAgIG1faG9zdCA9ICIiOwotICAgICAg ICAgICAgZm9yICh1bnNpZ25lZCBpID0gMTsgaSA8IGhvc3RDb21wb25lbnRzLnNpemUoKTsgKytp KSB7Ci0gICAgICAgICAgICAgICAgbV9ob3N0ID0gbV9ob3N0ICsgaG9zdENvbXBvbmVudHNbaV07 Ci0gICAgICAgICAgICAgICAgaWYgKGkgPCBob3N0Q29tcG9uZW50cy5zaXplKCkgLSAxKQotICAg ICAgICAgICAgICAgICAgICBtX2hvc3QgPSBtX2hvc3QgKyAiLiI7Ci0gICAgICAgICAgICB9Cisg ICAgICAgICAgICBtX21hdGNoU3ViZG9tYWlucyA9IHRydWU7CisgICAgICAgIH0gZWxzZSBpZiAo bV9ob3N0LnN0YXJ0c1dpdGgoIiouIikpIHsKKyAgICAgICAgICAgIC8vIFRoZSBmaXJzdCBjb21w b25lbnQgY2FuIGJlICcqJywgd2hpY2ggbWVhbnMgdG8gbWF0Y2ggYWxsIHN1YmRvbWFpbnMuCisg ICAgICAgICAgICBtX2hvc3QgPSBtX2hvc3Quc3Vic3RyaW5nKDIpOyAvLyBMZW5ndGggb2YgIiou IgorICAgICAgICAgICAgbV9tYXRjaFN1YmRvbWFpbnMgPSB0cnVlOwogICAgICAgICB9Ci0gICAg ICAgIAorCiAgICAgICAgIC8vIE5vIG90aGVyICcqJyBjYW4gb2NjdXIgaW4gdGhlIGhvc3QuCiAg ICAgICAgIGlmIChtX2hvc3QuZmluZCgiKiIpICE9IC0xKQogICAgICAgICAgICAgcmV0dXJuIGZh bHNlOwpAQCAtMTI1LDcgKzEyMyw4IEBAIGJvb2wgVXNlckNvbnRlbnRVUkxQYXR0ZXJuOjptYXRj aGVzKGNvbnN0IEtVUkwmIHRlc3QpIGNvbnN0CiAKIGJvb2wgVXNlckNvbnRlbnRVUkxQYXR0ZXJu OjptYXRjaGVzSG9zdChjb25zdCBLVVJMJiB0ZXN0KSBjb25zdAogewotICAgIGlmIChlcXVhbEln bm9yaW5nQ2FzZSh0ZXN0Lmhvc3QoKSwgbV9ob3N0KSkKKyAgICBjb25zdCBTdHJpbmcmIGhvc3Qg PSB0ZXN0Lmhvc3QoKTsKKyAgICBpZiAoZXF1YWxJZ25vcmluZ0Nhc2UoaG9zdCwgbV9ob3N0KSkK ICAgICAgICAgcmV0dXJuIHRydWU7CiAKICAgICBpZiAoIW1fbWF0Y2hTdWJkb21haW5zKQpAQCAt MTM2LDggKzEzNSwxNCBAQCBib29sIFVzZXJDb250ZW50VVJMUGF0dGVybjo6bWF0Y2hlc0hvc3Qo Y29uc3QgS1VSTCYgdGVzdCkgY29uc3QKICAgICBpZiAoIW1faG9zdC5sZW5ndGgoKSkKICAgICAg ICAgcmV0dXJuIHRydWU7CiAKLSAgICAvLyBDaGVjayBpZiB0aGUgdGVzdCBob3N0IGlzIGEgc3Vi ZG9tYWluIG9mIG91ciBob3N0LgotICAgIHJldHVybiB0ZXN0Lmhvc3QoKS5lbmRzV2l0aChtX2hv c3QsIGZhbHNlKTsKKyAgICAvLyBDaGVjayBpZiB0aGUgZG9tYWluIGlzIGEgc3ViZG9tYWluIG9m IG91ciBob3N0LgorICAgIGlmICghaG9zdC5lbmRzV2l0aChtX2hvc3QsIGZhbHNlKSkKKyAgICAg ICAgcmV0dXJuIGZhbHNlOworCisgICAgQVNTRVJUKGhvc3QubGVuZ3RoKCkgPiBtX2hvc3QubGVu Z3RoKCkpOworCisgICAgLy8gQ2hlY2sgdGhhdCB0aGUgY2hhcmFjdGVyIGJlZm9yZSB0aGUgc3Vm Zml4IGlzIGEgcGVyaW9kLgorICAgIHJldHVybiBob3N0W2hvc3QubGVuZ3RoKCkgLSBtX2hvc3Qu bGVuZ3RoKCkgLSAxXSA9PSAnLic7CiB9CiAKIHN0cnVjdCBNYXRjaFRlc3RlcgotLSAKMS43LjAu MgoK