8770 2006-05-07 06:07:54 -0700 XMLHttpRequest should strip CR/LF characters from the URL 2008-01-03 00:21:33 -0800 1 1 1 Unclassified WebKit XML 420+ Mac OS X 10.4 RESOLVED FIXED P2 Normal --- 1 ap ap brettw oldest_to_newest 41442 0 ap 2006-05-07 06:07:54 -0700 I've just debugged a problem with a Web forum that didn't work in Safari because a CR/LF sequence managed to get into the request URL. Firefox (and, presumably, WinIE) strip CRLF characters rather than percent-encode them. Should investigate what other characters need to be stripped, and whether this applies to URLs other than those used in XMLHttpRequest. 41443 1 8142 ap 2006-05-07 06:10:10 -0700 Created attachment 8142 test case (needs tcpdump) Request from Safari: GET /?%0D%0A HTTP/1.1 42037 2 8251 ap 2006-05-11 12:58:13 -0700 Created attachment 8251 proposed fix Yes, both Firefox and WinIE strip CR, LF and TAB, and this happens for all URLs, not just XMLHttpRequest (I've tried IFRAME SRC, window.location and META HTTP-EQUIV Refresh). No other characters from 0x01... 0x20 are stripped (as tested with Firefox). No idea why they do this, doesn't really look like a security measure. My only wild guess is that this behavior originates with Gopher selector syntax :-) 42058 3 8251 darin 2006-05-11 18:06:53 -0700 Comment on attachment 8251 proposed fix r=me 64734 4 brettw 2007-12-19 09:46:09 -0800 This bug is still very much open. The proposed fix only works for paths and reference fragments. If CR/LF/TAB appear in the host or scheme, KURL gets very confused. In the scheme, it won't even recognize it as an absolute URL, and in the host, not only will it fail, but in this case, it won't remove characters appearing later in the path. I will attach a testcase. 64735 5 17991 brettw 2007-12-19 09:54:09 -0800 Created attachment 17991 Test case showing bug in host and scheme. All three of the links should go to Apple. Firefox and IE agree about all of them, WebKit fails on all of them. 64746 6 ap 2007-12-19 11:09:24 -0800 Could you please file a new bug for that? To avoid confusion, we generally don't reopen bugs if the fix was incomplete - only if it was completely wrong, and had to be rolled out. 65063 7 mrowe 2007-12-22 01:29:44 -0800 For reference, the fix for this was landed back in r14320. Marvin, it would be great if you could open a new bug about the issues you mentioned. 66106 8 darin 2008-01-03 00:21:33 -0800 I'm re-closing this bug. Marv, please open a new one. 8142 2006-05-07 06:10:10 -0700 2006-05-07 06:10:10 -0700 test case (needs tcpdump) request-crlf.html text/html 366 ap PHNjcmlwdD4KdHJ5IHsKbmV0c2NhcGUuc2VjdXJpdHkuUHJpdmlsZWdlTWFuYWdlci5lbmFibGVQ cml2aWxlZ2UoJ1VuaXZlcnNhbEJyb3dzZXJSZWFkJyk7Cn1jYXRjaChleCl7Cn0KCXZhciByZXF1 ZXN0ID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7CglyZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9 IGZ1bmN0aW9uKCkgewoJCWlmIChyZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCkgewoJCQlhbGVydCgi JyIrcmVxdWVzdC5yZXNwb25zZVRleHQgKyAiJyIpOwoJCX0KCX0KCXZhciB1cmwgPSAiaHR0cDov L3d3dy5hcHBsZS5jb20/XHJcbiI7CglyZXF1ZXN0Lm9wZW4oIkdFVCIsIHVybCApOwoJcmVxdWVz dC5zZW5kKG51bGwpOwoKPC9zY3JpcHQ+ 8251 2006-05-11 12:58:13 -0700 2006-05-11 18:06:53 -0700 proposed fix 8770r1_patch.txt text/plain 2046 ap SW5kZXg6IExheW91dFRlc3RzL2Zhc3QvbG9hZGVyL3VybC1zdHJpcC1jci1sZi10YWItZXhwZWN0 ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvbG9hZGVyL3VybC1zdHJpcC1j ci1sZi10YWItZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9s b2FkZXIvdXJsLXN0cmlwLWNyLWxmLXRhYi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0w LDAgKzEsNCBAQAorVGVzdCBmb3IgYnVnIDg3NzA6IFhNTEh0dHBSZXF1ZXN0IHNob3VsZCBzdHJp cCBDUi9MRiBjaGFyYWN0ZXJzIGZyb20gdGhlIFVSTCAobm90IGp1c3QgWE1MSHR0cFJlcXVlc3Qs IHJlYWxseSwgYW5kIFRBQiBpcyBhbHNvIHN0cmlwcGVkKS4KK1N1Y2Nlc3MKKworCkluZGV4OiBM YXlvdXRUZXN0cy9mYXN0L2xvYWRlci91cmwtc3RyaXAtY3ItbGYtdGFiLmh0bWwKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9sb2FkZXIvdXJsLXN0cmlwLWNyLWxmLXRhYi5odG1sCShy ZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9sb2FkZXIvdXJsLXN0cmlwLWNyLWxmLXRh Yi5odG1sCShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDI2IEBACis8Ym9keT4KK1Rlc3QgZm9yIDxh IGhyZWY9Imh0dHA6Ly9idWd6aWxsYS5vcGVuZGFyd2luLm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODc3 MCI+YnVnIDg3NzA8L2E+OiAKK1hNTEh0dHBSZXF1ZXN0IHNob3VsZCBzdHJpcCBDUi9MRiBjaGFy YWN0ZXJzIGZyb20gdGhlIFVSTCAobm90IGp1c3QgWE1MSHR0cFJlcXVlc3QsIHJlYWxseSwgYW5k IFRBQiBpcyBhbHNvIHN0cmlwcGVkKS4KKworPHNjcmlwdD4KK2lmICh3aW5kb3cubGF5b3V0VGVz dENvbnRyb2xsZXIpIHsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cisg ICAgbGF5b3V0VGVzdENvbnRyb2xsZXIud2FpdFVudGlsRG9uZSgpOworfQorCitpZiAoZG9jdW1l bnQuVVJMLmluZGV4T2YoJz8nKSA9PSAtMSkgeworCisJd2luZG93LmxvY2F0aW9uLmhyZWYgPSAi dXJsLXN0cmlwLWNyLWxmLXRhYlx4MDlceDBhXHgwZC5odG1sP2E9Ylx4MDlceDBhXHgwZCNceDA5 XHgwYVx4MGRjIjsKKworfSBlbHNlIHsKKworCWlmIChkb2N1bWVudC5VUkwuc3Vic3RyaW5nKGRv Y3VtZW50LlVSTC5pbmRleE9mKCc/JykrMSwgZG9jdW1lbnQuVVJMLmxlbmd0aCkgPT0gImE9YiNj IikKKwkJZG9jdW1lbnQud3JpdGUoIjxwPlN1Y2Nlc3M8L3A+Iik7CisJZWxzZQorCQlkb2N1bWVu dC53cml0ZSgiPHA+RmFpbHVyZTwvcD4iKTsKKwkKKwlpZiAod2luZG93LmxheW91dFRlc3RDb250 cm9sbGVyKQorCQlsYXlvdXRUZXN0Q29udHJvbGxlci5ub3RpZnlEb25lKCk7Cit9Cis8L3Njcmlw dD4KKzwvYm9keT4KSW5kZXg6IFdlYkNvcmUvcGxhdGZvcm0vS1VSTC5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gV2ViQ29yZS9wbGF0Zm9ybS9LVVJMLmNwcAkocmV2aXNpb24gMTQyOTgpCisrKyBXZWJDb3Jl L3BsYXRmb3JtL0tVUkwuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC03ODIsNyArNzgyLDcgQEAgc3Rh dGljIHZvaWQgYXBwZW5kRXNjYXBpbmdCYWRDaGFycyhjaGFyKgogICAgICAgICBpZiAoaXNCYWRD aGFyKGMpKSB7CiAgICAgICAgICAgICBpZiAoYyA9PSAnJScgfHwgYyA9PSAnPycpIHsKICAgICAg ICAgICAgICAgICAqcCsrID0gYzsKLSAgICAgICAgICAgIH0gZWxzZSB7CisgICAgICAgICAgICB9 IGVsc2UgaWYgKGMgIT0gMHgwOSAmJiBjICE9IDB4MGEgJiYgYyAhPSAweDBkKSB7CiAgICAgICAg ICAgICAgICAgKnArKyA9ICclJzsKICAgICAgICAgICAgICAgICAqcCsrID0gaGV4RGlnaXRzW2Mg Pj4gNF07CiAgICAgICAgICAgICAgICAgKnArKyA9IGhleERpZ2l0c1tjICYgMHhGXTsK 17991 2007-12-19 09:54:09 -0800 2007-12-19 09:54:09 -0800 Test case showing bug in host and scheme. crlf.html text/html 371 brettw PGh0bWw+PGJvZHk+DQo8YSBocmVmPSIjIiBvbkNsaWNrPSJkb2N1bWVudC5sb2NhdGlvbj0naHR0 XHgwZHA6Ly93d3cuYXBwbGUuY29tLyc7Ij5odHRceDBkcDovL3d3dy5hcHBsZS5jb20vIjwvYT48 YnI+DQo8YSBocmVmPSIjIiBvbkNsaWNrPSJkb2N1bWVudC5sb2NhdGlvbj0naHR0cDovL3d3dy5h cHBceDBkbGUuY29tLyc7Ij5odHRwOi8vd3d3LmFwXHgwZHBsZS5jb20vIjwvYT48YnI+DQo8YSBo cmVmPSIjIiBvbkNsaWNrPSJkb2N1bWVudC5sb2NhdGlvbj0naHR0cDovL3d3dy5hcHBceDBkbGUu Y29tL2hlbGxvXHgwZHdvcmxkJzsiPmh0dHA6Ly93d3cuYXBceDBkcGxlLmNvbS9oZWxsb1x4MGR3 b3JsZCI8L2E+DQoNCjwvYm9keT48L2h0bWw+DQo=