Bug 155186

Summary: CSP: Avoid decoding Base64url hash using Base64
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: annevk, ap, bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
Bug Depends on: 155007    
Bug Blocks:    

Description Daniel Bates 2016-03-08 13:17:21 PST 
We should consider normalizing a Base64url hash to a Base64 hash so that we decode the hash once using WTF::base64Decode() instead of attempting to decode a Base64url hash twice: once using WTF::base64Decode() and once using using WTF::base64URLDecode().
Comment 1 Radar WebKit Bug Importer 2016-05-27 12:37:37 PDT 
<rdar://problem/26522835>
Comment 2 Anne van Kesteren 2023-05-22 04:23:28 PDT 
One edge cases here to be mindful of: an input containing a unique base64url and unique base64 character. That needs to continue to be an error.