Bug 155186
| Summary: | CSP: Avoid decoding Base64url hash using Base64 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | annevk, ap, bfulgham, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | All | ||
| OS: | All | ||
| Bug Depends on: | 155007 | ||
| Bug Blocks: | |||
Daniel Bates
We should consider normalizing a Base64url hash to a Base64 hash so that we decode the hash once using WTF::base64Decode() instead of attempting to decode a Base64url hash twice: once using WTF::base64Decode() and once using using WTF::base64URLDecode().
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/26522835>
Anne van Kesteren
One edge cases here to be mindful of: an input containing a unique base64url and unique base64 character. That needs to continue to be an error.