Summary: | Parsed protocol of javascript URLs with embedded newlines and carriage returns do not match parsed protocol in Chrome and Firefox | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||||||
Component: | DOM | Assignee: | Brent Fulgham <bfulgham> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | achristensen, bfulgham, cdumez, commit-queue, esprehn+autocc, ews-watchlist, gyuyoung.kim | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | WebKit Local Build | ||||||||||
Hardware: | All | ||||||||||
OS: | All | ||||||||||
Attachments: |
|
URLUtils is our implementation of https://html.spec.whatwg.org/multipage/links.html#htmlhyperlinkelementutils which relies on URL parsing. diff --git a/Source/WebCore/html/URLUtils.h b/Source/WebCore/html/URLUtils.h index 3a8d5413f93..a957910aacd 100644 --- a/Source/WebCore/html/URLUtils.h +++ b/Source/WebCore/html/URLUtils.h @@ -90,6 +90,8 @@ String URLUtils<T>::origin() const template <typename T> String URLUtils<T>::protocol() const { + if (WTF::protocolIsJavaScript(url)) + return "javascript:"_s; return makeString(href().protocol(), ':'); } ? (In reply to Chris Dumez from comment #3) > diff --git a/Source/WebCore/html/URLUtils.h b/Source/WebCore/html/URLUtils.h > index 3a8d5413f93..a957910aacd 100644 > --- a/Source/WebCore/html/URLUtils.h > +++ b/Source/WebCore/html/URLUtils.h > @@ -90,6 +90,8 @@ String URLUtils<T>::origin() const > template <typename T> > String URLUtils<T>::protocol() const > { > + if (WTF::protocolIsJavaScript(url)) > + return "javascript:"_s; > return makeString(href().protocol(), ':'); > } > > ? Meant: --- a/Source/WebCore/html/URLUtils.h +++ b/Source/WebCore/html/URLUtils.h @@ -90,6 +90,8 @@ String URLUtils<T>::origin() const template <typename T> String URLUtils<T>::protocol() const { + if (WTF::protocolIsJavaScript(href())) + return "javascript:"_s; return makeString(href().protocol(), ':'); } Created attachment 358371 [details]
Patch
Comment on attachment 358371 [details]
Patch
r=me if the bots are happy. Note that it'd be nice if the test checked that the javascript ran without the filter.
Created attachment 358376 [details]
Patch for landing
The commit-queue encountered the following flaky tests while processing attachment 358376 [details]: http/wpt/css/css-animations/start-animation-001.html bug 190903 (authors: dino@apple.com, fred.wang@free.fr, and graouts@apple.com) The commit-queue is continuing to process your patch. Comment on attachment 358376 [details] Patch for landing Clearing flags on attachment: 358376 Committed r239642: <https://trac.webkit.org/changeset/239642> All reviewed patches have been landed. Closing bug. |
Created attachment 358355 [details] Test Behavior of URLUtils.protocol() for some JavaScript URLs disagrees with the behavior in Chrome version 71.0.3578.98 and Firefox version 64.0. For instance, the URLUtils.protocol() for "javascript://:%0aalert(2)" and "javascript://:%0dalert(3)" returns ":" instead of "javascript:". See attached test case.