Bug 228826

Summary:

Reject non-IPv4 hostnames that end in numbers

Product:

WebKit

Reporter:

Anne van Kesteren <annevk>

Component:

DOM

Assignee:

Alex Christensen <achristensen>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, benjamin, cdumez, clopez, cmarcelo, ews-watchlist, thorton, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	ews-feeder: commit-queue-
Patch	none
Patch	none
Patch	none

Description Anne van Kesteren 2021-08-05 07:30:07 PDT

See https://github.com/whatwg/url/pull/619 and https://github.com/web-platform-tests/wpt/pull/29666.

Comment 1 Alexey Proskuryakov 2021-08-06 10:47:19 PDT

So it I have a website at http://site0.webkit.org, and configured a DNS search domain webkit.org on my machine, the browser should prevent loading site0?..

Comment 2 Alex Christensen 2021-08-06 12:13:38 PDT

No, I believe this only prevents URLs like http://webkit.org.001/ from parsing, with only digits or hex numbers after the last dot.

Comment 3 Alex Christensen 2021-08-06 17:42:18 PDT

Created attachment 435104 [details]
Patch

Comment 4 EWS Watchlist 2021-08-06 17:43:23 PDT

This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess

Comment 5 Alex Christensen 2021-08-06 17:52:40 PDT

I added some tests to WPT here: https://github.com/web-platform-tests/wpt/pull/29936

Comment 6 Alex Christensen 2021-08-06 17:53:42 PDT

Adding (later) to title to remind myself to revisit this after our next branch.

Comment 7 Alex Christensen 2021-08-07 16:50:55 PDT

Other tests should include these:
	https://example.037777777777/
	https://example.040000000000/
	https://example.0x100000000/
	https://example.0xffffffff/
	https://example.4294967295/
	https://example.4294967296/
	https://example.4x4/

Comment 8 Alex Christensen 2021-08-09 09:54:53 PDT

Created attachment 435187 [details]
Patch

Comment 9 Alex Christensen 2021-08-09 10:10:23 PDT

Created attachment 435191 [details]
Patch

Comment 10 Alex Christensen 2021-08-09 11:41:19 PDT

Created attachment 435196 [details]
Patch

Comment 11 Alex Christensen 2021-08-09 12:46:09 PDT

Created attachment 435199 [details]
Patch

Comment 12 Radar WebKit Bug Importer 2021-08-31 15:00:47 PDT

<rdar://problem/82598251>

Comment 13 Alex Christensen 2021-08-31 15:51:46 PDT

Created attachment 436956 [details]
Patch

Comment 14 EWS 2021-09-02 16:10:19 PDT

Committed r281963 (241270@main): <https://commits.webkit.org/241270@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436956 [details].