Bug 28767

Summary: KURLGoogle's decodeURLEscapeSequences should unescape %00 for compat with KURL.cpp
Product: WebKit Reporter: Darin Fisher (:fishd, Google) <fishd>
Component: PlatformAssignee: Darin Fisher (:fishd, Google) <fishd>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, brettw, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
v1 patch - allow %00 unescaping none

Darin Fisher (:fishd, Google)
Reported 2009-08-27 00:34:13 PDT
KURLGoogle's decodeURLEscapeSequences should unescape %00 for compat with KURL.cpp WebCore--the XSSAuditor in particular--expects that decodeURLEscapeSequences will unescape all escape sequences. Note: https://bugs.webkit.org/show_bug.cgi?id=20559 highlights the risk involved with decoded %00, and those concerns are definitely valid. I took a look at all of the callsites, and I believe we should be OK. (Famous last words...)
Attachments
v1 patch - allow %00 unescaping (2.49 KB, patch)
2009-08-27 00:41 PDT, Darin Fisher (:fishd, Google) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Fisher (:fishd, Google)
Comment 1 2009-08-27 00:41:50 PDT
Created attachment 38660 [details] v1 patch - allow %00 unescaping
Dimitri Glazkov (Google)
Comment 2 2009-08-27 07:43:44 PDT
Comment on attachment 38660 [details] v1 patch - allow %00 unescaping r=me.
Eric Seidel (no email)
Comment 3 2009-08-27 07:54:13 PDT
Comment on attachment 38660 [details] v1 patch - allow %00 unescaping Clearing flags on attachment: 38660 Committed r47819: <http://trac.webkit.org/changeset/47819>
Eric Seidel (no email)
Comment 4 2009-08-27 07:54:21 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.