Bug 30178

Summary: Make the setMetadataURL function foolproof by having it remove user info
Product: WebKit Reporter: Darin Adler <darin>
Component: WebKit Misc.Assignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: All   
Attachments:
Description Flags
patch sullivan: review+, darin: commit-queue-

Description Darin Adler 2009-10-07 11:50:22 PDT 
Callers should not pass URLs with user info to setMetadataURL, but if they do, that function should remove it.
Comment 1 Darin Adler 2009-10-07 11:54:49 PDT 
Created attachment 40810 [details]
patch
Comment 2 Darin Adler 2009-10-07 11:55:25 PDT 
<rdar://problem/6544670>
Comment 3 John Sullivan 2009-10-07 12:00:51 PDT 
Comment on attachment 40810 [details]
patch

> Index: WebKit/mac/Misc/WebNSURLExtras.mm
> ===================================================================
> --- WebKit/mac/Misc/WebNSURLExtras.mm	(revision 49253)
> +++ WebKit/mac/Misc/WebNSURLExtras.mm	(working copy)
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved.
> + * Copyright (C) 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
>   * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
>   *
>   * Redistribution and use in source and binary forms, with or without
> @@ -619,17 +619,6 @@ static CFStringRef createStringWithEscap
>      return result;
>  }
>  
> -typedef struct {
> -    NSString *scheme;
> -    NSString *user;
> -    NSString *password;
> -    NSString *host;
> -    CFIndex port; // kCFNotFound means ignore/omit
> -    NSString *path;
> -    NSString *query;
> -    NSString *fragment;
> -} WebKitURLComponents;
> 

I presume this struct is no longer used -- you should mention that in the ChangeLog.
Comment 4 Darin Adler 2009-10-07 16:20:53 PDT 
http://trac.webkit.org/changeset/49273