Bug 12195 - XMLHttpRequest should raise SYNTAX_ERR when a parameter doesn't match HTTP syntax
Summary: XMLHttpRequest should raise SYNTAX_ERR when a parameter doesn't match HTTP sy...
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: XML (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P3 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-10 04:10 PST by Alexey Proskuryakov
Modified: 2023-03-27 05:24 PDT (History)
2 users (show)

See Also:

Attachments
Fix for open() (3.50 KB, patch)
2009-07-09 04:05 PDT, Yuzo Fujishima 		ap: review-
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2007-01-10 04:10:02 PST 
The current XMLHttpRequest draft spec specifies that certain methods should check syntactic validness of their parameters and raise SYNTAX_ERR on failure:

- open() must check its method parameter (method production defined by section 5.1.1 of [RFC2616]);
- open() must check its user parameter (and may check password) as defined by section 3.2.2 of [RFC2617];
- setRequestHeader() and getResponseHeader() must check their parameters as defined by section 4.2 of [RFC2616].
Comment 1 Yuzo Fujishima 2009-07-09 04:05:49 PDT 
Created attachment 32511 [details]
Fix for open()

Hi, I've attached a patch to partially fix (i.e., only for open() ) this issue.

Can you take a look?

Yuzo
Comment 2 Alexey Proskuryakov 2009-07-09 07:03:13 PDT 
Comment on attachment 32511 [details]
Fix for open()

This patch doesn't fix anything that was mentioned in the bug description - please open a new bug to discuss your proposed change. Besides, I don't see where the spec requires open() to raise an exception if the URL is invalid - see <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#the-open-method>.

fast/js is not a good place for the test - this directory is for JavaScriptCore tests. Please use fast/xmlhttprequest or http/tests/xmlhttprequest.
Comment 3 Yuzo Fujishima 2009-07-09 18:45:16 PDT 
Hi, Alexey,

Thank you for reviewing this.

Yes, I was wrong... The spec doesn't specify the behavior this way.
I'd like to withdraw my patch. Sorry for wasting your time.

Yuzo


(In reply to comment #2)
> (From update of attachment 32511 [details])
> This patch doesn't fix anything that was mentioned in the bug description -
> please open a new bug to discuss your proposed change. Besides, I don't see
> where the spec requires open() to raise an exception if the URL is invalid -
> see <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#the-open-method>.
> 
> fast/js is not a good place for the test - this directory is for JavaScriptCore
> tests. Please use fast/xmlhttprequest or http/tests/xmlhttprequest.
Comment 4 Yuzo Fujishima 2010-01-26 23:50:55 PST 
Eric,

The following are test results.

Safari 4.0 WITH this patch passes all of them.

The attached Testcases, both quirks and standards modes:
IE 8.0: FAIL
FF 3.5: FAIL
Opera 10.10: PASS
Safari 4.0 WITHOUT this patch: FAIL

Test 1 and 2 in the patch (as far as I can tell by watching the screen):
IE 8.0: FAIL
FF 3.5: PASS
Opera 10.10: PASS
Safari 4.0 WITHOUT this patch: PASS

Test 3 (ditto):
IE 8.0: FAIL
FF 3.5: FAIL
Opera 10.10: FAIL
Safari 4.0 WITHOUT this patch: FAIL
(Opera fails to handle unclosed string for font-family property but can handle it for content property. Hmm.)
Comment 5 Yuzo Fujishima 2010-01-26 23:52:53 PST 
Sorry,  please ignore comment #4.
It was meant for another bug.
Comment 6 Anne van Kesteren 2023-03-27 05:24:24 PDT 
This has been implemented.