RESOLVED CONFIGURATION CHANGED Bug 12195
XMLHttpRequest should raise SYNTAX_ERR when a parameter doesn't match HTTP syntax 
https://bugs.webkit.org/show_bug.cgi?id=12195
Summary XMLHttpRequest should raise SYNTAX_ERR when a parameter doesn't match HTTP sy...
Alexey Proskuryakov
Reported 2007-01-10 04:10:02 PST
The current XMLHttpRequest draft spec specifies that certain methods should check syntactic validness of their parameters and raise SYNTAX_ERR on failure: - open() must check its method parameter (method production defined by section 5.1.1 of [RFC2616]); - open() must check its user parameter (and may check password) as defined by section 3.2.2 of [RFC2617]; - setRequestHeader() and getResponseHeader() must check their parameters as defined by section 4.2 of [RFC2616].
Attachments
Fix for open() (3.50 KB, patch)
2009-07-09 04:05 PDT, Yuzo Fujishima 		ap: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yuzo Fujishima
Comment 1 2009-07-09 04:05:49 PDT
Created attachment 32511 [details] Fix for open() Hi, I've attached a patch to partially fix (i.e., only for open() ) this issue. Can you take a look? Yuzo
Alexey Proskuryakov
Comment 2 2009-07-09 07:03:13 PDT
Comment on attachment 32511 [details] Fix for open() This patch doesn't fix anything that was mentioned in the bug description - please open a new bug to discuss your proposed change. Besides, I don't see where the spec requires open() to raise an exception if the URL is invalid - see <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#the-open-method>. fast/js is not a good place for the test - this directory is for JavaScriptCore tests. Please use fast/xmlhttprequest or http/tests/xmlhttprequest.
Yuzo Fujishima
Comment 3 2009-07-09 18:45:16 PDT
Hi, Alexey, Thank you for reviewing this. Yes, I was wrong... The spec doesn't specify the behavior this way. I'd like to withdraw my patch. Sorry for wasting your time. Yuzo (In reply to comment #2) > (From update of attachment 32511 [details]) > This patch doesn't fix anything that was mentioned in the bug description - > please open a new bug to discuss your proposed change. Besides, I don't see > where the spec requires open() to raise an exception if the URL is invalid - > see <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#the-open-method>. > > fast/js is not a good place for the test - this directory is for JavaScriptCore > tests. Please use fast/xmlhttprequest or http/tests/xmlhttprequest.
Yuzo Fujishima
Comment 4 2010-01-26 23:50:55 PST
Eric, The following are test results. Safari 4.0 WITH this patch passes all of them. The attached Testcases, both quirks and standards modes: IE 8.0: FAIL FF 3.5: FAIL Opera 10.10: PASS Safari 4.0 WITHOUT this patch: FAIL Test 1 and 2 in the patch (as far as I can tell by watching the screen): IE 8.0: FAIL FF 3.5: PASS Opera 10.10: PASS Safari 4.0 WITHOUT this patch: PASS Test 3 (ditto): IE 8.0: FAIL FF 3.5: FAIL Opera 10.10: FAIL Safari 4.0 WITHOUT this patch: FAIL (Opera fails to handle unclosed string for font-family property but can handle it for content property. Hmm.)
Yuzo Fujishima
Comment 5 2010-01-26 23:52:53 PST
Sorry, please ignore comment #4. It was meant for another bug.
Anne van Kesteren
Comment 6 2023-03-27 05:24:24 PDT
This has been implemented.
Note You need to log in before you can comment on or make changes to this bug.