155186 – CSP: Avoid decoding Base64url hash using Base64

NEW 155186

CSP: Avoid decoding Base64url hash using Base64

https://bugs.webkit.org/show_bug.cgi?id=155186

Summary CSP: Avoid decoding Base64url hash using Base64

Daniel Bates

Reported 2016-03-08 13:17:21 PST

We should consider normalizing a Base64url hash to a Base64 hash so that we decode the hash once using WTF::base64Decode() instead of attempting to decode a Base64url hash twice: once using WTF::base64Decode() and once using using WTF::base64URLDecode().

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-05-27 12:37:37 PDT

<rdar://problem/26522835>

Anne van Kesteren

Comment 2 2023-05-22 04:23:28 PDT

One edge cases here to be mindful of: an input containing a unique base64url and unique base64 character. That needs to continue to be an error.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2016-03-08 13:17 PST

Modified

2023-05-22 04:23 PDT History

CC List

4 users Show

URL

Keywords InRadar

Depends on

155007

Blocks

Dependencies

tree graph