155186 – CSP: Avoid decoding Base64url hash using Base64

Bug 155186 - CSP: Avoid decoding Base64url hash using Base64

Summary: CSP: Avoid decoding Base64url hash using Base64

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:	155007
Blocks:
	Show dependency tree / graph

Reported:	2016-03-08 13:17 PST by Daniel Bates
Modified:	2023-05-22 04:23 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2016-03-08 13:17:21 PST

We should consider normalizing a Base64url hash to a Base64 hash so that we decode the hash once using WTF::base64Decode() instead of attempting to decode a Base64url hash twice: once using WTF::base64Decode() and once using using WTF::base64URLDecode().

Comment 1 Radar WebKit Bug Importer 2016-05-27 12:37:37 PDT

<rdar://problem/26522835>

Comment 2 Anne van Kesteren 2023-05-22 04:23:28 PDT

One edge cases here to be mindful of: an input containing a unique base64url and unique base64 character. That needs to continue to be an error.