RESOLVED INVALID 191102
Handling of 0x0B and 0x0C in HTTP header values 
https://bugs.webkit.org/show_bug.cgi?id=191102
Summary Handling of 0x0B and 0x0C in HTTP header values
Anne van Kesteren
Reported 2018-10-31 00:52:00 PDT
See https://github.com/web-platform-tests/wpt/pull/13471 for details. 0x0B and 0x0C get treated as whitespace, whereas they're not in HTTP. There might be differences here between the Darwin layer and the WebKit layer, and if so, that'd be bad.
Attachments
Add attachment proposed patch, testcase, etc.
Anne van Kesteren
Comment 1 2018-10-31 04:12:24 PDT
This can be a little security-sensitive: https://github.com/web-platform-tests/wpt/pull/13815.
Chris Dumez
Comment 2 2018-10-31 09:45:55 PDT
I suspect an underlying CFNetwork issue here as I don't think WebKit is doing the parsing itself here?
Anne van Kesteren
Comment 3 2018-11-01 02:47:50 PDT
I think that might be correct. At least https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/loader/HTTPHeaderField.cpp looks correct when it comes to defining whitespace, but I'm not sure to what extent that's used for all the header parsing that happens inside WebCore. (I was advised to nevertheless file potential CFNetwork issues here by Youenn et al at the most recent TPAC.)
Radar WebKit Bug Importer
Comment 4 2018-11-01 02:49:20 PDT
<rdar://problem/45725476>
Chris Dumez
Comment 5 2018-11-09 08:51:56 PST
Confirmed as a CFNetwork bug so we forwarded the issue to them. No action should be needed on WebKit side so closing this bug.
Note You need to log in before you can comment on or make changes to this bug.