RESOLVED FIXED Bug 205979
REGRESSION (r253662): Large Data URLs are not being handled properly 
https://bugs.webkit.org/show_bug.cgi?id=205979
Summary REGRESSION (r253662): Large Data URLs are not being handled properly
Brent Fulgham
Reported 2020-01-08 17:49:04 PST
The changes in Bug 203825 restricted the size of URLs too much. We need to allow reasonably sized data and other URLs.
Attachments
Patch (1.29 KB, patch)
2020-01-08 17:58 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.37 KB, patch)
2020-01-09 11:33 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-01-08 17:56:48 PST
<rdar://problem/58346124>
Brent Fulgham
Comment 2 2020-01-08 17:58:51 PST
Created attachment 387173 [details] Patch
Simon Fraser (smfr)
Comment 3 2020-01-08 18:00:26 PST
Comment on attachment 387173 [details] Patch How do we know what a "reasonable" data URI size is?
Simon Fraser (smfr)
Comment 4 2020-01-08 18:00:55 PST
Also having values in hex isn't very helpful.
Brent Fulgham
Comment 5 2020-01-08 18:05:37 PST
According to <https://bugs.chromium.org/p/chromium/issues/detail?id=44820#c1>, Chrome limits data URI's to 2 MB. This patch uses 64 MB, which if anything might be a bit large.
Brent Fulgham
Comment 6 2020-01-08 18:06:53 PST
@Alex Christensen: Does the URL Parser process all of the contents of a data URL? Could I just exclude data URIs from the test?
Brent Fulgham
Comment 7 2020-01-08 18:08:07 PST
Comment on attachment 387173 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387173&action=review > Source/WebCore/page/SecurityOrigin.cpp:49 > +constexpr unsigned maximumURLSize = 0x04000000; This changes from 32 KB to 64 MB, which might be too big for memory-constrained devices. Might be good to keep the limit and just skip the check for data URIs? Or bump the standard URL limit, but have a much larger limit for data URIs only?
Brent Fulgham
Comment 8 2020-01-09 09:20:36 PST
(In reply to Brent Fulgham from comment #6) > @Alex Christensen: Does the URL Parser process all of the contents of a data > URL? Could I just exclude data URIs from the test? I created a test case, and confirmed that data URLs are processed the same way, and can run up against this problem too.
youenn fablet
Comment 9 2020-01-09 09:53:57 PST
Comment on attachment 387173 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387173&action=review >> Source/WebCore/page/SecurityOrigin.cpp:49 >> +constexpr unsigned maximumURLSize = 0x04000000; > > This changes from 32 KB to 64 MB, which might be too big for memory-constrained devices. Might be good to keep the limit and just skip the check for data URIs? Should we add a 32KB+1 data URL test? > Or bump the standard URL limit, but have a much larger limit for data URIs only? I think it might be best to bump to 64 MB. We do not know what happens for custom schemes for instance. Also, javascript scheme should probably have the same constraint has data URL. We could also decide to decrease specific schemes like HTTP/HTTPS/FTP URLs back to 0x8000 if that is adding some kind of protection.
Brent Fulgham
Comment 10 2020-01-09 11:33:59 PST
Created attachment 387249 [details] Patch for landing
Alex Christensen
Comment 11 2020-01-09 12:04:04 PST
(In reply to Brent Fulgham from comment #6) > @Alex Christensen: Does the URL Parser process all of the contents of a data URL? It does.
WebKit Commit Bot
Comment 12 2020-01-09 13:22:58 PST
The commit-queue encountered the following flaky tests while processing attachment 387249 [details]: storage/indexeddb/detached-iframe.html bug 206028 (author: achristensen@apple.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 13 2020-01-09 13:23:04 PST
The commit-queue encountered the following flaky tests while processing attachment 387249 [details]: imported/w3c/web-platform-tests/content-security-policy/script-src/scriptnonce-changed-1.html bug 206029 (author: psaavedra@igalia.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 14 2020-01-09 14:41:36 PST
Comment on attachment 387249 [details] Patch for landing Clearing flags on attachment: 387249 Committed r254301: <https://trac.webkit.org/changeset/254301>
WebKit Commit Bot
Comment 15 2020-01-09 14:41:38 PST
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 16 2020-01-09 17:17:42 PST
Comment on attachment 387249 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=387249&action=review > Source/WebCore/page/SecurityOrigin.cpp:49 > +constexpr unsigned maximumURLSize = 0x04000000; Could we put a comment here explaining the rationale behind this maximum? For example, I know it needs to be "big enough for reasonable data URI sizes" but not how we decided what is reasonable. And I don’t know why it shouldn’t be even bigger. We should just "show our work" here so someone later can make a smart decision about changing this or not changing it.
Brent Fulgham
Comment 17 2020-01-10 09:29:55 PST
(In reply to Darin Adler from comment #16) > Comment on attachment 387249 [details] > Patch for landing > > View in context: > https://bugs.webkit.org/attachment.cgi?id=387249&action=review > > > Source/WebCore/page/SecurityOrigin.cpp:49 > > +constexpr unsigned maximumURLSize = 0x04000000; > > Could we put a comment here explaining the rationale behind this maximum? > For example, I know it needs to be "big enough for reasonable data URI > sizes" but not how we decided what is reasonable. And I don’t know why it > shouldn’t be even bigger. We should just "show our work" here so someone > later can make a smart decision about changing this or not changing it. Sure -- I'll add a comment in a follow-up.
Note You need to log in before you can comment on or make changes to this bug.