RESOLVED FIXED 211358
A URL cannot have a username/password/port if its host is null
https://bugs.webkit.org/show_bug.cgi?id=211358
Summary A URL cannot have a username/password/port if its host is null
Rob Buis
Reported 2020-05-03 13:26:59 PDT
A URL cannot have a username/password/port if its host is null [1], so adjust URL.cpp accordingly. Behavior matches Chrome and Firefox. [1] https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Attachments
Patch (9.75 KB, patch)
2020-05-03 13:33 PDT, Rob Buis
no flags
Patch (11.38 KB, patch)
2020-05-04 01:39 PDT, Rob Buis
no flags
Patch (11.91 KB, patch)
2020-05-04 09:43 PDT, Rob Buis
no flags
Patch (11.83 KB, patch)
2020-05-04 10:32 PDT, Rob Buis
no flags
Patch (10.26 KB, patch)
2020-05-05 08:29 PDT, Rob Buis
no flags
Rob Buis
Comment 1 2020-05-03 13:33:19 PDT
Daniel Bates
Comment 2 2020-05-03 20:16:07 PDT
Comment on attachment 398327 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=398327&action=review Patch looks good. > Source/WTF/wtf/URL.cpp:453 > + if (hostStart() == m_hostEnd || protocolIs("file")) Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug.
Daniel Bates
Comment 3 2020-05-03 20:21:53 PDT
Comment on attachment 398327 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=398327&action=review >> Source/WTF/wtf/URL.cpp:453 >> + if (hostStart() == m_hostEnd || protocolIs("file")) > > Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug. Also optimal solution is to move this check into a private member function marked inline in .cpp instead of duplicating it, especially if the check will have 3 disjunction <-- meaning it's becoming complicated.
Rob Buis
Comment 4 2020-05-04 01:39:15 PDT
Rob Buis
Comment 5 2020-05-04 09:43:21 PDT
Rob Buis
Comment 6 2020-05-04 09:55:38 PDT
Comment on attachment 398327 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=398327&action=review >>> Source/WTF/wtf/URL.cpp:453 >>> + if (hostStart() == m_hostEnd || protocolIs("file")) >> >> Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug. > > Also optimal solution is to move this check into a private member function marked inline in .cpp instead of duplicating it, especially if the check will have 3 disjunction <-- meaning it's becoming complicated. Thanks for the review! Today I found out cannot-be-a-base-URL is already handled in URLDecomposition, so I moved my code there.
Rob Buis
Comment 7 2020-05-04 10:32:53 PDT
Darin Adler
Comment 8 2020-05-04 11:15:23 PDT
Comment on attachment 398388 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=398388&action=review > Source/WTF/wtf/URL.h:169 > + WTF_EXPORT_PRIVATE bool hasEmptyHost() const; This is not significantly more efficient than writing: fullURL.host().isEmpty() That’s one of the benefits of StringView. Not sure we need to add the new function. The name seems to imply some difference between having "no host" and "empty host". > Source/WebCore/html/URLDecomposition.cpp:61 > + if (fullURL.hasEmptyHost() || fullURL.cannotBeABaseURL() || fullURL.protocolIs("file")) Starting to think we need a URL::protocolIsFile function. Also irritated that there’s no concept here, like "cannot be base URL".
Rob Buis
Comment 9 2020-05-05 08:29:33 PDT
EWS
Comment 10 2020-05-05 09:09:09 PDT
Committed r261173: <https://trac.webkit.org/changeset/261173> All reviewed patches have been landed. Closing bug and clearing flags on attachment 398510 [details].
Radar WebKit Bug Importer
Comment 11 2020-05-05 09:10:18 PDT
Note You need to log in before you can comment on or make changes to this bug.