WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
211358
A URL cannot have a username/password/port if its host is null
https://bugs.webkit.org/show_bug.cgi?id=211358
Summary
A URL cannot have a username/password/port if its host is null
Rob Buis
Reported
2020-05-03 13:26:59 PDT
A URL cannot have a username/password/port if its host is null [1], so adjust URL.cpp accordingly. Behavior matches Chrome and Firefox. [1]
https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Attachments
Patch
(9.75 KB, patch)
2020-05-03 13:33 PDT
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Patch
(11.38 KB, patch)
2020-05-04 01:39 PDT
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Patch
(11.91 KB, patch)
2020-05-04 09:43 PDT
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Patch
(11.83 KB, patch)
2020-05-04 10:32 PDT
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Patch
(10.26 KB, patch)
2020-05-05 08:29 PDT
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Show Obsolete
(4)
View All
Add attachment
proposed patch, testcase, etc.
Rob Buis
Comment 1
2020-05-03 13:33:19 PDT
Created
attachment 398327
[details]
Patch
Daniel Bates
Comment 2
2020-05-03 20:16:07 PDT
Comment on
attachment 398327
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=398327&action=review
Patch looks good.
> Source/WTF/wtf/URL.cpp:453 > + if (hostStart() == m_hostEnd || protocolIs("file"))
Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug.
Daniel Bates
Comment 3
2020-05-03 20:21:53 PDT
Comment on
attachment 398327
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=398327&action=review
>> Source/WTF/wtf/URL.cpp:453 >> + if (hostStart() == m_hostEnd || protocolIs("file")) > > Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug.
Also optimal solution is to move this check into a private member function marked inline in .cpp instead of duplicating it, especially if the check will have 3 disjunction <-- meaning it's becoming complicated.
Rob Buis
Comment 4
2020-05-04 01:39:15 PDT
Created
attachment 398355
[details]
Patch
Rob Buis
Comment 5
2020-05-04 09:43:21 PDT
Created
attachment 398379
[details]
Patch
Rob Buis
Comment 6
2020-05-04 09:55:38 PDT
Comment on
attachment 398327
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=398327&action=review
>>> Source/WTF/wtf/URL.cpp:453 >>> + if (hostStart() == m_hostEnd || protocolIs("file")) >> >> Ok as-is. No change needed. Spec also mentions about checking cannot-be-a-base-URL flag. This is equivalent to checking !isHierarchical() (very quick read + intuition) and the optimal solution would do that. <--- function assets there is :, which I think is covered by m_isValid. If not, then need to check that too to avoid the assert triggering in debug. > > Also optimal solution is to move this check into a private member function marked inline in .cpp instead of duplicating it, especially if the check will have 3 disjunction <-- meaning it's becoming complicated.
Thanks for the review! Today I found out cannot-be-a-base-URL is already handled in URLDecomposition, so I moved my code there.
Rob Buis
Comment 7
2020-05-04 10:32:53 PDT
Created
attachment 398388
[details]
Patch
Darin Adler
Comment 8
2020-05-04 11:15:23 PDT
Comment on
attachment 398388
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=398388&action=review
> Source/WTF/wtf/URL.h:169 > + WTF_EXPORT_PRIVATE bool hasEmptyHost() const;
This is not significantly more efficient than writing: fullURL.host().isEmpty() That’s one of the benefits of StringView. Not sure we need to add the new function. The name seems to imply some difference between having "no host" and "empty host".
> Source/WebCore/html/URLDecomposition.cpp:61 > + if (fullURL.hasEmptyHost() || fullURL.cannotBeABaseURL() || fullURL.protocolIs("file"))
Starting to think we need a URL::protocolIsFile function. Also irritated that there’s no concept here, like "cannot be base URL".
Rob Buis
Comment 9
2020-05-05 08:29:33 PDT
Created
attachment 398510
[details]
Patch
EWS
Comment 10
2020-05-05 09:09:09 PDT
Committed
r261173
: <
https://trac.webkit.org/changeset/261173
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 398510
[details]
.
Radar WebKit Bug Importer
Comment 11
2020-05-05 09:10:18 PDT
<
rdar://problem/62889969
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug