CSP: Always use UTF-8 encoded content when checking hashes
Created attachment 446767 [details] Patch
This isn't quite ready as testing locally `run-minibrowser` passes all tests for encoding, yet `run-webkit-tests` fails on the non-UTF-8 ones. I didn't see any relevant env vars or anything that should affect encoding.
Created attachment 446903 [details] Patch
Created attachment 446904 [details] Patch
Still not sure why running the browser directly has different results, however this certainly is more in-line with the spec and passes more WPT tests.
Created attachment 446935 [details] Patch
The test failure really only happens when running via WebKit's HTTP server. For example: `hash-always-converted-to-utf-8/iso-8859-1.html` - `wpt serve` succeeds. - https://wpt.live succeeds. - `run-webkit-httpd` fails. So its something specific to how the tests are run. I would assume its not specific to the HTTP server as macOS and GTK have different servers that both fail.
> So its something specific to how the tests are run. I would assume its not > specific to the HTTP server as macOS and GTK have different servers that > both fail. Sorry forgot to mention that the issue is in the raw data received at the HTTP layer. libsoup logs this as incoming HTTP data: `run-webkit-httpd`: > <!-- ? (micro sign) has the value of 0xB5 in latin-1 and of 0xC2B5 in utf-8 but the hash value should be the same as the utf-8 computed one --> https://wpt.live: > <!-- \xb5 (micro sign) has the value of 0xB5 in latin-1 and of 0xC2B5 in utf-8 but the hash value should be the same as the utf-8 computed one --> So the browser gets already invalid data from the HTTP server.
<rdar://problem/86643075>
Comment on attachment 446935 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=446935&action=review r=me. Could you file a bug about the unexpected http server results? > Source/WebCore/page/csp/ContentSecurityPolicy.cpp:-371 > - // FIXME: Compute the digest with respect to the raw bytes received from the page. We should remember to mark this bug resolved once this patch lands.
Committed r287270 (245426@main): <https://commits.webkit.org/245426@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 446935 [details].
This change should be present in STP 139, iOS 15.4 Beta, and macOS 12.3 Beta.