235709 – [URL] Split forbidden host/domain code points, and add all C0 controls and add U+007F to the latter

Bug 235709 - [URL] Split forbidden host/domain code points, and add all C0 controls and add U+007F to the latter

Summary: [URL] Split forbidden host/domain code points, and add all C0 controls and ad...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-01-27 06:01 PST by Karl
Modified:	2022-02-03 06:02 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karl 2022-01-27 06:01:28 PST

Spec update: Domains may not contain C0 controls or U+007F DELETE. Opaque hostnames remain changed.

See: https://github.com/whatwg/url/pull/685

WebKit already blocks these code-points in domains (since https://bugs.webkit.org/show_bug.cgi?id=232034 ), but it should be relaxed for opaque hostnames pending further discussion.

Comment 1 Karl 2022-01-27 07:33:14 PST

Apologies for the typo: "Opaque hostnames remain changed." should be "Opaque hostnames remain **un**changed." 🤦‍♂️

Comment 2 Alex Christensen 2022-01-28 20:22:08 PST

I'm not sure I agree that opaque hostnames should remain unchanged.  I think the case for the character sets to be the same for both types of hosts is compelling.  I haven't seen any compatibility issues from this change.  I think this is a bridge we will have to cross when Chrome and/or Firefox change to make opaque hostnames a thing in their implementations.

Comment 3 Radar WebKit Bug Importer 2022-02-03 06:02:16 PST

<rdar://problem/88431669>