Bug 1324247 - Strip whitespace from queries in URL setters r=necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D93471

netwerk/base/nsStandardURL.cpp

@@ -2875,7 +2875,13 @@ nsresult nsStandardURL::SetQueryWithEncoding(const nsACString& input,
     return NS_OK;
   }
 
-  int32_t queryLen = flat.Length();
+  // filter out unexpected chars "\r\n\t" if necessary
+  nsAutoCString filteredURI(flat);
+  const ASCIIMaskArray& mask = ASCIIMask::MaskCRLFTab();
+  filteredURI.StripTaggedASCII(mask);
+
+  query = filteredURI.get();
+  int32_t queryLen = filteredURI.Length();
   if (query[0] == '?') {
     query++;
     queryLen--;

netwerk/test/unit/test_standardurl.js

@@ -630,17 +630,14 @@ add_test(function test_filterWhitespace() {
   Assert.equal(url.spec, "http://test.com/pa%0D%0A%09th?query#hash");
   url = url
     .mutate()
-    .setQuery("qu\r\n\tery")
+    .setQuery("que\r\n\try")
     .finalize();
-  Assert.equal(url.spec, "http://test.com/pa%0D%0A%09th?qu%0D%0A%09ery#hash");
+  Assert.equal(url.spec, "http://test.com/pa%0D%0A%09th?query#hash");
   url = url
     .mutate()
     .setRef("ha\r\n\tsh")
     .finalize();
-  Assert.equal(
-    url.spec,
-    "http://test.com/pa%0D%0A%09th?qu%0D%0A%09ery#ha%0D%0A%09sh"
-  );
+  Assert.equal(url.spec, "http://test.com/pa%0D%0A%09th?query#ha%0D%0A%09sh");
   url = url
     .mutate()
     .QueryInterface(Ci.nsIURLMutator)
@@ -648,7 +645,7 @@ add_test(function test_filterWhitespace() {
     .finalize();
   Assert.equal(
     url.spec,
-    "http://test.com/fi%0D%0A%09le.name?qu%0D%0A%09ery#ha%0D%0A%09sh"
+    "http://test.com/fi%0D%0A%09le.name?query#ha%0D%0A%09sh"
   );
 
   run_next_test();

testing/web-platform/meta/url/url-setters-stripping.any.js.ini

@@ -56,9 +56,6 @@
   [Setting username with middle U+0009 (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+000D (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+000A (wpt++:)]
     expected: FAIL
 
@@ -95,9 +92,6 @@
   [Setting pathname with middle U+000D (https:)]
     expected: FAIL
 
-  [Setting search with leading U+000D (https:)]
-    expected: FAIL
-
   [Setting hostname with middle U+001F (https:)]
     expected: FAIL
 
@@ -134,9 +128,6 @@
   [Setting pathname with middle U+000A (https:)]
     expected: FAIL
 
-  [Setting search with leading U+0009 (https:)]
-    expected: FAIL
-
   [Setting hash with trailing U+000A (https:)]
     expected: FAIL
 
@@ -155,9 +146,6 @@
   [Setting host with leading U+001F (https:)]
     expected: FAIL
 
-  [Setting search with trailing U+000D (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+0000 (wpt++:)]
     expected: FAIL
 
@@ -167,9 +155,6 @@
   [Setting pathname with middle U+0000 (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+000A (https:)]
-    expected: FAIL
-
   [Setting hash with leading U+000D (https:)]
     expected: FAIL
 
@@ -248,9 +233,6 @@
   [Setting hostname with leading U+000A (wpt++:)]
     expected: FAIL
 
-  [Setting search with leading U+000A (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+000D (https:)]
     expected: FAIL
 
@@ -323,9 +305,6 @@
   [Setting port with leading U+0009 (wpt++:)]
     expected: FAIL
 
-  [Setting search with trailing U+0009 (https:)]
-    expected: FAIL
-
   [Setting search with middle U+000D (wpt++:)]
     expected: FAIL
 
@@ -365,9 +344,6 @@
   [Setting pathname with leading U+000A (https:)]
     expected: FAIL
 
-  [Setting search with trailing U+000A (https:)]
-    expected: FAIL
-
   [Setting hostname with trailing U+000A (wpt++:)]
     expected: FAIL
 
@@ -428,9 +404,6 @@
   [Setting search with leading U+000A (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+0009 (https:)]
-    expected: FAIL
-
   [Setting hostname with trailing U+000D (https:)]
     expected: FAIL
 
@@ -595,9 +568,6 @@
   [Setting username with middle U+0009 (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+000D (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+000A (wpt++:)]
     expected: FAIL
 
@@ -634,9 +604,6 @@
   [Setting pathname with middle U+000D (https:)]
     expected: FAIL
 
-  [Setting search with leading U+000D (https:)]
-    expected: FAIL
-
   [Setting hostname with middle U+001F (https:)]
     expected: FAIL
 
@@ -673,9 +640,6 @@
   [Setting pathname with middle U+000A (https:)]
     expected: FAIL
 
-  [Setting search with leading U+0009 (https:)]
-    expected: FAIL
-
   [Setting hash with trailing U+000A (https:)]
     expected: FAIL
 
@@ -694,9 +658,6 @@
   [Setting host with leading U+001F (https:)]
     expected: FAIL
 
-  [Setting search with trailing U+000D (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+0000 (wpt++:)]
     expected: FAIL
 
@@ -706,9 +667,6 @@
   [Setting pathname with middle U+0000 (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+000A (https:)]
-    expected: FAIL
-
   [Setting hash with leading U+000D (https:)]
     expected: FAIL
 
@@ -787,9 +745,6 @@
   [Setting hostname with leading U+000A (wpt++:)]
     expected: FAIL
 
-  [Setting search with leading U+000A (https:)]
-    expected: FAIL
-
   [Setting pathname with leading U+000D (https:)]
     expected: FAIL
 
@@ -862,9 +817,6 @@
   [Setting port with leading U+0009 (wpt++:)]
     expected: FAIL
 
-  [Setting search with trailing U+0009 (https:)]
-    expected: FAIL
-
   [Setting search with middle U+000D (wpt++:)]
     expected: FAIL
 
@@ -904,9 +856,6 @@
   [Setting pathname with leading U+000A (https:)]
     expected: FAIL
 
-  [Setting search with trailing U+000A (https:)]
-    expected: FAIL
-
   [Setting hostname with trailing U+000A (wpt++:)]
     expected: FAIL
 
@@ -967,9 +916,6 @@
   [Setting search with leading U+000A (wpt++:)]
     expected: FAIL
 
-  [Setting search with middle U+0009 (https:)]
-    expected: FAIL
-
   [Setting hostname with trailing U+000D (https:)]
     expected: FAIL