зеркало из https://github.com/mozilla/gecko-dev.git
Tests for Unicode security issues -- bug 445886
This commit is contained in:
Родитель
9d55d07fc0
Коммит
d0c7cac271
|
@ -73,6 +73,10 @@ relativesrcdir = intl/uconv/tests
|
|||
|
||||
_TEST_FILES = \
|
||||
test_bug335816.html \
|
||||
test_unicode_noncharacterescapes.html \
|
||||
test_unicode_noncharacters_gb18030.html \
|
||||
test_unicode_noncharacters_utf8.html \
|
||||
test_utf8_overconsumption.html \
|
||||
$(NULL)
|
||||
libs:: $(_TEST_FILES)
|
||||
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
|
||||
|
|
|
@ -0,0 +1,302 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=445886
|
||||
-->
|
||||
<head>
|
||||
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
|
||||
<title>Test for Unicode non-characters</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<pre id="test">
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/** Test that unicode non-characters are not discarded **/
|
||||
function test()
|
||||
{
|
||||
ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
function Inject()
|
||||
{
|
||||
// script fragments containing Unicode non-characters
|
||||
try {
|
||||
// U+FDD0
|
||||
eval("$(\"display\").inner\ufdd0HTML += \" U+FDD0 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD1
|
||||
eval("$(\"display\").inner\ufdd1HTML += \" U+FDD1 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD2
|
||||
eval("$(\"display\").inner\ufdd2HTML += \" U+FDD2 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD3
|
||||
eval("$(\"display\").inner\ufdd3HTML += \" U+FDD3 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD4
|
||||
eval("$(\"display\").inner\ufdd4HTML += \" U+FDD4 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD5
|
||||
eval("$(\"display\").inner\ufdd5HTML += \" U+FDD5 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD6
|
||||
eval("$(\"display\").inner\ufdd6HTML += \" U+FDD6 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD7
|
||||
eval("$(\"display\").inner\ufdd7HTML += \" U+FDD7 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD8
|
||||
eval("$(\"display\").inner\ufdd8HTML += \" U+FDD8 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD9
|
||||
eval("$(\"display\").inner\ufdd9HTML += \" U+FDD9 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDA
|
||||
eval("$(\"display\").inner\ufddaHTML += \" U+FDDA is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDB
|
||||
eval("$(\"display\").inner\ufddbHTML += \" U+FDDB is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDC
|
||||
eval("$(\"display\").inner\ufddcHTML += \" U+FDDC is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDD
|
||||
eval("$(\"display\").inner\ufdddHTML += \" U+FDDD is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDE
|
||||
eval("$(\"display\").inner\ufddeHTML += \" U+FDDE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDF
|
||||
eval("$(\"display\").inner\ufddfHTML += \" U+FDDF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE0
|
||||
eval("$(\"display\").inner\ufde0HTML += \" U+FDE0 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE1
|
||||
eval("$(\"display\").inner\ufde1HTML += \" U+FDE1 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE2
|
||||
eval("$(\"display\").inner\ufde2HTML += \" U+FDE2 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE3
|
||||
eval("$(\"display\").inner\ufde3HTML += \" U+FDE3 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE4
|
||||
eval("$(\"display\").inner\ufde4HTML += \" U+FDE4 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE5
|
||||
eval("$(\"display\").inner\ufde5HTML += \" U+FDE5 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE6
|
||||
eval("$(\"display\").inner\ufde6HTML += \" U+FDE6 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE7
|
||||
eval("$(\"display\").inner\ufde7HTML += \" U+FDE7 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE8
|
||||
eval("$(\"display\").inner\ufde8HTML += \" U+FDE8 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE9
|
||||
eval("$(\"display\").inner\ufde9HTML += \" U+FDE9 is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEA
|
||||
eval("$(\"display\").inner\ufdeaHTML += \" U+FDEA is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEB
|
||||
eval("$(\"display\").inner\ufdebHTML += \" U+FDEB is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEC
|
||||
eval("$(\"display\").inner\ufdecHTML += \" U+FDEC is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDED
|
||||
eval("$(\"display\").inner\ufdedHTML += \" U+FDED is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEE
|
||||
eval("$(\"display\").inner\ufdeeHTML += \" U+FDEE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEF
|
||||
eval("$(\"display\").inner\ufdefHTML += \" U+FDEF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFE
|
||||
eval("$(\"display\").inner\ufffeHTML += \" U+FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFF
|
||||
eval("$(\"display\").inner\uffffHTML += \" U+FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFE
|
||||
eval("$(\"display\").inner\ud83f\udffeHTML += \" U+1FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFF
|
||||
eval("$(\"display\").inner\ud83f\udfffHTML += \" U+1FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFE
|
||||
eval("$(\"display\").inner\ud87f\udffeHTML += \" U+2FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFF
|
||||
eval("$(\"display\").inner\ud87f\udfffHTML += \" U+2FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFE
|
||||
eval("$(\"display\").inner\ud8bf\udffeHTML += \" U+3FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFF
|
||||
eval("$(\"display\").inner\ud8bf\udfffHTML += \" U+3FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFE
|
||||
eval("$(\"display\").inner\ud8ff\udffeHTML += \" U+4FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFF
|
||||
eval("$(\"display\").inner\ud8ff\udfffHTML += \" U+4FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFE
|
||||
eval("$(\"display\").inner\ud93f\udffeHTML += \" U+5FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFF
|
||||
eval("$(\"display\").inner\ud93f\udfffHTML += \" U+5FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFE
|
||||
eval("$(\"display\").inner\ud97f\udffeHTML += \" U+6FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFF
|
||||
eval("$(\"display\").inner\ud97f\udfffHTML += \" U+6FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFE
|
||||
eval("$(\"display\").inner\ud9bf\udffeHTML += \" U+7FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFF
|
||||
eval("$(\"display\").inner\ud9bf\udfffHTML += \" U+7FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFE
|
||||
eval("$(\"display\").inner\ud9ff\udffeHTML += \" U+8FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFF
|
||||
eval("$(\"display\").inner\ud9ff\udfffHTML += \" U+8FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFE
|
||||
eval("$(\"display\").inner\uda3f\udffeHTML += \" U+9FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFF
|
||||
eval("$(\"display\").inner\uda3f\udfffHTML += \" U+9FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFE
|
||||
eval("$(\"display\").inner\uda7f\udffeHTML += \" U+AFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFF
|
||||
eval("$(\"display\").inner\uda7f\udfffHTML += \" U+AFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFE
|
||||
eval("$(\"display\").inner\udabf\udffeHTML += \" U+BFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFF
|
||||
eval("$(\"display\").inner\udabf\udfffHTML += \" U+BFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFE
|
||||
eval("$(\"display\").inner\udaff\udffeHTML += \" U+CFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFF
|
||||
eval("$(\"display\").inner\udaff\udfffHTML += \" U+CFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFE
|
||||
eval("$(\"display\").inner\udb3f\udffeHTML += \" U+DFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFF
|
||||
eval("$(\"display\").inner\udb3f\udfffHTML += \" U+DFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFE
|
||||
eval("$(\"display\").inner\udb7f\udffeHTML += \" U+EFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFF
|
||||
eval("$(\"display\").inner\udb7f\udfffHTML += \" U+EFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFE
|
||||
eval("$(\"display\").inner\udbbf\udffeHTML += \" U+FFFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFF
|
||||
eval("$(\"display\").inner\udbbf\udfffHTML += \" U+FFFFF is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFE
|
||||
eval("$(\"display\").inner\udbff\udffeHTML += \" U+10FFFE is evil\"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFF
|
||||
eval("$(\"display\").inner\udbff\udfffHTML += \" U+10FFFF is evil\"");
|
||||
} catch(e) {}
|
||||
test();
|
||||
}
|
||||
|
||||
setTimeout(Inject, 100);
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
</script>
|
||||
</pre>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
|
||||
<p id="display">All good.</p>
|
||||
<div id="content" style="display: none"></div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,304 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=445886
|
||||
-->
|
||||
<meta http-equiv="Content-type" content="text/html; charset=gb18030">
|
||||
<title>Test for Unicode non-characters</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="/tests/SimpleTest/test.css">
|
||||
</head>
|
||||
<body>
|
||||
<pre id="test"><script class="testbody" type="text/javascript">
|
||||
|
||||
/** Test that unicode non-characters are not discarded **/
|
||||
function test()
|
||||
{
|
||||
ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
function Inject()
|
||||
{
|
||||
// script fragments containing Unicode non-characters
|
||||
try {
|
||||
// U+FDD0
|
||||
eval("$(\"display\").inner„0ú2HTML += \" U+FDD0 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD1
|
||||
eval("$(\"display\").inner„0ú3HTML += \" U+FDD1 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD2
|
||||
eval("$(\"display\").inner„0ú4HTML += \" U+FDD2 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD3
|
||||
eval("$(\"display\").inner„0ú5HTML += \" U+FDD3 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD4
|
||||
eval("$(\"display\").inner„0ú6HTML += \" U+FDD4 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD5
|
||||
eval("$(\"display\").inner„0ú7HTML += \" U+FDD5 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD6
|
||||
eval("$(\"display\").inner„0ú8HTML += \" U+FDD6 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD7
|
||||
eval("$(\"display\").inner„0ú9HTML += \" U+FDD7 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD8
|
||||
eval("$(\"display\").inner„0û0HTML += \" U+FDD8 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD9
|
||||
eval("$(\"display\").inner„0û1HTML += \" U+FDD9 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDA
|
||||
eval("$(\"display\").inner„0û2HTML += \" U+FDDA is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDB
|
||||
eval("$(\"display\").inner„0û3HTML += \" U+FDDB is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDC
|
||||
eval("$(\"display\").inner„0û4HTML += \" U+FDDC is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDD
|
||||
eval("$(\"display\").inner„0û5HTML += \" U+FDDD is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDE
|
||||
eval("$(\"display\").inner„0û6HTML += \" U+FDDE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDF
|
||||
eval("$(\"display\").inner„0û7HTML += \" U+FDDF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE0
|
||||
eval("$(\"display\").inner„0û8HTML += \" U+FDE0 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE1
|
||||
eval("$(\"display\").inner„0û9HTML += \" U+FDE1 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE2
|
||||
eval("$(\"display\").inner„0ü0HTML += \" U+FDE2 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE3
|
||||
eval("$(\"display\").inner„0ü1HTML += \" U+FDE3 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE4
|
||||
eval("$(\"display\").inner„0ü2HTML += \" U+FDE4 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE5
|
||||
eval("$(\"display\").inner„0ü3HTML += \" U+FDE5 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE6
|
||||
eval("$(\"display\").inner„0ü4HTML += \" U+FDE6 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE7
|
||||
eval("$(\"display\").inner„0ü5HTML += \" U+FDE7 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE8
|
||||
eval("$(\"display\").inner„0ü6HTML += \" U+FDE8 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE9
|
||||
eval("$(\"display\").inner„0ü7HTML += \" U+FDE9 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEA
|
||||
eval("$(\"display\").inner„0ü8HTML += \" U+FDEA is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEB
|
||||
eval("$(\"display\").inner„0ü9HTML += \" U+FDEB is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEC
|
||||
eval("$(\"display\").inner„0ý0HTML += \" U+FDEC is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDED
|
||||
eval("$(\"display\").inner„0ý1HTML += \" U+FDED is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEE
|
||||
eval("$(\"display\").inner„0ý2HTML += \" U+FDEE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEF
|
||||
eval("$(\"display\").inner„0ý3HTML += \" U+FDEF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFE
|
||||
eval("$(\"display\").inner„1¤8HTML += \" U+FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFF
|
||||
eval("$(\"display\").inner„1¤9HTML += \" U+FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFE
|
||||
eval("$(\"display\").inner•2‚4HTML += \" U+1FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFF
|
||||
eval("$(\"display\").inner•2‚5HTML += \" U+1FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFE
|
||||
eval("$(\"display\").innerš4„0HTML += \" U+2FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFF
|
||||
eval("$(\"display\").innerš4„1HTML += \" U+2FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFE
|
||||
eval("$(\"display\").innerŸ6…6HTML += \" U+3FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFF
|
||||
eval("$(\"display\").innerŸ6…7HTML += \" U+3FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFE
|
||||
eval("$(\"display\").inner¤8‡2HTML += \" U+4FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFF
|
||||
eval("$(\"display\").inner¤8‡3HTML += \" U+4FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFE
|
||||
eval("$(\"display\").innerª0ˆ8HTML += \" U+5FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFF
|
||||
eval("$(\"display\").innerª0ˆ9HTML += \" U+5FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFE
|
||||
eval("$(\"display\").inner¯2Š4HTML += \" U+6FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFF
|
||||
eval("$(\"display\").inner¯2Š5HTML += \" U+6FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFE
|
||||
eval("$(\"display\").inner´4Œ0HTML += \" U+7FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFF
|
||||
eval("$(\"display\").inner´4Œ1HTML += \" U+7FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFE
|
||||
eval("$(\"display\").inner¹6<C2B9>6HTML += \" U+8FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFF
|
||||
eval("$(\"display\").inner¹6<C2B9>7HTML += \" U+8FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFE
|
||||
eval("$(\"display\").inner¾8<C2BE>2HTML += \" U+9FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFF
|
||||
eval("$(\"display\").inner¾8<C2BE>3HTML += \" U+9FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFE
|
||||
eval("$(\"display\").innerÄ0<C384>8HTML += \" U+AFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFF
|
||||
eval("$(\"display\").innerÄ0<C384>9HTML += \" U+AFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFE
|
||||
eval("$(\"display\").innerÉ2’4HTML += \" U+BFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFF
|
||||
eval("$(\"display\").innerÉ2’5HTML += \" U+BFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFE
|
||||
eval("$(\"display\").innerÎ4”0HTML += \" U+CFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFF
|
||||
eval("$(\"display\").innerÎ4”1HTML += \" U+CFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFE
|
||||
eval("$(\"display\").innerÓ6•6HTML += \" U+DFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFF
|
||||
eval("$(\"display\").innerÓ6•7HTML += \" U+DFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFE
|
||||
eval("$(\"display\").innerØ8—2HTML += \" U+EFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFF
|
||||
eval("$(\"display\").innerØ8—3HTML += \" U+EFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFE
|
||||
eval("$(\"display\").innerÞ0˜8HTML += \" U+FFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFF
|
||||
eval("$(\"display\").innerÞ0˜9HTML += \" U+FFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFE
|
||||
eval("$(\"display\").innerã2š4HTML += \" U+10FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFF
|
||||
eval("$(\"display\").innerã2š5HTML += \" U+10FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
test();
|
||||
}
|
||||
|
||||
setTimeout(Inject, 100);
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
</script>
|
||||
</pre>
|
||||
<a target="_blank"
|
||||
href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug
|
||||
445886</a>
|
||||
<p id="display">All good.</p>
|
||||
<div id="content" style="display: none;"></div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,302 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=445886
|
||||
-->
|
||||
<head>
|
||||
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
|
||||
<title>Test for Unicode non-characters</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<pre id="test">
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/** Test that unicode non-characters are not discarded **/
|
||||
function test()
|
||||
{
|
||||
ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
function Inject()
|
||||
{
|
||||
// script fragments containing Unicode non-characters
|
||||
try {
|
||||
// U+FDD0
|
||||
eval("$(\"display\").innerHTML += \" U+FDD0 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD1
|
||||
eval("$(\"display\").innerHTML += \" U+FDD1 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD2
|
||||
eval("$(\"display\").innerHTML += \" U+FDD2 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD3
|
||||
eval("$(\"display\").innerHTML += \" U+FDD3 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD4
|
||||
eval("$(\"display\").innerHTML += \" U+FDD4 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD5
|
||||
eval("$(\"display\").innerHTML += \" U+FDD5 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD6
|
||||
eval("$(\"display\").innerHTML += \" U+FDD6 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD7
|
||||
eval("$(\"display\").innerHTML += \" U+FDD7 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD8
|
||||
eval("$(\"display\").innerHTML += \" U+FDD8 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDD9
|
||||
eval("$(\"display\").innerHTML += \" U+FDD9 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDA
|
||||
eval("$(\"display\").innerHTML += \" U+FDDA is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDB
|
||||
eval("$(\"display\").innerHTML += \" U+FDDB is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDC
|
||||
eval("$(\"display\").innerHTML += \" U+FDDC is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDD
|
||||
eval("$(\"display\").innerHTML += \" U+FDDD is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDE
|
||||
eval("$(\"display\").innerHTML += \" U+FDDE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDDF
|
||||
eval("$(\"display\").innerHTML += \" U+FDDF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE0
|
||||
eval("$(\"display\").innerHTML += \" U+FDE0 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE1
|
||||
eval("$(\"display\").innerHTML += \" U+FDE1 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE2
|
||||
eval("$(\"display\").innerHTML += \" U+FDE2 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE3
|
||||
eval("$(\"display\").innerHTML += \" U+FDE3 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE4
|
||||
eval("$(\"display\").innerHTML += \" U+FDE4 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE5
|
||||
eval("$(\"display\").innerHTML += \" U+FDE5 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE6
|
||||
eval("$(\"display\").innerHTML += \" U+FDE6 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE7
|
||||
eval("$(\"display\").innerHTML += \" U+FDE7 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE8
|
||||
eval("$(\"display\").innerHTML += \" U+FDE8 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDE9
|
||||
eval("$(\"display\").innerHTML += \" U+FDE9 is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEA
|
||||
eval("$(\"display\").innerHTML += \" U+FDEA is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEB
|
||||
eval("$(\"display\").innerHTML += \" U+FDEB is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEC
|
||||
eval("$(\"display\").innerHTML += \" U+FDEC is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDED
|
||||
eval("$(\"display\").innerHTML += \" U+FDED is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEE
|
||||
eval("$(\"display\").innerHTML += \" U+FDEE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FDEF
|
||||
eval("$(\"display\").innerHTML += \" U+FDEF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+1FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+1FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+1FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+2FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+2FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+2FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+3FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+3FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+3FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+4FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+4FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+4FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+5FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+5FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+5FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+6FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+6FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+6FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+7FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+7FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+7FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+8FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+8FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+8FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+9FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+9FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+9FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+AFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+AFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+AFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+BFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+BFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+BFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+CFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+CFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+CFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+DFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+DFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+DFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+EFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+EFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+EFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFE
|
||||
eval("$(\"display\").innerHTML += \" U+FFFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+FFFFF
|
||||
eval("$(\"display\").innerHTML += \" U+FFFFF is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFE
|
||||
eval("$(\"display\").innerHTML += \" U+10FFFE is evil \"");
|
||||
} catch(e) {}
|
||||
try {
|
||||
// U+10FFFF
|
||||
eval("$(\"display\").innerHTML += \" U+10FFFF is evil \"");
|
||||
} catch(e) {}
|
||||
test();
|
||||
}
|
||||
|
||||
setTimeout(Inject, 100);
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
</script>
|
||||
</pre>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
|
||||
<p id="display">All good.</p>
|
||||
<div id="content" style="display: none"></div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,38 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=445886
|
||||
-->
|
||||
<head>
|
||||
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
|
||||
<title>Test for Unicode non-characters</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
<script type="text/javascript">
|
||||
function Inject()
|
||||
{
|
||||
$("display").innerHTML = "Evil";
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body Â>onload="Inject()">
|
||||
<pre id="test">
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/** test that UTF-8 decoding resynchronizes after incomplete sequences */
|
||||
function test()
|
||||
{
|
||||
ok($("display").innerHTML == "All good.", "No overconsumption");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
setTimeout(test, 100);
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
</script>
|
||||
</pre>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
|
||||
<p id="display">All good.</p>
|
||||
<div id="content" style="display: none"></div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,77 @@
|
|||
// Tests illegal UTF-8 sequences
|
||||
|
||||
const Cc = Components.Constructor;
|
||||
const Ci = Components.interfaces;
|
||||
|
||||
const inStrings1 = new Array("%c0%af", // long forms of 0x2F
|
||||
"%e0%80%af",
|
||||
"%f0%80%80%af",
|
||||
"%f8%80%80%80%af",
|
||||
"%fc%80%80%80%80%af",
|
||||
// lone surrogates
|
||||
"%ed%a0%80", // D800
|
||||
"%ed%ad%bf", // DB7F
|
||||
"%ed%ae%80", // DB80
|
||||
"%ed%af%bf", // DBFF
|
||||
"%ed%b0%80", // DC00
|
||||
"%ed%be%80", // DF80
|
||||
"%ed%bf%bf"); // DFFF
|
||||
const expected1 = "ABC\ufffdXYZ";
|
||||
// Surrogate pairs
|
||||
const inStrings2 = new Array("%ed%a0%80%ed%b0%80", // D800 DC00
|
||||
"%ed%a0%80%ed%bf%bf", // D800 DFFF
|
||||
"%ed%ad%bf%ed%b0%80", // DB7F DC00
|
||||
"%ed%ad%bf%ed%bf%bf", // DB7F DFFF
|
||||
"%ed%ae%80%ed%b0%80", // DB80 DC00
|
||||
"%ed%ae%80%ed%bf%bf", // DB80 DFFF
|
||||
"%ed%af%bf%ed%b0%80", // DBFF DC00
|
||||
"%ed%ad%bf%ed%bf%bf"); // DBFF DFFF
|
||||
const expected2 = "ABC\ufffd\ufffdXYZ";
|
||||
|
||||
function testCaseInputStream(inStr, expected)
|
||||
{
|
||||
var dataURI = "data:text/plain; charset=UTF-8,ABC" + inStr + "XYZ"
|
||||
dump(inStr + "==>");
|
||||
|
||||
var IOService = Cc("@mozilla.org/network/io-service;1",
|
||||
"nsIIOService");
|
||||
var ConverterInputStream =
|
||||
Cc("@mozilla.org/intl/converter-input-stream;1",
|
||||
"nsIConverterInputStream",
|
||||
"init");
|
||||
|
||||
var ios = new IOService();
|
||||
var channel = ios.newChannel(dataURI, "", null);
|
||||
var testInputStream = channel.open();
|
||||
var testConverter = new ConverterInputStream(testInputStream,
|
||||
"UTF-8",
|
||||
16,
|
||||
0xFFFD);
|
||||
|
||||
if (!(testConverter instanceof Ci.nsIUnicharLineInputStream))
|
||||
throw "not line input stream";
|
||||
|
||||
var outStr = "";
|
||||
var more;
|
||||
do {
|
||||
// read the line and check for eof
|
||||
var line = {};
|
||||
more = testConverter.readLine(line);
|
||||
outStr += line.value;
|
||||
} while (more);
|
||||
|
||||
dump(outStr + "; expected=" + expected + "\n");
|
||||
do_check_eq(outStr, expected);
|
||||
do_check_eq(outStr.length, expected.length);
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
for (var i = 0; i < inStrings1.length; ++i) {
|
||||
var inStr = inStrings1[i];
|
||||
testCaseInputStream(inStr, expected1);
|
||||
}
|
||||
for (var i = 0; i < inStrings2.length; ++i) {
|
||||
var inStr = inStrings2[i];
|
||||
testCaseInputStream(inStr, expected2);
|
||||
}
|
||||
}
|
Загрузка…
Ссылка в новой задаче