From d0c7cac27193005e94ec6211592f62ed7b0c93dc Mon Sep 17 00:00:00 2001
From: Simon Montagu <smontagu@smontagu.org>
Date: Sun, 25 Jan 2009 12:10:31 +0200
Subject: [PATCH] Tests for Unicode security issues -- bug 445886

---
 intl/uconv/tests/Makefile.in                  |   4 +
 .../test_unicode_noncharacterescapes.html     | 302 +++++++++++++++++
 .../test_unicode_noncharacters_gb18030.html   | 304 ++++++++++++++++++
 .../test_unicode_noncharacters_utf8.html      | 302 +++++++++++++++++
 .../tests/test_utf8_overconsumption.html      |  38 +++
 intl/uconv/tests/unit/test_utf8_illegals.js   |  77 +++++
 6 files changed, 1027 insertions(+)
 create mode 100644 intl/uconv/tests/test_unicode_noncharacterescapes.html
 create mode 100644 intl/uconv/tests/test_unicode_noncharacters_gb18030.html
 create mode 100644 intl/uconv/tests/test_unicode_noncharacters_utf8.html
 create mode 100644 intl/uconv/tests/test_utf8_overconsumption.html
 create mode 100644 intl/uconv/tests/unit/test_utf8_illegals.js

diff --git a/intl/uconv/tests/Makefile.in b/intl/uconv/tests/Makefile.in
index b08411db4094..4169f4dd7da4 100644
--- a/intl/uconv/tests/Makefile.in
+++ b/intl/uconv/tests/Makefile.in
@@ -73,6 +73,10 @@ relativesrcdir	= intl/uconv/tests
 
 _TEST_FILES =	\
 		test_bug335816.html \
+		test_unicode_noncharacterescapes.html \
+		test_unicode_noncharacters_gb18030.html \
+		test_unicode_noncharacters_utf8.html \
+		test_utf8_overconsumption.html \
 		$(NULL)
 libs:: $(_TEST_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
diff --git a/intl/uconv/tests/test_unicode_noncharacterescapes.html b/intl/uconv/tests/test_unicode_noncharacterescapes.html
new file mode 100644
index 000000000000..c0005e6a4205
--- /dev/null
+++ b/intl/uconv/tests/test_unicode_noncharacterescapes.html
@@ -0,0 +1,302 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=445886
+-->
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=UTF-8">
+  <title>Test for Unicode non-characters</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test that unicode non-characters are not discarded **/
+function test()
+{
+    ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
+    SimpleTest.finish();
+}
+
+function Inject()
+{
+    // script fragments containing Unicode non-characters
+    try {
+        // U+FDD0
+        eval("$(\"display\").inner\ufdd0HTML += \" U+FDD0 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD1
+        eval("$(\"display\").inner\ufdd1HTML += \" U+FDD1 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD2
+        eval("$(\"display\").inner\ufdd2HTML += \" U+FDD2 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD3
+        eval("$(\"display\").inner\ufdd3HTML += \" U+FDD3 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD4
+        eval("$(\"display\").inner\ufdd4HTML += \" U+FDD4 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD5
+        eval("$(\"display\").inner\ufdd5HTML += \" U+FDD5 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD6
+        eval("$(\"display\").inner\ufdd6HTML += \" U+FDD6 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD7
+        eval("$(\"display\").inner\ufdd7HTML += \" U+FDD7 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD8
+        eval("$(\"display\").inner\ufdd8HTML += \" U+FDD8 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDD9
+        eval("$(\"display\").inner\ufdd9HTML += \" U+FDD9 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDA
+        eval("$(\"display\").inner\ufddaHTML += \" U+FDDA is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDB
+        eval("$(\"display\").inner\ufddbHTML += \" U+FDDB is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDC
+        eval("$(\"display\").inner\ufddcHTML += \" U+FDDC is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDD
+        eval("$(\"display\").inner\ufdddHTML += \" U+FDDD is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDE
+        eval("$(\"display\").inner\ufddeHTML += \" U+FDDE is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDDF
+        eval("$(\"display\").inner\ufddfHTML += \" U+FDDF is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE0
+        eval("$(\"display\").inner\ufde0HTML += \" U+FDE0 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE1
+        eval("$(\"display\").inner\ufde1HTML += \" U+FDE1 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE2
+        eval("$(\"display\").inner\ufde2HTML += \" U+FDE2 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE3
+        eval("$(\"display\").inner\ufde3HTML += \" U+FDE3 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE4
+        eval("$(\"display\").inner\ufde4HTML += \" U+FDE4 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE5
+        eval("$(\"display\").inner\ufde5HTML += \" U+FDE5 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE6
+        eval("$(\"display\").inner\ufde6HTML += \" U+FDE6 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE7
+        eval("$(\"display\").inner\ufde7HTML += \" U+FDE7 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE8
+        eval("$(\"display\").inner\ufde8HTML += \" U+FDE8 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDE9
+        eval("$(\"display\").inner\ufde9HTML += \" U+FDE9 is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDEA
+        eval("$(\"display\").inner\ufdeaHTML += \" U+FDEA is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDEB
+        eval("$(\"display\").inner\ufdebHTML += \" U+FDEB is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDEC
+        eval("$(\"display\").inner\ufdecHTML += \" U+FDEC is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDED
+        eval("$(\"display\").inner\ufdedHTML += \" U+FDED is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDEE
+        eval("$(\"display\").inner\ufdeeHTML += \" U+FDEE is evil\"");
+    } catch(e) {}
+    try {
+        // U+FDEF
+        eval("$(\"display\").inner\ufdefHTML += \" U+FDEF is evil\"");
+    } catch(e) {}
+    try {
+        // U+FFFE
+        eval("$(\"display\").inner\ufffeHTML += \" U+FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+FFFF
+        eval("$(\"display\").inner\uffffHTML += \" U+FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+1FFFE
+        eval("$(\"display\").inner\ud83f\udffeHTML += \" U+1FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+1FFFF
+        eval("$(\"display\").inner\ud83f\udfffHTML += \" U+1FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+2FFFE
+        eval("$(\"display\").inner\ud87f\udffeHTML += \" U+2FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+2FFFF
+        eval("$(\"display\").inner\ud87f\udfffHTML += \" U+2FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+3FFFE
+        eval("$(\"display\").inner\ud8bf\udffeHTML += \" U+3FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+3FFFF
+        eval("$(\"display\").inner\ud8bf\udfffHTML += \" U+3FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+4FFFE
+        eval("$(\"display\").inner\ud8ff\udffeHTML += \" U+4FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+4FFFF
+        eval("$(\"display\").inner\ud8ff\udfffHTML += \" U+4FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+5FFFE
+        eval("$(\"display\").inner\ud93f\udffeHTML += \" U+5FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+5FFFF
+        eval("$(\"display\").inner\ud93f\udfffHTML += \" U+5FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+6FFFE
+        eval("$(\"display\").inner\ud97f\udffeHTML += \" U+6FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+6FFFF
+        eval("$(\"display\").inner\ud97f\udfffHTML += \" U+6FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+7FFFE
+        eval("$(\"display\").inner\ud9bf\udffeHTML += \" U+7FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+7FFFF
+        eval("$(\"display\").inner\ud9bf\udfffHTML += \" U+7FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+8FFFE
+        eval("$(\"display\").inner\ud9ff\udffeHTML += \" U+8FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+8FFFF
+        eval("$(\"display\").inner\ud9ff\udfffHTML += \" U+8FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+9FFFE
+        eval("$(\"display\").inner\uda3f\udffeHTML += \" U+9FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+9FFFF
+        eval("$(\"display\").inner\uda3f\udfffHTML += \" U+9FFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+AFFFE
+        eval("$(\"display\").inner\uda7f\udffeHTML += \" U+AFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+AFFFF
+        eval("$(\"display\").inner\uda7f\udfffHTML += \" U+AFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+BFFFE
+        eval("$(\"display\").inner\udabf\udffeHTML += \" U+BFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+BFFFF
+        eval("$(\"display\").inner\udabf\udfffHTML += \" U+BFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+CFFFE
+        eval("$(\"display\").inner\udaff\udffeHTML += \" U+CFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+CFFFF
+        eval("$(\"display\").inner\udaff\udfffHTML += \" U+CFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+DFFFE
+        eval("$(\"display\").inner\udb3f\udffeHTML += \" U+DFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+DFFFF
+        eval("$(\"display\").inner\udb3f\udfffHTML += \" U+DFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+EFFFE
+        eval("$(\"display\").inner\udb7f\udffeHTML += \" U+EFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+EFFFF
+        eval("$(\"display\").inner\udb7f\udfffHTML += \" U+EFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+FFFFE
+        eval("$(\"display\").inner\udbbf\udffeHTML += \" U+FFFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+FFFFF
+        eval("$(\"display\").inner\udbbf\udfffHTML += \" U+FFFFF is evil\"");
+    } catch(e) {}
+    try {
+        // U+10FFFE
+        eval("$(\"display\").inner\udbff\udffeHTML += \" U+10FFFE is evil\"");
+    } catch(e) {}
+    try {
+        // U+10FFFF
+        eval("$(\"display\").inner\udbff\udfffHTML += \" U+10FFFF is evil\"");
+    } catch(e) {}
+    test();
+}
+
+  setTimeout(Inject, 100);
+  SimpleTest.waitForExplicitFinish();
+</script>
+</pre>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
+<p id="display">All good.</p>
+<div id="content" style="display: none"></div>
+</body>
+</html>
diff --git a/intl/uconv/tests/test_unicode_noncharacters_gb18030.html b/intl/uconv/tests/test_unicode_noncharacters_gb18030.html
new file mode 100644
index 000000000000..bbbbf3747397
--- /dev/null
+++ b/intl/uconv/tests/test_unicode_noncharacters_gb18030.html
@@ -0,0 +1,304 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=445886
+-->
+  <meta http-equiv="Content-type" content="text/html; charset=gb18030">
+  <title>Test for Unicode non-characters</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css"
+ href="/tests/SimpleTest/test.css">
+</head>
+<body>
+<pre id="test"><script class="testbody" type="text/javascript">
+
+/** Test that unicode non-characters are not discarded **/
+function test()
+{
+    ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
+    SimpleTest.finish();
+}
+
+function Inject()
+{
+    // script fragments containing Unicode non-characters
+    try {
+        // U+FDD0
+        eval("$(\"display\").inner﷐HTML += \" U+FDD0 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD1
+        eval("$(\"display\").inner﷑HTML += \" U+FDD1 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD2
+        eval("$(\"display\").inner﷒HTML += \" U+FDD2 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD3
+        eval("$(\"display\").inner﷓HTML += \" U+FDD3 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD4
+        eval("$(\"display\").inner﷔HTML += \" U+FDD4 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD5
+        eval("$(\"display\").inner﷕HTML += \" U+FDD5 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD6
+        eval("$(\"display\").inner﷖HTML += \" U+FDD6 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD7
+        eval("$(\"display\").inner﷗HTML += \" U+FDD7 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD8
+        eval("$(\"display\").inner﷘HTML += \" U+FDD8 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD9
+        eval("$(\"display\").inner﷙HTML += \" U+FDD9 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDA
+        eval("$(\"display\").inner﷚HTML += \" U+FDDA is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDB
+        eval("$(\"display\").inner﷛HTML += \" U+FDDB is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDC
+        eval("$(\"display\").inner﷜HTML += \" U+FDDC is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDD
+        eval("$(\"display\").inner﷝HTML += \" U+FDDD is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDE
+        eval("$(\"display\").inner﷞HTML += \" U+FDDE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDF
+        eval("$(\"display\").inner﷟HTML += \" U+FDDF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE0
+        eval("$(\"display\").inner﷠HTML += \" U+FDE0 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE1
+        eval("$(\"display\").inner﷡HTML += \" U+FDE1 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE2
+        eval("$(\"display\").inner﷢HTML += \" U+FDE2 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE3
+        eval("$(\"display\").inner﷣HTML += \" U+FDE3 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE4
+        eval("$(\"display\").inner﷤HTML += \" U+FDE4 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE5
+        eval("$(\"display\").inner﷥HTML += \" U+FDE5 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE6
+        eval("$(\"display\").inner﷦HTML += \" U+FDE6 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE7
+        eval("$(\"display\").inner﷧HTML += \" U+FDE7 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE8
+        eval("$(\"display\").inner﷨HTML += \" U+FDE8 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE9
+        eval("$(\"display\").inner﷩HTML += \" U+FDE9 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEA
+        eval("$(\"display\").inner﷪HTML += \" U+FDEA is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEB
+        eval("$(\"display\").inner﷫HTML += \" U+FDEB is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEC
+        eval("$(\"display\").inner﷬HTML += \" U+FDEC is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDED
+        eval("$(\"display\").inner﷭HTML += \" U+FDED is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEE
+        eval("$(\"display\").inner﷮HTML += \" U+FDEE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEF
+        eval("$(\"display\").inner﷯HTML += \" U+FDEF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFE
+        eval("$(\"display\").inner￾HTML += \" U+FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFF
+        eval("$(\"display\").inner￿HTML += \" U+FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+1FFFE
+        eval("$(\"display\").inner🿾HTML += \" U+1FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+1FFFF
+        eval("$(\"display\").inner🿿HTML += \" U+1FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+2FFFE
+        eval("$(\"display\").inner𯿾HTML += \" U+2FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+2FFFF
+        eval("$(\"display\").inner𯿿HTML += \" U+2FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+3FFFE
+        eval("$(\"display\").inner𿿾HTML += \" U+3FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+3FFFF
+        eval("$(\"display\").inner𿿿HTML += \" U+3FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+4FFFE
+        eval("$(\"display\").inner񏿾HTML += \" U+4FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+4FFFF
+        eval("$(\"display\").inner񏿿HTML += \" U+4FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+5FFFE
+        eval("$(\"display\").inner񟿾HTML += \" U+5FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+5FFFF
+        eval("$(\"display\").inner񟿿HTML += \" U+5FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+6FFFE
+        eval("$(\"display\").inner񯿾HTML += \" U+6FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+6FFFF
+        eval("$(\"display\").inner񯿿HTML += \" U+6FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+7FFFE
+        eval("$(\"display\").inner񿿾HTML += \" U+7FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+7FFFF
+        eval("$(\"display\").inner񿿿HTML += \" U+7FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+8FFFE
+        eval("$(\"display\").inner򏿾HTML += \" U+8FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+8FFFF
+        eval("$(\"display\").inner򏿿HTML += \" U+8FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+9FFFE
+        eval("$(\"display\").inner򟿾HTML += \" U+9FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+9FFFF
+        eval("$(\"display\").inner򟿿HTML += \" U+9FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+AFFFE
+        eval("$(\"display\").inner򯿾HTML += \" U+AFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+AFFFF
+        eval("$(\"display\").inner򯿿HTML += \" U+AFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+BFFFE
+        eval("$(\"display\").inner򿿾HTML += \" U+BFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+BFFFF
+        eval("$(\"display\").inner򿿿HTML += \" U+BFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+CFFFE
+        eval("$(\"display\").inner󏿾HTML += \" U+CFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+CFFFF
+        eval("$(\"display\").inner󏿿HTML += \" U+CFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+DFFFE
+        eval("$(\"display\").inner󟿾HTML += \" U+DFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+DFFFF
+        eval("$(\"display\").inner󟿿HTML += \" U+DFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+EFFFE
+        eval("$(\"display\").inner󯿾HTML += \" U+EFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+EFFFF
+        eval("$(\"display\").inner󯿿HTML += \" U+EFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFFE
+        eval("$(\"display\").inner󿿾HTML += \" U+FFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFFF
+        eval("$(\"display\").inner󿿿HTML += \" U+FFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+10FFFE
+        eval("$(\"display\").inner􏿾HTML += \" U+10FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+10FFFF
+        eval("$(\"display\").inner􏿿HTML += \" U+10FFFF is evil \"");
+    } catch(e) {}
+    test();
+}
+
+  setTimeout(Inject, 100);
+  SimpleTest.waitForExplicitFinish();
+</script>
+</pre>
+<a target="_blank"
+ href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug
+445886</a>
+<p id="display">All good.</p>
+<div id="content" style="display: none;"></div>
+</body>
+</html>
diff --git a/intl/uconv/tests/test_unicode_noncharacters_utf8.html b/intl/uconv/tests/test_unicode_noncharacters_utf8.html
new file mode 100644
index 000000000000..07dc0f4e19af
--- /dev/null
+++ b/intl/uconv/tests/test_unicode_noncharacters_utf8.html
@@ -0,0 +1,302 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=445886
+-->
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=UTF-8">
+  <title>Test for Unicode non-characters</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test that unicode non-characters are not discarded **/
+function test()
+{
+    ok($("display").innerHTML == "All good.", "Noncharacters not stripped");
+    SimpleTest.finish();
+}
+
+function Inject()
+{
+    // script fragments containing Unicode non-characters
+    try {
+        // U+FDD0
+        eval("$(\"display\").inner锓怘TML += \" U+FDD0 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD1
+        eval("$(\"display\").inner锓慔TML += \" U+FDD1 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD2
+        eval("$(\"display\").inner锓扝TML += \" U+FDD2 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD3
+        eval("$(\"display\").inner锓揌TML += \" U+FDD3 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD4
+        eval("$(\"display\").inner锓擧TML += \" U+FDD4 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD5
+        eval("$(\"display\").inner锓旽TML += \" U+FDD5 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD6
+        eval("$(\"display\").inner锓朒TML += \" U+FDD6 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD7
+        eval("$(\"display\").inner锓桯TML += \" U+FDD7 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD8
+        eval("$(\"display\").inner锓楬TML += \" U+FDD8 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDD9
+        eval("$(\"display\").inner锓橦TML += \" U+FDD9 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDA
+        eval("$(\"display\").inner锓欻TML += \" U+FDDA is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDB
+        eval("$(\"display\").inner锓汬TML += \" U+FDDB is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDC
+        eval("$(\"display\").inner锓淗TML += \" U+FDDC is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDD
+        eval("$(\"display\").inner锓滺TML += \" U+FDDD is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDE
+        eval("$(\"display\").inner锓濰TML += \" U+FDDE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDDF
+        eval("$(\"display\").inner锓烪TML += \" U+FDDF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE0
+        eval("$(\"display\").inner锓燞TML += \" U+FDE0 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE1
+        eval("$(\"display\").inner锓TML += \" U+FDE1 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE2
+        eval("$(\"display\").inner锓TML += \" U+FDE2 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE3
+        eval("$(\"display\").inner锓TML += \" U+FDE3 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE4
+        eval("$(\"display\").inner锓TML += \" U+FDE4 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE5
+        eval("$(\"display\").inner锓TML += \" U+FDE5 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE6
+        eval("$(\"display\").inner锓TML += \" U+FDE6 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE7
+        eval("$(\"display\").inner锓TML += \" U+FDE7 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE8
+        eval("$(\"display\").inner锓℉TML += \" U+FDE8 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDE9
+        eval("$(\"display\").inner锓〩TML += \" U+FDE9 is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEA
+        eval("$(\"display\").inner锓狧TML += \" U+FDEA is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEB
+        eval("$(\"display\").inner锓獺TML += \" U+FDEB is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEC
+        eval("$(\"display\").inner锓琀TML += \" U+FDEC is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDED
+        eval("$(\"display\").inner锓璈TML += \" U+FDED is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEE
+        eval("$(\"display\").inner锓瓾TML += \" U+FDEE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FDEF
+        eval("$(\"display\").inner锓疕TML += \" U+FDEF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFE
+        eval("$(\"display\").inner锟綡TML += \" U+FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFF
+        eval("$(\"display\").inner锟縃TML += \" U+FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+1FFFE
+        eval("$(\"display\").inner馃烤HTML += \" U+1FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+1FFFF
+        eval("$(\"display\").inner馃靠HTML += \" U+1FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+2FFFE
+        eval("$(\"display\").inner鸠烤HTML += \" U+2FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+2FFFF
+        eval("$(\"display\").inner鸠靠HTML += \" U+2FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+3FFFE
+        eval("$(\"display\").inner鹂烤HTML += \" U+3FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+3FFFF
+        eval("$(\"display\").inner鹂靠HTML += \" U+3FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+4FFFE
+        eval("$(\"display\").inner駨烤HTML += \" U+4FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+4FFFF
+        eval("$(\"display\").inner駨靠HTML += \" U+4FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+5FFFE
+        eval("$(\"display\").inner駸烤HTML += \" U+5FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+5FFFF
+        eval("$(\"display\").inner駸靠HTML += \" U+5FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+6FFFE
+        eval("$(\"display\").inner癔烤HTML += \" U+6FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+6FFFF
+        eval("$(\"display\").inner癔靠HTML += \" U+6FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+7FFFE
+        eval("$(\"display\").inner窨烤HTML += \" U+7FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+7FFFF
+        eval("$(\"display\").inner窨靠HTML += \" U+7FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+8FFFE
+        eval("$(\"display\").inner驈烤HTML += \" U+8FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+8FFFF
+        eval("$(\"display\").inner驈靠HTML += \" U+8FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+9FFFE
+        eval("$(\"display\").inner驘烤HTML += \" U+9FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+9FFFF
+        eval("$(\"display\").inner驘靠HTML += \" U+9FFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+AFFFE
+        eval("$(\"display\").inner虔烤HTML += \" U+AFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+AFFFF
+        eval("$(\"display\").inner虔靠HTML += \" U+AFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+BFFFE
+        eval("$(\"display\").inner蚩烤HTML += \" U+BFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+BFFFF
+        eval("$(\"display\").inner蚩靠HTML += \" U+BFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+CFFFE
+        eval("$(\"display\").inner髲烤HTML += \" U+CFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+CFFFF
+        eval("$(\"display\").inner髲靠HTML += \" U+CFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+DFFFE
+        eval("$(\"display\").inner鬅烤HTML += \" U+DFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+DFFFF
+        eval("$(\"display\").inner鬅靠HTML += \" U+DFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+EFFFE
+        eval("$(\"display\").inner蟑烤HTML += \" U+EFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+EFFFF
+        eval("$(\"display\").inner蟑靠HTML += \" U+EFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFFE
+        eval("$(\"display\").inner罂烤HTML += \" U+FFFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+FFFFF
+        eval("$(\"display\").inner罂靠HTML += \" U+FFFFF is evil \"");
+    } catch(e) {}
+    try {
+        // U+10FFFE
+        eval("$(\"display\").inner魪烤HTML += \" U+10FFFE is evil \"");
+    } catch(e) {}
+    try {
+        // U+10FFFF
+        eval("$(\"display\").inner魪靠HTML += \" U+10FFFF is evil \"");
+    } catch(e) {}
+    test();
+}
+
+  setTimeout(Inject, 100);
+  SimpleTest.waitForExplicitFinish();
+</script>
+</pre>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
+<p id="display">All good.</p>
+<div id="content" style="display: none"></div>
+</body>
+</html>
diff --git a/intl/uconv/tests/test_utf8_overconsumption.html b/intl/uconv/tests/test_utf8_overconsumption.html
new file mode 100644
index 000000000000..db9ede2ecf76
--- /dev/null
+++ b/intl/uconv/tests/test_utf8_overconsumption.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=445886
+-->
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=UTF-8">
+  <title>Test for Unicode non-characters</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <script type="text/javascript">
+function Inject()
+{
+  $("display").innerHTML = "Evil";
+}
+  </script>
+</head>
+<body �>onload="Inject()">
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** test that UTF-8 decoding resynchronizes after incomplete sequences */
+function test()
+{
+    ok($("display").innerHTML == "All good.", "No overconsumption");
+    SimpleTest.finish();
+}
+
+  setTimeout(test, 100);
+  SimpleTest.waitForExplicitFinish();
+</script>
+</pre>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445886">Mozilla Bug 445886</a>
+<p id="display">All good.</p>
+<div id="content" style="display: none"></div>
+</body>
+</html>
diff --git a/intl/uconv/tests/unit/test_utf8_illegals.js b/intl/uconv/tests/unit/test_utf8_illegals.js
new file mode 100644
index 000000000000..f54073726a64
--- /dev/null
+++ b/intl/uconv/tests/unit/test_utf8_illegals.js
@@ -0,0 +1,77 @@
+// Tests illegal UTF-8 sequences
+
+const Cc = Components.Constructor;
+const Ci = Components.interfaces;
+        
+const inStrings1 = new Array("%c0%af",              // long forms of 0x2F
+                             "%e0%80%af",
+                             "%f0%80%80%af",
+                             "%f8%80%80%80%af",
+                             "%fc%80%80%80%80%af",
+                                                    // lone surrogates
+                             "%ed%a0%80",           // D800
+                             "%ed%ad%bf",           // DB7F
+                             "%ed%ae%80",           // DB80
+                             "%ed%af%bf",           // DBFF
+                             "%ed%b0%80",           // DC00
+                             "%ed%be%80",           // DF80
+                             "%ed%bf%bf");          // DFFF
+const expected1 = "ABC\ufffdXYZ";
+                                                    // Surrogate pairs
+const inStrings2 = new Array("%ed%a0%80%ed%b0%80",  // D800 DC00
+                             "%ed%a0%80%ed%bf%bf",  // D800 DFFF
+                             "%ed%ad%bf%ed%b0%80",  // DB7F DC00
+                             "%ed%ad%bf%ed%bf%bf",  // DB7F DFFF
+                             "%ed%ae%80%ed%b0%80",  // DB80 DC00
+                             "%ed%ae%80%ed%bf%bf",  // DB80 DFFF
+                             "%ed%af%bf%ed%b0%80",  // DBFF DC00
+                             "%ed%ad%bf%ed%bf%bf"); // DBFF DFFF
+const expected2 = "ABC\ufffd\ufffdXYZ";
+
+function testCaseInputStream(inStr, expected)
+{
+  var dataURI = "data:text/plain; charset=UTF-8,ABC" + inStr + "XYZ"
+  dump(inStr + "==>");
+
+  var IOService = Cc("@mozilla.org/network/io-service;1",
+		     "nsIIOService");
+  var ConverterInputStream =
+      Cc("@mozilla.org/intl/converter-input-stream;1",
+	 "nsIConverterInputStream",
+	 "init");
+
+  var ios = new IOService();
+  var channel = ios.newChannel(dataURI, "", null);
+  var testInputStream = channel.open();
+  var testConverter = new ConverterInputStream(testInputStream,
+					       "UTF-8",
+					       16,
+					       0xFFFD);
+
+  if (!(testConverter instanceof Ci.nsIUnicharLineInputStream))
+      throw "not line input stream";
+
+  var outStr = "";
+  var more;
+  do {
+      // read the line and check for eof
+      var line = {};
+      more = testConverter.readLine(line);
+      outStr += line.value;
+  } while (more);
+
+  dump(outStr + "; expected=" + expected + "\n");
+  do_check_eq(outStr, expected);
+  do_check_eq(outStr.length, expected.length);
+}
+
+function run_test() {
+    for (var i = 0; i < inStrings1.length; ++i) {
+	var inStr = inStrings1[i];
+	testCaseInputStream(inStr, expected1);
+    }
+    for (var i = 0; i < inStrings2.length; ++i) {
+	var inStr = inStrings2[i];
+	testCaseInputStream(inStr, expected2);
+    }
+}