Bug 1272284 - Encode C0 controls in path, query and hash r=mcmanus

MozReview-Commit-ID: 1zGRjVmAWts
2016-05-25 16:23:38 +02:00 · 2016-05-25 16:23:38 +02:00 · fa4080a0a7
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@ -1307,11 +1307,6 @@ nsStandardURL::SetSpec(const nsACString &input)
        return NS_ERROR_MALFORMED_URI;
    }

-    // NUL characters aren't allowed in the filtered URI.
-    if (filteredURI.Contains('\0')) {
-        return NS_ERROR_MALFORMED_URI;
-    }
-
    // Make a backup of the curent URL
    nsStandardURL prevURL(false,false);
    prevURL.CopyMembers(this, eHonorRef);
@ -2525,7 +2520,7 @@ nsStandardURL::SetFilePath(const nsACString &input)
        int32_t dirLen, baseLen, extLen;
        nsresult rv;

-        rv = mParser->ParseFilePath(filepath, -1,
+        rv = mParser->ParseFilePath(filepath, flat.Length(),
                                    &dirPos, &dirLen,
                                    &basePos, &baseLen,
                                    &extPos, &extLen);
@ -2614,7 +2609,7 @@ nsStandardURL::SetQuery(const nsACString &input)
        return NS_OK;
    }

-    int32_t queryLen = strlen(query);
+    int32_t queryLen = flat.Length();
    if (query[0] == '?') {
        query++;
        queryLen--;
@ -2664,10 +2659,6 @@ nsStandardURL::SetRef(const nsACString &input)

    LOG(("nsStandardURL::SetRef [ref=%s]\n", ref));

-    if (input.Contains('\0')) {
-        return NS_ERROR_MALFORMED_URI;
-    }
-
    if (mPath.mLen < 0)
        return SetPath(flat);

@ -2765,7 +2756,7 @@ nsStandardURL::SetFileName(const nsACString &input)
        URLSegment basename, extension;

        // let the parser locate the basename and extension
-        rv = mParser->ParseFileName(filename, -1,
+        rv = mParser->ParseFileName(filename, flat.Length(),
                                    &basename.mPos, &basename.mLen,
                                    &extension.mPos, &extension.mLen);
        if (NS_FAILED(rv)) return rv;
--- a/netwerk/test/unit/test_standardurl.js
+++ b/netwerk/test/unit/test_standardurl.js
@ -356,3 +356,39 @@ add_test(function test_trim_C0_and_space()
  Assert.throws(() => { url.spec = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19 "; }, "set empty spec");
  run_next_test();
 });
+
+// This tests that C0-and-space characters in the path, query and ref are
+// percent encoded.
+add_test(function test_encode_C0_and_space()
+{
+  function toHex(d) {
+    var hex = d.toString(16);
+    if (hex.length == 1)
+      hex = "0"+hex;
+    return hex.toUpperCase();
+  }
+
+  for (var i=0x0; i<=0x20; i++) {
+    // These characters get filtered - they are not encoded.
+    if (String.fromCharCode(i) == '\r' ||
+        String.fromCharCode(i) == '\n' ||
+        String.fromCharCode(i) == '\t') {
+      continue;
+    }
+    var url = stringToURL("http://example.com/pa" + String.fromCharCode(i) + "th?qu" + String.fromCharCode(i) +"ery#ha" + String.fromCharCode(i) + "sh");
+    do_check_eq(url.spec, "http://example.com/pa%" + toHex(i) + "th?qu%" + toHex(i) + "ery#ha%" + toHex(i) + "sh");
+  }
+
+  // Additionally, we need to check the setters.
+  var url = stringToURL("http://example.com/path?query#hash");
+  url.filePath = "pa\0th";
+  do_check_eq(url.spec, "http://example.com/pa%00th?query#hash");
+  url.query = "qu\0ery";
+  do_check_eq(url.spec, "http://example.com/pa%00th?qu%00ery#hash");
+  url.ref = "ha\0sh";
+  do_check_eq(url.spec, "http://example.com/pa%00th?qu%00ery#ha%00sh");
+  url.fileName = "fi\0le.name";
+  do_check_eq(url.spec, "http://example.com/fi%00le.name?qu%00ery#ha%00sh");
+
+  run_next_test();
+});