This patch adds a sanitization of firstPartyDomain when calling the
OriginAttributes::CreateSuffix() and remove the release assert there.
The cookies API for the web extension can use a arbitrary string for the
firstPartyDomain. So, we should sanitize the firstPartyDomain before
we creating a suffix. The release assert is not required anymore since
the firstPartyDomain is sanitized
Depends on D1845.
Differential Revision: https://phabricator.services.mozilla.com/D1856
--HG--
extra : moz-landing-system : lando
This trades off more virtual calls in URLParams::ParseInput, while removing any extra
allocation when calling URLParams::Parse.
MozReview-Commit-ID: HrIqsguQjrk
--HG--
extra : rebase_source : fd6d4f0455f5c3df72bd3518b98359ac8759a89d
A web page could generate an URL by URl.createObjectURL(new Blob(...));
then navigate to this generated URL.
In this case the (top-level) document URI will be blob:{origin}:{uuid}.
And we try to add firstPartyDomain on this top-level document with blob URI, so
the following request from this document could have correct origin
attributes.
Tim Huang
Anthony Ramine
Yoshi Huang
Andrea Marchesini