Bug 1547882 - Don't unescape %2e and %2f in the query or hash or moz-extension URLs. r=kershaw
authorValentin Gosu <valentin.gosu@gmail.com>
Fri, 10 May 2019 13:56:05 +0000
changeset 532206 948aaa76cfe97ca7339cac48c1b4ffb49ef01c31
parent 532205 def8a63f903864f52bc014572cc00f8e9cb7d0c2
child 532207 18861619a4b332b44fb1602d42dbba56cca25bdd
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskershaw
bugs1547882
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1547882 - Don't unescape %2e and %2f in the query or hash or moz-extension URLs. r=kershaw Since the SubstitutingProtocolHandler is also extended by nsResProtocolHandler, this change would also apply to resource:// URLs. Differential Revision: https://phabricator.services.mozilla.com/D30344
netwerk/protocol/res/SubstitutingProtocolHandler.cpp
netwerk/test/unit/test_URIs.js
--- a/netwerk/protocol/res/SubstitutingProtocolHandler.cpp
+++ b/netwerk/protocol/res/SubstitutingProtocolHandler.cpp
@@ -321,18 +321,24 @@ nsresult SubstitutingProtocolHandler::Ne
         if (last < src) {
           spec.Append(last, src - last);
         }
         spec.Append(ch);
         src += 2;
         last = src + 1;  // src will be incremented by the loop
       }
     }
+    if (*src == '?' || *src == '#') {
+      break;  // Don't escape %2f and %2e in the query or ref parts of the URI
+    }
   }
-  if (last < src) spec.Append(last, src - last);
+
+  if (last < end) {
+    spec.Append(last, end - last);
+  }
 
   nsCOMPtr<nsIURI> base(aBaseURI);
   nsCOMPtr<nsIURL> uri;
   rv = NS_MutateURI(new SubstitutingURL::Mutator())
            .Apply(NS_MutatorMethod(&nsIStandardURLMutator::Init,
                                    nsIStandardURL::URLTYPE_STANDARD, -1, spec,
                                    aCharset, base, nullptr))
            .Finalize(uri);
--- a/netwerk/test/unit/test_URIs.js
+++ b/netwerk/test/unit/test_URIs.js
@@ -618,23 +618,34 @@ function check_schemeIsNull()
   uri = gIoService.newURI("dummyscheme://example.com");
   Assert.ok(!uri.schemeIs(null));
   uri = gIoService.newURI("jar:resource://gre/chrome.toolkit.jar!/");
   Assert.ok(!uri.schemeIs(null));
   uri = gIoService.newURI("moz-icon://.unknown?size=32");
   Assert.ok(!uri.schemeIs(null));
 }
 
+// Check that characters in the query of moz-extension aren't improperly unescaped (Bug 1547882)
+function check_mozextension_query() {
+  let uri = gIoService.newURI("moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html");
+  uri = uri.mutate().setQuery("u=https%3A%2F%2Fnews.ycombinator.com%2F").finalize();
+  Assert.equal(uri.query, "u=https%3A%2F%2Fnews.ycombinator.com%2F");
+  uri = gIoService.newURI("moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html?u=https%3A%2F%2Fnews.ycombinator.com%2F");
+  Assert.equal(uri.spec, "moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html?u=https%3A%2F%2Fnews.ycombinator.com%2F");
+  Assert.equal(uri.query, "u=https%3A%2F%2Fnews.ycombinator.com%2F");
+}
+
 // TEST MAIN FUNCTION
 // ------------------
 function run_test()
 {
   check_nested_mutations();
   check_space_escaping();
   check_schemeIsNull();
+  check_mozextension_query();
 
   // UTF-8 check - From bug 622981
   // ASCII
   let base = gIoService.newURI("http://example.org/xenia?");
   let resolved = gIoService.newURI("?x", null, base);
   let expected = gIoService.newURI("http://example.org/xenia?x");
   do_info("Bug 662981: ACSII - comparing " + resolved.spec + " and " + expected.spec);
   Assert.ok(resolved.equals(expected));