summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-15 07:29:18 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-15 07:29:18 +0200
commitae14556114dcae29f679db7c15f0bc9b707bb89a (patch)
treeb7f02d4463293a5fb0f3823bd48230a142c5a42d
parent8a95c03dcd2a7f2c6d64b6ee917f6cb363e9ca60 (diff)
downloaduxp-ae14556114dcae29f679db7c15f0bc9b707bb89a.tar.gz
moebius#130: URL parser - fix: don't allow empty host name
https://github.com/MoonchildProductions/moebius/issues/130
-rw-r--r--docshell/test/unit/test_nsDefaultURIFixup_info.js6
-rw-r--r--dom/html/test/test_bug558788-1.html5
-rw-r--r--dom/url/tests/test_url.html12
-rw-r--r--extensions/cookie/test/unit/test_bug526789.js12
-rw-r--r--netwerk/base/nsStandardURL.cpp31
-rw-r--r--netwerk/test/unit/test_URIs.js24
-rw-r--r--netwerk/test/unit/test_standardurl.js8
-rw-r--r--services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js2
-rw-r--r--services/fxaccounts/tests/xpcshell/test_profile_client.js2
-rw-r--r--testing/web-platform/meta/XMLHttpRequest/open-url-bogus.htm.ini11
-rw-r--r--testing/web-platform/meta/url/url-constructor.html.ini3
-rw-r--r--toolkit/components/passwordmgr/test/unit/test_logins_search.js1
-rw-r--r--toolkit/components/places/UnifiedComplete.js2
-rw-r--r--toolkit/components/places/nsNavHistory.cpp4
14 files changed, 51 insertions, 72 deletions
diff --git a/docshell/test/unit/test_nsDefaultURIFixup_info.js b/docshell/test/unit/test_nsDefaultURIFixup_info.js
index 9e33ea484f..c606ac32ef 100644
--- a/docshell/test/unit/test_nsDefaultURIFixup_info.js
+++ b/docshell/test/unit/test_nsDefaultURIFixup_info.js
@@ -426,8 +426,6 @@ var testcases = [ {
protocolChange: true,
}, {
input: "?'.com",
- fixedURI: "http:///?%27.com",
- alternateURI: "http://www..com/?%27.com",
keywordLookup: true,
protocolChange: true,
}, {
@@ -436,14 +434,10 @@ var testcases = [ {
protocolChange: true
}, {
input: "?mozilla",
- fixedURI: "http:///?mozilla",
- alternateURI: "http://www..com/?mozilla",
keywordLookup: true,
protocolChange: true,
}, {
input: "??mozilla",
- fixedURI: "http:///??mozilla",
- alternateURI: "http://www..com/??mozilla",
keywordLookup: true,
protocolChange: true,
}, {
diff --git a/dom/html/test/test_bug558788-1.html b/dom/html/test/test_bug558788-1.html
index 94b7a5f00e..4db61ed738 100644
--- a/dom/html/test/test_bug558788-1.html
+++ b/dom/html/test/test_bug558788-1.html
@@ -154,13 +154,14 @@ function checkInputURL()
sendString("ttp://mozilla.org");
checkValidApplies(element);
- for (var i=0; i<13; ++i) {
+ for (var i=0; i<10; ++i) {
synthesizeKey("VK_BACK_SPACE", {});
checkValidApplies(element);
}
synthesizeKey("VK_BACK_SPACE", {});
- for (var i=0; i<4; ++i) {
+ // "http://" is now invalid
+ for (var i=0; i<7; ++i) {
checkInvalidApplies(element);
synthesizeKey("VK_BACK_SPACE", {});
}
diff --git a/dom/url/tests/test_url.html b/dom/url/tests/test_url.html
index d07a752bb4..73e75667d8 100644
--- a/dom/url/tests/test_url.html
+++ b/dom/url/tests/test_url.html
@@ -399,6 +399,18 @@
</script>
<script>
+ /** Test for Bug 1275746 **/
+ SimpleTest.doesThrow(() => { var url = new URL("http:"); }, "http: is not a valid URL");
+ SimpleTest.doesThrow(() => { var url = new URL("http:///"); }, "http: is not a valid URL");
+
+ var url = new URL("file:");
+ is(url.href, "file:///", "Parsing file: should work.");
+
+ url = new URL("file:///");
+ is(url.href, "file:///", "Parsing file:/// should work.");
+ </script>
+
+ <script>
var url = new URL("scheme:path/to/file?query#hash");
is(url.href, "scheme:path/to/file?query#hash");
is(url.pathname, "path/to/file");
diff --git a/extensions/cookie/test/unit/test_bug526789.js b/extensions/cookie/test/unit/test_bug526789.js
index 0eac1d4929..624044577c 100644
--- a/extensions/cookie/test/unit/test_bug526789.js
+++ b/extensions/cookie/test/unit/test_bug526789.js
@@ -79,23 +79,11 @@ function run_test() {
cm.removeAll();
- // test that setting an empty or '.' http:// host results in a no-op
var uri = NetUtil.newURI("http://baz.com/");
- var emptyuri = NetUtil.newURI("http:///");
- var doturi = NetUtil.newURI("http://./");
do_check_eq(uri.asciiHost, "baz.com");
- do_check_eq(emptyuri.asciiHost, "");
- do_check_eq(doturi.asciiHost, ".");
- cs.setCookieString(emptyuri, null, "foo2=bar", null);
- do_check_eq(getCookieCount(), 0);
- cs.setCookieString(doturi, null, "foo3=bar", null);
- do_check_eq(getCookieCount(), 0);
cs.setCookieString(uri, null, "foo=bar", null);
- do_check_eq(getCookieCount(), 1);
do_check_eq(cs.getCookieString(uri, null), "foo=bar");
- do_check_eq(cs.getCookieString(emptyuri, null), null);
- do_check_eq(cs.getCookieString(doturi, null), null);
do_check_eq(cm.countCookiesFromHost(""), 0);
do_check_throws(function() {
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index bc1350f28f..983e938caf 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -1483,6 +1483,11 @@ nsStandardURL::SetSpec(const nsACString &input)
rv = BuildNormalizedSpec(spec);
}
+ // Make sure that a URLTYPE_AUTHORITY has a non-empty hostname.
+ if (mURLType == URLTYPE_AUTHORITY && mHost.mLen == -1) {
+ rv = NS_ERROR_MALFORMED_URI;
+ }
+
if (NS_FAILED(rv)) {
Clear();
// If parsing the spec has failed, restore the old URL
@@ -3092,20 +3097,26 @@ nsStandardURL::SetFile(nsIFile *file)
rv = net_GetURLSpecFromFile(file, url);
if (NS_FAILED(rv)) return rv;
- SetSpec(url);
+ uint32_t oldURLType = mURLType;
+ uint32_t oldDefaultPort = mDefaultPort;
+ rv = Init(nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, url, nullptr, nullptr);
- rv = Init(mURLType, mDefaultPort, url, nullptr, nullptr);
+ if (NS_FAILED(rv)) {
+ // Restore the old url type and default port if the call to Init fails.
+ mURLType = oldURLType;
+ mDefaultPort = oldDefaultPort;
+ return rv;
+ }
// must clone |file| since its value is not guaranteed to remain constant
- if (NS_SUCCEEDED(rv)) {
- InvalidateCache();
- if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) {
- NS_WARNING("nsIFile::Clone failed");
- // failure to clone is not fatal (GetFile will generate mFile)
- mFile = nullptr;
- }
+ InvalidateCache();
+ if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) {
+ NS_WARNING("nsIFile::Clone failed");
+ // failure to clone is not fatal (GetFile will generate mFile)
+ mFile = nullptr;
}
- return rv;
+
+ return NS_OK;
}
//----------------------------------------------------------------------------
diff --git a/netwerk/test/unit/test_URIs.js b/netwerk/test/unit/test_URIs.js
index b68c4f7874..5bc7fe432d 100644
--- a/netwerk/test/unit/test_URIs.js
+++ b/netwerk/test/unit/test_URIs.js
@@ -92,18 +92,6 @@ var gTests = [
ref: "",
relativeURI: "data/text/plain,2",
nsIURL: true, nsINestedURI: false },
- { spec: "ftp://",
- scheme: "ftp",
- prePath: "ftp://",
- path: "/",
- ref: "",
- nsIURL: true, nsINestedURI: false },
- { spec: "ftp:///",
- scheme: "ftp",
- prePath: "ftp://",
- path: "/",
- ref: "",
- nsIURL: true, nsINestedURI: false },
{ spec: "ftp://ftp.mozilla.org/pub/mozilla.org/README",
scheme: "ftp",
prePath: "ftp://ftp.mozilla.org",
@@ -135,18 +123,6 @@ var gTests = [
path: "//mozilla.org/",
ref: "",
nsIURL: false, nsINestedURI: false },
- { spec: "http://",
- scheme: "http",
- prePath: "http://",
- path: "/",
- ref: "",
- nsIURL: true, nsINestedURI: false },
- { spec: "http:///",
- scheme: "http",
- prePath: "http://",
- path: "/",
- ref: "",
- nsIURL: true, nsINestedURI: false },
{ spec: "http://www.example.com/",
scheme: "http",
prePath: "http://www.example.com",
diff --git a/netwerk/test/unit/test_standardurl.js b/netwerk/test/unit/test_standardurl.js
index c4d44f41ff..a1a320721e 100644
--- a/netwerk/test/unit/test_standardurl.js
+++ b/netwerk/test/unit/test_standardurl.js
@@ -335,6 +335,14 @@ add_test(function test_backslashReplacement()
run_next_test();
});
+add_test(function test_authority_host()
+{
+ Assert.throws(() => { stringToURL("http:"); }, "TYPE_AUTHORITY should have host");
+ Assert.throws(() => { stringToURL("http:///"); }, "TYPE_AUTHORITY should have host");
+
+ run_next_test();
+});
+
add_test(function test_trim_C0_and_space()
{
var url = stringToURL("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f http://example.com/ \x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f ");
diff --git a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js b/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js
index 244b79a5ee..710a65ee56 100644
--- a/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js
+++ b/services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js
@@ -143,7 +143,7 @@ add_test(function serverErrorResponse () {
add_test(function networkErrorResponse () {
let client = new FxAccountsOAuthGrantClient({
- serverURL: "http://",
+ serverURL: "http://domain.dummy",
client_id: "abc123"
});
Services.prefs.setBoolPref("identity.fxaccounts.skipDeviceRegistration", true);
diff --git a/services/fxaccounts/tests/xpcshell/test_profile_client.js b/services/fxaccounts/tests/xpcshell/test_profile_client.js
index 2243da3aab..20ff6efc61 100644
--- a/services/fxaccounts/tests/xpcshell/test_profile_client.js
+++ b/services/fxaccounts/tests/xpcshell/test_profile_client.js
@@ -268,7 +268,7 @@ add_test(function server401ResponsePersists () {
add_test(function networkErrorResponse () {
let client = new FxAccountsProfileClient({
- serverURL: "http://",
+ serverURL: "http://domain.dummy",
fxa: mockFxa,
});
client.fetchProfile()
diff --git a/testing/web-platform/meta/XMLHttpRequest/open-url-bogus.htm.ini b/testing/web-platform/meta/XMLHttpRequest/open-url-bogus.htm.ini
deleted file mode 100644
index ef7b5d9100..0000000000
--- a/testing/web-platform/meta/XMLHttpRequest/open-url-bogus.htm.ini
+++ /dev/null
@@ -1,11 +0,0 @@
-[open-url-bogus.htm]
- type: testharness
- [XMLHttpRequest: open() - bogus URLs (http:)]
- expected: FAIL
-
- [XMLHttpRequest: open() - bogus URLs (ftp:)]
- expected: FAIL
-
- [XMLHttpRequest: open() - bogus URLs (http:////////////)]
- expected: FAIL
-
diff --git a/testing/web-platform/meta/url/url-constructor.html.ini b/testing/web-platform/meta/url/url-constructor.html.ini
index 6da03043b2..22fddbc15e 100644
--- a/testing/web-platform/meta/url/url-constructor.html.ini
+++ b/testing/web-platform/meta/url/url-constructor.html.ini
@@ -219,6 +219,3 @@
[Parsing: <http://example.com/foo/%2e./%2e%2e/.%2e/%2e.bar> against <about:blank>]
expected: FAIL
- [Parsing: <http:> against <https://example.org/foo/bar>]
- expected: FAIL
-
diff --git a/toolkit/components/passwordmgr/test/unit/test_logins_search.js b/toolkit/components/passwordmgr/test/unit/test_logins_search.js
index 188c75039d..7307719812 100644
--- a/toolkit/components/passwordmgr/test/unit/test_logins_search.js
+++ b/toolkit/components/passwordmgr/test/unit/test_logins_search.js
@@ -192,7 +192,6 @@ add_task(function test_search_all_full_case_sensitive()
{
checkAllSearches({ hostname: "http://www.example.com" }, 1);
checkAllSearches({ hostname: "http://www.example.com/" }, 0);
- checkAllSearches({ hostname: "http://" }, 0);
checkAllSearches({ hostname: "example.com" }, 0);
checkAllSearches({ formSubmitURL: "http://www.example.com" }, 2);
diff --git a/toolkit/components/places/UnifiedComplete.js b/toolkit/components/places/UnifiedComplete.js
index ad3d35aab7..acd358b116 100644
--- a/toolkit/components/places/UnifiedComplete.js
+++ b/toolkit/components/places/UnifiedComplete.js
@@ -1245,7 +1245,7 @@ Search.prototype = {
// * If the protocol differs we should not match. For example if the user
// searched https we should not return http.
try {
- let prefixURI = NetUtil.newURI(this._strippedPrefix);
+ let prefixURI = NetUtil.newURI(this._strippedPrefix + match.token);
let finalURI = NetUtil.newURI(match.url);
if (prefixURI.scheme != finalURI.scheme)
return false;
diff --git a/toolkit/components/places/nsNavHistory.cpp b/toolkit/components/places/nsNavHistory.cpp
index 8cf3a2e324..7f4007c1ab 100644
--- a/toolkit/components/places/nsNavHistory.cpp
+++ b/toolkit/components/places/nsNavHistory.cpp
@@ -949,6 +949,10 @@ nsresult // static
nsNavHistory::AsciiHostNameFromHostString(const nsACString& aHostName,
nsACString& aAscii)
{
+ aAscii.Truncate();
+ if (aHostName.IsEmpty()) {
+ return NS_OK;
+ }
// To properly generate a uri we must provide a protocol.
nsAutoCString fakeURL("http://");
fakeURL.Append(aHostName);