Closed
Bug 1302312
Opened 8 years ago
Closed 8 years ago
[XHR][URL] Treat URLs with username or password but no host info as malformed.
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla51
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | fixed |
People
(Reporter: wisniewskit, Assigned: wisniewskit)
References
()
Details
(Whiteboard: [necko-active])
Attachments
(1 file, 1 obsolete file)
The XMLHttpRequest web platform test open-url-bogus.htm is presently failing because xhr.open() does not throw for the URL: http://u:p@/ This patch fixes it by throwing the expected exception in nsAuthURLParser::ParseAuthority, which also fixes a bunch of web platform tests for the URL object's constructor. A try-run for this approach seems clean as well: https://treeherder.mozilla.org/#/jobs?repo=try&revision=aecdd072d9f8
Attachment #8790561 -
Flags: review?(honzab.moz)
|
||
Updated•8 years ago
|
Whiteboard: [necko-active]
|
||
Comment 1•8 years ago
|
||
Comment on attachment 8790561 [details] [diff] [review] treat-urls-with-username-or-password-without-host-as-malformed.diff Valentin, this more sounds like a job for you. Feel free to bounce back, tho.
Attachment #8790561 -
Flags: review?(honzab.moz) → review?(valentin.gosu)
|
|
||
Comment 2•8 years ago
|
||
Comment on attachment 8790561 [details] [diff] [review] treat-urls-with-username-or-password-without-host-as-malformed.diff Review of attachment 8790561 [details] [diff] [review]: ----------------------------------------------------------------- Patch looks great. r=valentin Could you please these lines to test_standardurl.js::test_authority_host so we don't regress? Assert.throws(() => { stringToURL("http://u:p@/"); }, "User or password without host is not allowed"); Assert.throws(() => { stringToURL("http:@/"); }, "Must have a host"); Thanks!
Attachment #8790561 -
Flags: review?(valentin.gosu) → review+
|
Assignee | |
Comment 3•8 years ago
|
||
Sure thing. Here's an updated version of the patch with those new tests. Thanks, guys! Carrying over r+ and requesting check-in.
Attachment #8790561 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/32fb14de50fe Treat URLs with username or password but no host info as malformed. r=valentin
Keywords: checkin-needed
|
||
Comment 5•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/32fb14de50fe
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in
before you can comment on or make changes to this bug.
Description
•