Open Bug 1834703 Opened 1 year ago Updated 11 months ago

Return null origin of "blob:" URL containing inner non-"http(s):" URL

Categories

(Core :: DOM: Networking, enhancement, P2)

enhancement

Tracking

()

ASSIGNED

People

(Reporter: valentin, Assigned: canadahonk)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Summary: Return null origin of "blob:" URL containing inner "blob:" URL → Return null origin of "blob:" URL containing inner non-"http(s):" URL

Return null origin of a blob URL containing an inner URL which is not of
http/https schemes to comply with new spec change.

Examples:

  • "blob:blob:https://example.org/" - inner blob URL
  • "blob:ws://example.org/" - inner non-http(s) URL

Spec PR: https://github.com/whatwg/url/pull/771
WPT tests: https://github.com/web-platform-tests/wpt/pull/40133

New WPT tests are not merged into central yet, so tested manually
instead and results are as expected with WPTs.

Assignee: nobody → oj
Status: NEW → ASSIGNED
Pushed by oj@oojmed.com:
https://hg.mozilla.org/integration/autoland/rev/34c5add98599
Return null origin of "blob:" URL containing inner non-"http(s):" URL r=smaug,valentin

Backed out for causing xpcshell failure on test_BrowserUtils_urlFormatting.js

Backout link

Push with failures

Failure log

Flags: needinfo?(oj)
Attachment #9336464 - Attachment description: Bug 1834703 - Return null origin of "blob:" URL containing inner non-"http(s):" URL → Bug 1834703 - Return null origin of "blob:" URL containing unwhitelisted inner schemes
Attachment #9336464 - Attachment description: Bug 1834703 - Return null origin of "blob:" URL containing unwhitelisted inner schemes → Bug 1834703 - Return null origin of "blob:" URL containing disallowed inner schemes

Sorry for the trouble, updated patch.

Flags: needinfo?(oj)
Pushed by oj@oojmed.com:
https://hg.mozilla.org/integration/autoland/rev/7cd945c5be6e
Return null origin of "blob:" URL containing disallowed inner schemes r=smaug,valentin

Sorry, didn't catch those tests; updated expectations in patch and retested.

Flags: needinfo?(oj)
Pushed by oj@oojmed.com:
https://hg.mozilla.org/integration/autoland/rev/af0665af9541
Return null origin of "blob:" URL containing disallowed inner schemes r=smaug,valentin

Test expectations changes were slightly wrong, will fix later.

Flags: needinfo?(oj)
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/2d7083c6241d
Return null origin of "blob:" URL containing disallowed inner schemes r=smaug,valentin
Backout by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bdc116caf375
Backed out changeset 2d7083c6241d for bc failure on browser_wpi_isolate_high_value.js

There is an r+ patch which didn't land and no activity in this bug for 2 weeks.
:canadahonk, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit BugBot documentation.

Flags: needinfo?(smaug)
Flags: needinfo?(oj)

Marked as changes planned.

Flags: needinfo?(smaug)
Flags: needinfo?(oj)

Note the small proposed change in https://github.com/whatwg/url/pull/780 to safelist the "file" scheme as well.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: