Skip to content
  • tsepez@chromium.org's avatar
    decodeEscapeSequences() not correct for some encodings (GBK, Big5, ...). · 0fff87c0
    tsepez@chromium.org authored
    https://bugs.webkit.org/show_bug.cgi?id=71316
    
    Reviewed by Daniel Bates.
    
    Source/WebCore:
    
    Pass trailing unescaped bytes into the character set decoder to get correct
    results in the presence of encodings which re-use ASCII values in sequences.
    
    Tests: http/tests/navigation/anchor-frames-gbk.html
           http/tests/security/xssAuditor/iframe-onload-GBK-char.html
           http/tests/security/xssAuditor/img-onerror-GBK-char.html
           http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode.html
           http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html
           http/tests/security/xssAuditor/script-tag-Big5-char.html
           http/tests/security/xssAuditor/script-tag-Big5-char2.html
    
    * platform/text/DecodeEscapeSequences.h:
    (WebCore::Unicode16BitEscapeSequence::findInString):
    (WebCore::Unicode16BitEscapeSequence::findEndOfRun):
    (WebCore::Unicode16BitEscapeSequence::decodeRun):
    (WebCore::URLEscapeSequence::findInString):
    (WebCore::URLEscapeSequence::findEndOfRun):
    (WebCore::URLEscapeSequence::decodeRun):
    (WebCore::decodeEscapeSequences):
    
    LayoutTests:
    
    * http/tests/navigation/anchor-frames-gbk-expected.txt: Added.
    * http/tests/navigation/anchor-frames-gbk.html: Added.
    * http/tests/navigation/resources/frame-with-anchor-gbk.html: Added.
    * http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt: Added.
    * http/tests/security/xssAuditor/iframe-onload-GBK-char.html: Added.
    * http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt: Added.
    * http/tests/security/xssAuditor/img-onerror-GBK-char.html: Added.
    * http/tests/security/xssAuditor/resources/echo-intertag-decode-16bit-unicode.pl:
    * http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode-expected.txt: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode.html: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char.html: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt: Added.
    * http/tests/security/xssAuditor/script-tag-Big5-char2.html: Added.
    * platform/chromium/test_expectations.txt:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105691 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    0fff87c0