Make sure that nsSimpleURI also strips newlines out of the uri spec... Bug

211599, r=dougt, sr=darin
2024-11-29 07:42:04 +00:00 · 2003-07-08 20:09:17 +00:00 · 2003-07-08 20:09:17 +00:00 · 7fd6554181
commit 7fd6554181
parent 14fa809554
6 changed files with 79 additions and 51 deletions
--- a/layout/generic/nsObjectFrame.cpp
+++ b/layout/generic/nsObjectFrame.cpp
@ -964,9 +964,6 @@ nsObjectFrame::MakeAbsoluteURL(nsIURI* *aFullURI,
  nsCOMPtr<nsIDocument> document;
  rv = mInstanceOwner->GetDocument(getter_AddRefs(document));

-  //trim leading and trailing whitespace
-  aSrc.Trim(" \n\r\t\b", PR_TRUE, PR_TRUE, PR_FALSE);
-
  // get document charset
  nsCAutoString originCharset;
  if (document && NS_FAILED(document->GetDocumentCharacterSet(originCharset)))
--- a/layout/html/base/src/nsObjectFrame.cpp
+++ b/layout/html/base/src/nsObjectFrame.cpp
@ -964,9 +964,6 @@ nsObjectFrame::MakeAbsoluteURL(nsIURI* *aFullURI,
  nsCOMPtr<nsIDocument> document;
  rv = mInstanceOwner->GetDocument(getter_AddRefs(document));

-  //trim leading and trailing whitespace
-  aSrc.Trim(" \n\r\t\b", PR_TRUE, PR_TRUE, PR_FALSE);
-
  // get document charset
  nsCAutoString originCharset;
  if (document && NS_FAILED(document->GetDocumentCharacterSet(originCharset)))
--- a/netwerk/base/src/nsSimpleURI.cpp
+++ b/netwerk/base/src/nsSimpleURI.cpp
@ -134,15 +134,27 @@ nsSimpleURI::GetSpec(nsACString &result)
 NS_IMETHODIMP
 nsSimpleURI::SetSpec(const nsACString &aSpec)
 {
-    nsCAutoString spec;
-    if (aSpec.IsEmpty()) {
+    const nsAFlatCString& flat = PromiseFlatCString(aSpec);
+    const char* specPtr = flat.get();
+
+    // filter out unexpected chars "\r\n\t" if necessary
+    nsCAutoString filteredSpec;
+    PRInt32 specLen;
+    if (net_FilterURIString(specPtr, filteredSpec)) {
+        specPtr = filteredSpec.get();
+        specLen = filteredSpec.Length();
+    } else
+        specLen = flat.Length();
+
+    if (specLen == 0) {
        mScheme.Truncate();
        mPath.Truncate();
        return NS_OK;
    }

    // nsSimpleURI currently restricts the charset to US-ASCII
-    NS_EscapeURL(PromiseFlatCString(aSpec), esc_OnlyNonASCII|esc_AlwaysCopy, spec);
+    nsCAutoString spec;
+    NS_EscapeURL(specPtr, specLen, esc_OnlyNonASCII|esc_AlwaysCopy, spec);

    PRInt32 pos = spec.FindChar(':');
    if (pos == -1)
--- a/netwerk/base/src/nsStandardURL.cpp
+++ b/netwerk/base/src/nsStandardURL.cpp
@ -126,43 +126,6 @@ end:
    return rv;
 }

-// filter out \t\r\n
-static const char *
-FilterString(const char *str, nsCString &result)
-{
-    PRBool writing = PR_FALSE;
-    result.Truncate();
-    const char *p = str;
-
-    // Remove leading spaces, tabs, CR, LF if any.
-    while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n') {
-        writing = PR_TRUE;
-        str = p + 1;
-        p++;
-    }
-
-    for (; *p; ++p) {
-        if (*p == '\t' || *p == '\r' || *p == '\n') {
-            writing = PR_TRUE;
-            // append chars up to but not including *p
-            if (p > str)
-                result.Append(str, p - str);
-            str = p + 1;
-        }
-    }
-
-    // Remove trailing spaces if any
-    while (((p-1) >= str) && (*(p-1) == ' ')) {
-        writing = PR_TRUE;
-        p--;
-    }
-
-    if (writing && p > str)
-        result.Append(str, p - str);
-
-    return writing ? result.get() : str;
-}
-
 //----------------------------------------------------------------------------
 // nsStandardURL::nsPrefObserver
 //----------------------------------------------------------------------------
@ -995,7 +958,8 @@ nsStandardURL::SetSpec(const nsACString &input)

    // filter out unexpected chars "\r\n\t" if necessary
    nsCAutoString buf1;
-    spec = FilterString(spec, buf1);
+    if (net_FilterURIString(spec, buf1))
+        spec = buf1.get();

    // parse the given URL...
    nsresult rv = ParseURL(spec);
@ -1496,10 +1460,13 @@ nsStandardURL::Resolve(const nsACString &in, nsACString &out)

    // filter out unexpected chars "\r\n\t" if necessary
    nsCAutoString buf;
-    relpath = FilterString(relpath, buf);
-    // Calculate the new relpath length if FilterString modified it
-    const PRInt32 relpathLen = !buf.IsEmpty() ?
-                               buf.Length() : flat.Length();
+    PRInt32 relpathLen;
+    if (net_FilterURIString(relpath, buf)) {
+        relpath = buf.get();
+        relpathLen = buf.Length();
+    } else
+        relpathLen = flat.Length();
+    
    // XXX hack hack hack
    char *p = nsnull;
    char **result = &p;
--- a/netwerk/base/src/nsURLHelper.cpp
+++ b/netwerk/base/src/nsURLHelper.cpp
@ -520,6 +520,44 @@ net_IsValidScheme(const char *scheme, PRUint32 schemeLen)
    return PR_TRUE;
 }

+PRBool
+net_FilterURIString(const char *str, nsACString& result)
+{
+    NS_PRECONDITION(str, "Must have a non-null string!");
+    PRBool writing = PR_FALSE;
+    result.Truncate();
+    const char *p = str;
+
+    // Remove leading spaces, tabs, CR, LF if any.
+    while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n') {
+        writing = PR_TRUE;
+        str = p + 1;
+        p++;
+    }
+
+    while (*p) {
+        if (*p == '\t' || *p == '\r' || *p == '\n') {
+            writing = PR_TRUE;
+            // append chars up to but not including *p
+            if (p > str)
+                result.Append(str, p - str);
+            str = p + 1;
+        }
+        p++;
+    }
+
+    // Remove trailing spaces if any
+    while (((p-1) >= str) && (*(p-1) == ' ')) {
+        writing = PR_TRUE;
+        p--;
+    }
+
+    if (writing && p > str)
+        result.Append(str, p - str);
+
+    return writing;
+}
+
 //----------------------------------------------------------------------------
 // miscellaneous (i.e., stuff that should really be elsewhere)
 //----------------------------------------------------------------------------
--- a/netwerk/base/src/nsURLHelper.h
+++ b/netwerk/base/src/nsURLHelper.h
@ -109,6 +109,23 @@ inline PRBool net_IsValidScheme(const nsAFlatCString &scheme)
    return net_IsValidScheme(scheme.get(), scheme.Length());
 }

+/**
+ * Filter out whitespace from a URI string.  The input is the |str|
+ * pointer. |result| is written to if and only if there is whitespace that has
+ * to be filtered out.  The return value is true if and only if |result| is
+ * written to.
+ *
+ * This function strips out all whitespace at the beginning and end of the URL
+ * and strips out \r, \n, \t from the middle of the URL.  This makes it safe to
+ * call on things like javascript: urls or data: urls, where we may in fact run
+ * into whitespace that is not properly encoded.
+ *
+ * @param str the pointer to the string to filter.  Must be non-null.
+ * @param result the out param to write to if filtering happens
+ * @return whether result was written to
+ */
+PRBool net_FilterURIString(const char *str, nsACString& result);
+
 /*****************************************************************************
 * generic string routines follow (XXX move to someplace more generic).
 */