Bug 1395508. r=dao

MozReview-Commit-ID: 8jH9dyj5JZU --HG-- extra : rebase_source : bb6a05188c49c281be6fc405ec155936ab42c603
2024-10-14 22:05:44 +00:00 · 2017-11-08 15:42:21 +01:00 · 2017-11-08 15:42:21 +01:00 · ec456e695c
commit ec456e695c
parent 6e1de765f0
2 changed files with 27 additions and 4 deletions
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -2763,9 +2763,12 @@ function losslessDecodeURI(aURI) {
                  //    a sequence that survived decodeURI, i.e. one for:
                  //    ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#'
                  //    (RFC 3987 section 3.2)
-                  // 2. Re-encode whitespace so that it doesn't get eaten away
-                  //    by the location bar (bug 410726).
-                  .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]/ig,
+                  // 2. Re-encode select whitespace so that it doesn't get eaten
+                  //    away by the location bar (bug 410726). Re-encode all
+                  //    adjacent whitespace, to prevent spoofing attempts where
+                  //    invisible characters would push part of the URL to
+                  //    overflow the location bar (bug 1395508).
+                  .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]|\s(?=\s)|\s$/ig,
                           encodeURIComponent);
      } catch (e) {}
    }
--- a/browser/base/content/test/urlbar/browser_urlbarCopying.js
+++ b/browser/base/content/test/urlbar/browser_urlbarCopying.js
@ -164,11 +164,31 @@ var tests = [
    copyVal: "<example.com/?\xf7>\xf7",
    copyExpected: "http://example.com/?\xf7"
  },
+  {
+    loadURL: "http://example.com/a%20test",
+    expectedURL: "example.com/a test",
+    copyExpected: "http://example.com/a%20test"
+  },
+  {
+    loadURL: "http://example.com/a%E3%80%80test",
+    expectedURL: toUnicode("example.com/a　test"),
+    copyExpected: "http://example.com/a%E3%80%80test"
+  },
+  {
+    loadURL: "http://example.com/a%20%C2%A0test",
+    expectedURL: "example.com/a%20%C2%A0test",
+    copyExpected: "http://example.com/a%20%C2%A0test"
+  },
  {
    loadURL: "http://example.com/%20%20%20",
-    expectedURL: "example.com/   ",
+    expectedURL: "example.com/%20%20%20",
    copyExpected: "http://example.com/%20%20%20"
  },
+  {
+    loadURL: "http://example.com/%E3%80%80%E3%80%80",
+    expectedURL: "example.com/%E3%80%80%E3%80%80",
+    copyExpected: "http://example.com/%E3%80%80%E3%80%80"
+  },

  // data: and javsacript: URIs shouldn't be encoded
  {