window.location.href and others needlessly decodes URI-encoded characters
authorarv@chromium.org <arv@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 6 Oct 2011 01:40:05 +0000 (01:40 +0000)
committerarv@chromium.org <arv@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 6 Oct 2011 01:40:05 +0000 (01:40 +0000)
commite09859934d06dabedaf5c145a7e9e47d62e2d236
tree93b97dceaae054d27df5574b52d890a27a83bc89
parent31cf6408eca291bb7852d70ed54698779a909a79
window.location.href and others needlessly decodes URI-encoded characters
https://bugs.webkit.org/show_bug.cgi?id=30225

Reviewed by Darin Adler.

Source/WebCore:

Don't decode KURL::path() and stop using KURL::deprecatedString() in Location methods.

This slightly changes how we parse data and javascript URLs (non hierarchical URLs) to
not encode so aggressively.

* fileapi/DOMFileSystemBase.cpp:
(WebCore::DOMFileSystemBase::crackFileSystemURL): Manually decode path()
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::defaultObjectContentType): Manually decode path()
* page/Location.cpp:
(WebCore::Location::href): Use string() instead of deprecatedString()
* page/Location.h:
(WebCore::Location::toString): Inline call to href()
* platform/KURL.cpp:
(WebCore::KURL::path): Don't decode.
(WebCore::escapeAndAppendNonHierarchicalPart): Rename escapeAndAppendFragment to escapeAndAppendNonHierarchicalPart
                                               since this is now used for more than just fragments.
(WebCore::KURL::parse): Don't decode
* platform/KURLGoogle.cpp:
(WebCore::KURL::path): Remove out of date comment
* platform/qt/KURLQt.cpp:
(WebCore::KURL::fileSystemPath): Manually decode path()
* platform/win/ClipboardWin.cpp:
(WebCore::createGlobalHDropContent): Manually decode path()
* workers/WorkerLocation.cpp:
(WebCore::WorkerLocation::href): Use string() instead of deprecatedString()
* workers/WorkerLocation.h:
(WebCore::WorkerLocation::toString): Inline call to href()

Tools:

* DumpRenderTree/chromium/TestShell.cpp:
(normalizeLayoutTestURLInternal): Remove extra encode.

LayoutTests:

The path part of location.href and location.pathname are now not decoded and we keep percent escape sequences.

data and javascript URLs only encodes non ascii characters.

* fast/dom/anchor-origin-expected.txt:
* fast/dom/anchor-origin.html: Change to not use document.write since we don't want to output HTML.
* fast/history/history-back-initial-vs-final-url-expected.txt:
* fast/loader/subframe-navigate-during-main-frame-load-expected.txt:
* fast/url/file-http-base-expected.txt:
* fast/url/mailto-expected.txt:
* fast/url/script-tests/file-http-base.js:
* fast/url/script-tests/segments.js:
* fast/url/script-tests/standard-url.js:
* fast/url/segments-expected.txt:
* fast/url/segments-from-data-url-expected.txt:
* fast/url/segments.html: Use UTF-8
* fast/url/standard-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
* platform/chromium-cg-mac/fast/url/standard-url-expected.txt:
* platform/chromium-linux/fast/url/standard-url-expected.txt:
* platform/chromium-mac/fast/url/standard-url-expected.txt:
* platform/chromium-win/fast/url/standard-url-expected.txt:
* platform/chromium/fast/dom/anchor-origin-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@96779 268f45cc-cd09-0410-ab3c-d52691b4dbfc
47 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/dom/anchor-origin-expected.txt
LayoutTests/fast/dom/anchor-origin.html
LayoutTests/fast/history/history-back-initial-vs-final-url-expected.txt
LayoutTests/fast/loader/subframe-navigate-during-main-frame-load-expected.txt
LayoutTests/fast/url/file-http-base-expected.txt
LayoutTests/fast/url/mailto-expected.txt
LayoutTests/fast/url/script-tests/file-http-base.js
LayoutTests/fast/url/script-tests/segments.js
LayoutTests/fast/url/script-tests/standard-url.js
LayoutTests/fast/url/segments-expected.txt
LayoutTests/fast/url/segments-from-data-url-expected.txt
LayoutTests/fast/url/segments.html
LayoutTests/fast/url/standard-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
LayoutTests/platform/chromium-cg-mac/fast/url/standard-url-expected.txt
LayoutTests/platform/chromium-linux/fast/url/standard-url-expected.txt
LayoutTests/platform/chromium-mac/fast/url/standard-url-expected.txt
LayoutTests/platform/chromium-win/fast/url/standard-url-expected.txt
LayoutTests/platform/chromium/fast/dom/anchor-origin-expected.txt [deleted file]
Source/WebCore/ChangeLog
Source/WebCore/fileapi/DOMFileSystemBase.cpp
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/page/Location.cpp
Source/WebCore/page/Location.h
Source/WebCore/platform/KURL.cpp
Source/WebCore/platform/KURLGoogle.cpp
Source/WebCore/platform/qt/KURLQt.cpp
Source/WebCore/platform/win/ClipboardWin.cpp
Source/WebCore/workers/WorkerLocation.cpp
Source/WebCore/workers/WorkerLocation.h
Tools/ChangeLog
Tools/DumpRenderTree/chromium/TestShell.cpp