Download attribute set to "*\" save file with name "example.com"
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Mar 2017 17:55:13 +0000 (17:55 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 2 Mar 2017 17:55:13 +0000 (17:55 +0000)
https://bugs.webkit.org/show_bug.cgi?id=169066
<rdar://problem/30740875>

Reviewed by Alex Christensen.

Source/WebCore:

The issue is that a backslash in recognized as an escaping character in
a quoted string as per RFC2616:
"
The backslash character ("\") MAY be used as a single-character
quoting mechanism only within quoted-string and comment constructs.
"

We therefore need to escape the backslashes in the filename before
using it in the Content-Disposition header, inside the quoted string.

Test: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html

* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::sanitizeSuggestedFilename):

LayoutTests:

Add layout test coverage.

* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt: Added.
* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@213284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html [new file with mode: 0644]
LayoutTests/platform/ios-simulator-wk1/TestExpectations
LayoutTests/platform/ios-simulator-wk2/TestExpectations
LayoutTests/platform/mac-wk1/TestExpectations
LayoutTests/platform/win/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/network/ResourceResponseBase.cpp

index e2f6330..7721ddc 100644 (file)
@@ -1,3 +1,16 @@
+2017-03-02  Chris Dumez  <cdumez@apple.com>
+
+        Download attribute set to "*\" save file with name "example.com"
+        https://bugs.webkit.org/show_bug.cgi?id=169066
+        <rdar://problem/30740875>
+
+        Reviewed by Alex Christensen.
+
+        Add layout test coverage.
+
+        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt: Added.
+        * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html: Added.
+
 2017-03-02  Youenn Fablet  <youenn@apple.com>
 
         [WebRTC] Activate ICE candidate privacy policy
diff --git a/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt b/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt
new file mode 100644 (file)
index 0000000..1717e06
--- /dev/null
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "*\.png"
+Download completed.
+The suggested filename above should be "*\.png" and the download should succeed.
+
+File backed blob URL
diff --git a/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html b/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html
new file mode 100644 (file)
index 0000000..316cc7a
--- /dev/null
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type='text/javascript'>
+if (window.testRunner) {
+  testRunner.dumpAsText();
+  testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should be "*\.png" and the download should succeed.</p>
+<a id="blob-url" download="*\">File backed blob URL</a>
+<script>
+function click(elmt)
+{
+    if (!window.eventSender) {
+        alert('Click the link to run the test.');
+        return;
+    }
+    eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+    eventSender.mouseDown();
+    eventSender.mouseUp();
+}
+
+function runTest()
+{
+    file = internals.createFile("../resources/abe.png");
+    var link = document.getElementById("blob-url");
+    link.href = window.URL.createObjectURL(file);
+    click(link);
+}
+runTest();
+</script>
+</body>
+</html>
index 7d4ebe6..116b52f 100644 (file)
@@ -1331,6 +1331,7 @@ webkit.org/b/155495 compositing/visible-rect/animated-from-none.html [ Failure P
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
index d3aea05..a79970f 100644 (file)
@@ -1812,6 +1812,7 @@ webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download-unset.html [ Skip
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
index a785088..3f524ca 100644 (file)
@@ -215,6 +215,7 @@ webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download.html [ Failure ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
index d0dfa3d..1469941 100644 (file)
@@ -445,6 +445,7 @@ fast/dom/HTMLAnchorElement/anchor-download-unset.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
index 2eedfed..bcd1782 100644 (file)
@@ -1,3 +1,26 @@
+2017-03-02  Chris Dumez  <cdumez@apple.com>
+
+        Download attribute set to "*\" save file with name "example.com"
+        https://bugs.webkit.org/show_bug.cgi?id=169066
+        <rdar://problem/30740875>
+
+        Reviewed by Alex Christensen.
+
+        The issue is that a backslash in recognized as an escaping character in
+        a quoted string as per RFC2616:
+        "
+        The backslash character ("\") MAY be used as a single-character
+        quoting mechanism only within quoted-string and comment constructs.
+        "
+
+        We therefore need to escape the backslashes in the filename before
+        using it in the Content-Disposition header, inside the quoted string.
+
+        Test: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html
+
+        * platform/network/ResourceResponseBase.cpp:
+        (WebCore::ResourceResponseBase::sanitizeSuggestedFilename):
+
 2017-03-02  Youenn Fablet  <youenn@apple.com>
 
         [WebRTC] Activate ICE candidate privacy policy
index 92a014c..4ef7d6f 100644 (file)
@@ -231,7 +231,7 @@ String ResourceResponseBase::sanitizeSuggestedFilename(const String& suggestedFi
 
     ResourceResponse response(URL(ParsedURLString, "http://example.com/"), String(), -1, String());
     response.setHTTPStatusCode(200);
-    String escapedSuggestedFilename = String(suggestedFilename).replace('\"', "\\\"");
+    String escapedSuggestedFilename = String(suggestedFilename).replace('\\', "\\\\").replace('\"', "\\\"");
     String value = makeString("attachment; filename=\"", escapedSuggestedFilename, '"');
     response.setHTTPHeaderField(HTTPHeaderName::ContentDisposition, value);
     return response.suggestedFilename();