2009-09-10 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Sep 2009 16:41:46 +0000 (16:41 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Sep 2009 16:41:46 +0000 (16:41 +0000)
        Reviewed by Alexey Proskuryakov.

        https://bugs.webkit.org/show_bug.cgi?id=24205

        Added a test case for inserting a new line character into the
        request-uri.

        * http/tests/xmlhttprequest/newline-in-request-uri-expected.txt: Added.
        * http/tests/xmlhttprequest/newline-in-request-uri.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri.html [new file with mode: 0644]

index 85f7ee2a1a31352a8b0fee85c0930ff3e7660723..c57606b8b95fed4be605571a3b3601a8123c9c0b 100644 (file)
@@ -1,3 +1,15 @@
+2009-09-10  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24205
+
+        Added a test case for inserting a new line character into the
+        request-uri.
+
+        * http/tests/xmlhttprequest/newline-in-request-uri-expected.txt: Added.
+        * http/tests/xmlhttprequest/newline-in-request-uri.html: Added.
+
 2009-09-09  Steve Block  <steveblock@google.com>
 
         Reviewed by Maciej Stachowiak.
diff --git a/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri-expected.txt b/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri-expected.txt
new file mode 100644 (file)
index 0000000..6cc0d70
--- /dev/null
@@ -0,0 +1,4 @@
+Test for bug 22731: Newline in XMLHttpRequest URL can be used to remove HTTP headers (e.g. Host:).
+
+LF SUCCESS
+CR SUCCESS
diff --git a/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri.html b/LayoutTests/http/tests/xmlhttprequest/newline-in-request-uri.html
new file mode 100644 (file)
index 0000000..9f6b0fb
--- /dev/null
@@ -0,0 +1,23 @@
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=22731">bug 22731</a>:
+Newline in XMLHttpRequest URL can be used to remove HTTP headers (e.g. Host:).</p>
+<pre id="lf">LF FAIL: test did not run</pre>
+<pre id="cr">CR FAIL: test did not run</pre>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var req = new XMLHttpRequest;
+req.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/print-headers.cgi\n", false);
+req.send(null);
+if (req.responseText.match(/HTTP_HOST: 127.0.0.1:8000/))
+    document.getElementById("lf").innerHTML = "LF SUCCESS";
+else
+    document.getElementById("lf").innerHTML = "LF FAIL. Headers are:\n" + req.responseText;
+
+req.open("GET", "http://127.0.0.1:8000/xmlhttprequest/resources/print-headers.cgi\r", false);
+req.send(null);
+if (req.responseText.match(/HTTP_HOST: 127.0.0.1:8000/))
+    document.getElementById("cr").innerHTML = "CR SUCCESS";
+else
+    document.getElementById("cr").innerHTML = "CR FAIL. Headers are:\n" + req.responseText;
+</script>