commit 32d630146cd92f56bcf09c7e5b1497192a1a5703
parent 38235ce193f32279a729e4e60048104d0d5b4ebe
Author: Valentin Gosu <valentin.gosu@gmail.com>
Date: Tue, 4 Nov 2025 08:50:21 +0000
Bug 1997895 - Temporarily back out support for about and data URLs with hostnames (changeset c6777d2ebff8, bug 1873944) r=necko-reviewers,jesup
Differential Revision: https://phabricator.services.mozilla.com/D271050
Diffstat:
8 files changed, 83 insertions(+), 18 deletions(-)
diff --git a/netwerk/protocol/about/nsAboutProtocolHandler.cpp b/netwerk/protocol/about/nsAboutProtocolHandler.cpp
@@ -20,7 +20,6 @@
#include "nsIChannel.h"
#include "nsIScriptError.h"
#include "nsIClassInfoImpl.h"
-#include "DefaultURI.h"
#include "mozilla/ipc/URIUtils.h"
@@ -136,16 +135,6 @@ nsresult nsAboutProtocolHandler::CreateNewURI(const nsACString& aSpec,
NS_ENSURE_SUCCESS(rv, rv);
}
- // use DefaultURI to check for validity when we have possible hostnames
- // since nsSimpleURI doesn't know about hostnames
- auto pos = aSpec.Find("about:/");
- if (pos != kNotFound) {
- rv = NS_MutateURI(new mozilla::net::DefaultURI::Mutator())
- .SetSpec(aSpec)
- .Finalize(url);
- NS_ENSURE_SUCCESS(rv, rv);
- }
-
url.swap(*aResult);
return NS_OK;
}
diff --git a/netwerk/protocol/data/nsDataHandler.cpp b/netwerk/protocol/data/nsDataHandler.cpp
@@ -66,12 +66,16 @@ nsDataHandler::GetScheme(nsACString& result) {
// use DefaultURI to check for validity when we have possible hostnames
// since nsSimpleURI doesn't know about hostnames
- auto pos = aSpec.Find("data:/");
+ auto pos = aSpec.Find("data:");
if (pos != kNotFound) {
- rv = NS_MutateURI(new mozilla::net::DefaultURI::Mutator())
- .SetSpec(aSpec)
- .Finalize(uri);
- NS_ENSURE_SUCCESS(rv, rv);
+ nsDependentCSubstring rest(aSpec, pos + sizeof("data:") - 1, -1);
+ if (StringBeginsWith(rest, "//"_ns)) {
+ nsCOMPtr<nsIURI> uriWithHost;
+ rv = NS_MutateURI(new mozilla::net::DefaultURI::Mutator())
+ .SetSpec(aSpec)
+ .Finalize(uriWithHost);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
}
uri.forget(result);
diff --git a/testing/web-platform/meta/url/a-element-xhtml.xhtml.ini b/testing/web-platform/meta/url/a-element-xhtml.xhtml.ini
@@ -938,6 +938,9 @@
[a-element-xhtml.xhtml?exclude=(file|javascript|mailto)]
+ [Parsing: <about:/../> against <about:blank>]
+ expected: FAIL
+
[Parsing: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>]
expected: FAIL
@@ -962,5 +965,17 @@
[Parsing: <non-special:opaque\t\t \r #hi> against <about:blank>]
expected: FAIL
+ [Parsing: <data:/../> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data://example.com:8080/pathname?search#hash> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data:///test> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data://test/a/../b> against <about:blank>]
+ expected: FAIL
+
[a-element-xhtml.xhtml?include=mailto]
diff --git a/testing/web-platform/meta/url/a-element.html.ini b/testing/web-platform/meta/url/a-element.html.ini
@@ -970,6 +970,9 @@
[a-element.html?exclude=(file|javascript|mailto)]
+ [Parsing: <about:/../> against <about:blank>]
+ expected: FAIL
+
[Parsing: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>]
expected: FAIL
@@ -994,5 +997,17 @@
[Parsing: <non-special:opaque\t\t \r #hi> against <about:blank>]
expected: FAIL
+ [Parsing: <data:/../> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data://example.com:8080/pathname?search#hash> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data:///test> against <about:blank>]
+ expected: FAIL
+
+ [Parsing: <data://test/a/../b> against <about:blank>]
+ expected: FAIL
+
[a-element.html?include=mailto]
diff --git a/testing/web-platform/meta/url/url-constructor.any.js.ini b/testing/web-platform/meta/url/url-constructor.any.js.ini
@@ -1167,6 +1167,9 @@
[url-constructor.any.worker.html?exclude=(file|javascript|mailto)]
+ [Parsing: <about:/../> without base]
+ expected: FAIL
+
[Parsing: <http://!"$&'()*+,-.;=_`{}~/> without base]
expected: FAIL
@@ -1191,6 +1194,18 @@
[Parsing: <non-special:opaque\t\t \r #hi> without base]
expected: FAIL
+ [Parsing: <data:/../> without base]
+ expected: FAIL
+
+ [Parsing: <data://example.com:8080/pathname?search#hash> without base]
+ expected: FAIL
+
+ [Parsing: <data:///test> without base]
+ expected: FAIL
+
+ [Parsing: <data://test/a/../b> without base]
+ expected: FAIL
+
[url-constructor.any.html?include=file]
[Parsing: <//server/file> against <file:///tmp/mock/path>]
@@ -1485,6 +1500,9 @@
[url-constructor.any.html?exclude=(file|javascript|mailto)]
+ [Parsing: <about:/../> without base]
+ expected: FAIL
+
[Parsing: <http://!"$&'()*+,-.;=_`{}~/> without base]
expected: FAIL
@@ -1509,6 +1527,18 @@
[Parsing: <non-special:opaque\t\t \r #hi> without base]
expected: FAIL
+ [Parsing: <data:/../> without base]
+ expected: FAIL
+
+ [Parsing: <data://example.com:8080/pathname?search#hash> without base]
+ expected: FAIL
+
+ [Parsing: <data:///test> without base]
+ expected: FAIL
+
+ [Parsing: <data://test/a/../b> without base]
+ expected: FAIL
+
[url-constructor.any.html?include=javascript]
[Parsing: <javascript:/../> without base]
diff --git a/testing/web-platform/meta/url/url-setters-a-area.window.js.ini b/testing/web-platform/meta/url/url-setters-a-area.window.js.ini
@@ -49,6 +49,12 @@
[<area>: Setting <non-spec:/>.pathname = '//p']
expected: FAIL
+ [<a>: Setting <data:/nospace>.pathname = 'space ' Non-special URLs with non-opaque paths percent-encode U+0020]
+ expected: FAIL
+
+ [<area>: Setting <data:/nospace>.pathname = 'space ' Non-special URLs with non-opaque paths percent-encode U+0020]
+ expected: FAIL
+
[<a>: Setting <a:/>.pathname = '\x00\x01\t\n\r\x1f !"#$%&'()*+,-./09:;<=>?@AZ[\\\]^_`az{|}~Éé' UTF-8 percent encoding with the default encode set. Tabs and newlines are removed.]
expected: FAIL
diff --git a/testing/web-platform/meta/url/url-setters.any.js.ini b/testing/web-platform/meta/url/url-setters.any.js.ini
@@ -477,6 +477,9 @@
[URL: Setting <https://domain.com:3000>.port = '\n\n\t\t']
expected: FAIL
+ [URL: Setting <data:/nospace>.pathname = 'space ' Non-special URLs with non-opaque paths percent-encode U+0020]
+ expected: FAIL
+
[url-setters.any.html?include=file]
[URL: Setting <file://hi/path>.protocol = 's']
@@ -570,6 +573,9 @@
[URL: Setting <https://domain.com:3000>.port = '\n\n\t\t']
expected: FAIL
+ [URL: Setting <data:/nospace>.pathname = 'space ' Non-special URLs with non-opaque paths percent-encode U+0020]
+ expected: FAIL
+
[url-setters.any.worker.html?include=file]
[URL: Setting <file://hi/path>.protocol = 's']
diff --git a/toolkit/modules/tests/xpcshell/test_MatchURLFilters.js b/toolkit/modules/tests/xpcshell/test_MatchURLFilters.js
@@ -222,14 +222,14 @@ add_task(async function test_match_url_filters() {
// TODO: should we explicitly cover hostContains, hostPrefix, hostSuffix for
// these sub-cases?
{ shouldFail, filters: [{ hostEquals: "blank" }], url: "about:blank" },
- { shouldPass, filters: [{ hostEquals: "blank" }], url: "about://blank" },
+ { shouldFail, filters: [{ hostEquals: "blank" }], url: "about://blank" },
{
shouldFail,
filters: [{ hostEquals: "testDataURL" }],
url: "data:,testDataURL",
},
{ shouldPass, filters: [{ hostEquals: "" }], url: "about:blank" },
- { shouldFail, filters: [{ hostEquals: "" }], url: "about://blank" },
+ { shouldPass, filters: [{ hostEquals: "" }], url: "about://blank" },
{ shouldPass, filters: [{ hostEquals: "" }], url: "data:,testDataURL" },
// Path filters (pathEquals, pathContains, pathPrefix, pathSuffix).
