Open Bug 1716313 Opened 4 years ago Updated 4 years ago

Response.constructor misses checking if init["statusText"] matches the reason-phrase token production or not

Categories

(Core :: DOM: Networking, enhancement, P5)

Product:
Core
Component:
DOM: Networking
Version:
Firefox 88
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: zyscoder, Unassigned)

Details

(Whiteboard: [necko-triaged])

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36

Steps to reproduce:

(1) Open a tab and navigate to any URL;
(2) Run the following code in the Console of Devtools:

new Response(null,{status:200,statusText:'\u{ea}\u{16}'});

Actual results:

This code would be evaluated successfully without throwing any exceptions.

Expected results:

As https://fetch.spec.whatwg.org/#dom-response says, If init["statusText"] does not match the reason-phrase token production, then throw a TypeError.
In my test, both Chrome and Webkit throw this TypeError:
Chrome: TypeError: Failed to construct 'Response': Invalid statusText
Webkit: TypeError: Status text must be a valid reason-phrase.

Component: Untriaged → DOM: Networking
Product: Firefox → Core

Considering Chrome and Webkit throw, I suspect most sites would already comply with the expected token format. This feels super low priority to me.

Severity: -- → S4
Priority: -- → P5
Whiteboard: [necko-triaged]
You need to log in before you can comment on or make changes to this bug.