Closed Bug 230703 Opened 16 years ago Closed 9 years ago

Link header parsing is too loose

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla8

People

(Reporter: bzbarsky, Assigned: julian.reschke)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [inbound])

Attachments

(1 file)

See also 

http://www.hixie.ch/tests/adhoc/http/link/007.html
http://www.hixie.ch/tests/adhoc/http/link/008.html

Basically, we are parsing things that aren't really Link headers as Link headers.
Furthermore, it appears that Firefox ignores the "anchor" parameter (see http://tools.ietf.org/html/rfc2068#section-19.6.2.4).

What it should do is resolve the anchor (when given) against the request-uri, and only continue processing it if the resolved URI identifies the same resource.
> What it should do is resolve the anchor (when given) against the request-uri,
> and only continue processing it if the resolved URI identifies the same
> resource.

Of course the RFC doesn't actually say any of that.  I'm quite happy to implement what it does say, if I could figure out what that is; it says how the field MAY be used, but not how one MUST process it (or heck, SHOULD or MAY process, for that matter; processing is completely undefined).

In any case, that should probably be a separate bug.
(In reply to comment #2)
> > What it should do is resolve the anchor (when given) against the request-uri,
> > and only continue processing it if the resolved URI identifies the same
> > resource.
> 
> Of course the RFC doesn't actually say any of that.  I'm quite happy to
> implement what it does say, if I could figure out what that is; it says how the
> field MAY be used, but not how one MUST process it (or heck, SHOULD or MAY
> process, for that matter; processing is completely undefined).
> 
> In any case, that should probably be a separate bug.

1) Just because there's no SHOULD or MUST there doesn't mean it's normative. That being said I agree that RFC 2068 is not very clear about it, and hopefully draft-nottingham-http-link-header can be made clearer.

2) Will open a new bug.
Assignee: general → nobody
QA Contact: ian → general
(In reply to comment #0)
> See also 
> 
> http://www.hixie.ch/tests/adhoc/http/link/007.html

"my" test: 

  http://greenbytes.de/tech/tc/httplink/#simplecssreversed

Opera passes here so I think FF should align. I will work on this.

> http://www.hixie.ch/tests/adhoc/http/link/008.html

I believe this will be fixed once the fix for bug 672079 is in.

> Basically, we are parsing things that aren't really Link headers as Link
> headers.
> ...
> > http://www.hixie.ch/tests/adhoc/http/link/008.html
> 
> I believe this will be fixed once the fix for bug 672079 is in.
> ...

Is is. (So what's left to fix for this bug are 

  http://www.hixie.ch/tests/adhoc/http/link/007.html

  http://greenbytes.de/tech/tc/httplink/#simplecssreversed
)
Attached patch proposed patchSplinter Review
This changes the header field parser so that the <target> is only accepted when coming first (this is required by the ABNF and actually enforced in Opera).

This fixes 

 http://greenbytes.de/tech/tc/httplink/#simplecssreversed

and 

  http://www.hixie.ch/tests/adhoc/http/link/007.html

(where http://www.hixie.ch/tests/adhoc/http/link/008.html is already fixed)
Attachment #550366 - Flags: review?(bzbarsky)
Comment on attachment 550366 [details] [diff] [review]
proposed patch

r=me
Attachment #550366 - Flags: review?(bzbarsky) → review+
Assignee: nobody → julian.reschke
Keywords: checkin-needed
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/0cff49ed75df
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.