Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Link header parsing is too loose

RESOLVED FIXED in mozilla8

Status

()

Core
DOM
RESOLVED FIXED
14 years ago
6 years ago

People

(Reporter: bz, Assigned: Julian Reschke)

Tracking

(Blocks: 1 bug)

Trunk
mozilla8
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [inbound], URL)

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
See also 

http://www.hixie.ch/tests/adhoc/http/link/007.html
http://www.hixie.ch/tests/adhoc/http/link/008.html

Basically, we are parsing things that aren't really Link headers as Link headers.
(Assignee)

Comment 1

8 years ago
Furthermore, it appears that Firefox ignores the "anchor" parameter (see http://tools.ietf.org/html/rfc2068#section-19.6.2.4).

What it should do is resolve the anchor (when given) against the request-uri, and only continue processing it if the resolved URI identifies the same resource.
(Reporter)

Comment 2

8 years ago
> What it should do is resolve the anchor (when given) against the request-uri,
> and only continue processing it if the resolved URI identifies the same
> resource.

Of course the RFC doesn't actually say any of that.  I'm quite happy to implement what it does say, if I could figure out what that is; it says how the field MAY be used, but not how one MUST process it (or heck, SHOULD or MAY process, for that matter; processing is completely undefined).

In any case, that should probably be a separate bug.
(Assignee)

Comment 3

8 years ago
(In reply to comment #2)
> > What it should do is resolve the anchor (when given) against the request-uri,
> > and only continue processing it if the resolved URI identifies the same
> > resource.
> 
> Of course the RFC doesn't actually say any of that.  I'm quite happy to
> implement what it does say, if I could figure out what that is; it says how the
> field MAY be used, but not how one MUST process it (or heck, SHOULD or MAY
> process, for that matter; processing is completely undefined).
> 
> In any case, that should probably be a separate bug.

1) Just because there's no SHOULD or MUST there doesn't mean it's normative. That being said I agree that RFC 2068 is not very clear about it, and hopefully draft-nottingham-http-link-header can be made clearer.

2) Will open a new bug.
Assignee: general → nobody
QA Contact: ian → general
(Assignee)

Comment 4

6 years ago
(In reply to comment #0)
> See also 
> 
> http://www.hixie.ch/tests/adhoc/http/link/007.html

"my" test: 

  http://greenbytes.de/tech/tc/httplink/#simplecssreversed

Opera passes here so I think FF should align. I will work on this.

> http://www.hixie.ch/tests/adhoc/http/link/008.html

I believe this will be fixed once the fix for bug 672079 is in.

> Basically, we are parsing things that aren't really Link headers as Link
> headers.
(Assignee)

Comment 5

6 years ago
> ...
> > http://www.hixie.ch/tests/adhoc/http/link/008.html
> 
> I believe this will be fixed once the fix for bug 672079 is in.
> ...

Is is. (So what's left to fix for this bug are 

  http://www.hixie.ch/tests/adhoc/http/link/007.html

  http://greenbytes.de/tech/tc/httplink/#simplecssreversed
)
(Assignee)

Comment 6

6 years ago
Created attachment 550366 [details] [diff] [review]
proposed patch

This changes the header field parser so that the <target> is only accepted when coming first (this is required by the ABNF and actually enforced in Opera).

This fixes 

 http://greenbytes.de/tech/tc/httplink/#simplecssreversed

and 

  http://www.hixie.ch/tests/adhoc/http/link/007.html

(where http://www.hixie.ch/tests/adhoc/http/link/008.html is already fixed)
Attachment #550366 - Flags: review?(bzbarsky)
(Reporter)

Comment 7

6 years ago
Comment on attachment 550366 [details] [diff] [review]
proposed patch

r=me
Attachment #550366 - Flags: review?(bzbarsky) → review+
(Reporter)

Updated

6 years ago
Keywords: checkin-needed
(Reporter)

Updated

6 years ago
Assignee: nobody → julian.reschke

Updated

6 years ago
Keywords: checkin-needed
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/0cff49ed75df
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
You need to log in before you can comment on or make changes to this bug.