Closed
Bug 700589
Opened 13 years ago
Closed 13 years ago
HTTP content type charset parameter accepts single quotes
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
mozilla11
People
(Reporter: julian.reschke, Assigned: julian.reschke)
References
()
Details
Attachments
(1 file, 4 obsolete files)
7.94 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
The parser for the HTTP content-type header field apparently accepts single quotes as delimiter. This is a bug according to RFC 2616, and also not the case in IE9 and Firefox.
See test case at:
http://greenbytes.de/tech/tc/httpcontenttype/#textplainutf8qsa
Comment 1•13 years ago
|
||
> also not the case in IE9 and Firefox.
s/Firefox/some other browser/ ? Otherwise we're already fixed :)
Comment 2•13 years ago
|
||
Ah, looking at the link I see it was IE9 and Opera that don't accept. I suppose that's probably good enough to get strict about this.
Assignee | ||
Comment 3•13 years ago
|
||
(In reply to Jason Duell (:jduell) from comment #2)
> Ah, looking at the link I see it was IE9 and Opera that don't accept. I
> suppose that's probably good enough to get strict about this.
Yep, sorry for that.
Note that the single quote is a legal character in param values, and thus any kind of special handling will cause problems with headers like:
Content-Type: foo/bar; ext='; charset=qux
(will add a test case)
Assignee | ||
Comment 4•13 years ago
|
||
(In reply to Julian Reschke from comment #3)
> Note that the single quote is a legal character in param values, and thus
> any kind of special handling will cause problems with headers like:
>
> Content-Type: foo/bar; ext='; charset=qux
>
> (will add a test case)
Test case: http://greenbytes.de/tech/tc/httpcontenttype/#textplainutf8extparamsq
And not surprisingly, Firefox fails that, too.
Assignee | ||
Comment 5•13 years ago
|
||
Seems to be quite easy to fix; now looking at the test cases which appear to check for this behavior.
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → julian.reschke
Assignee | ||
Comment 6•13 years ago
|
||
Attachment #572910 -
Flags: review?(jduell.mcbugs)
Comment 7•13 years ago
|
||
Comment on attachment 572910 [details] [diff] [review]
Proposed patch, incl updated test case results, plus one new test
Review of attachment 572910 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks for the patch. A couple minor questions.
::: netwerk/test/unit/test_parse_content_type.js
@@ +112,3 @@
>
> type = netutil.parseContentType('text/plain, TEXT/HTML; param=charset=UTF8; charset=\'ISO-8859-1\'; param2=charset=UTF16, text/html, TEXT/HTML', charset, hadCharset);
> + check("text/html", "'ISO-8859-1'", true);
I'm not clear on why you're adding all the single quoting to the ISO-8859-1 args. Is that just to test that single quotes make it through the parser and are returned as part of the value, or is this what should actually show up on the web? If we suspect that most servers are sending the value in double quotes, why not change most of the tests to pass in a dbl-quoted value instead?
@@ +135,5 @@
> check("text/html", "", false);
>
> + // Bug 700589
> + type = netutil.parseContentType("text/plain; x='; charset=\"UTF-8\"", charset, hadCharset);
> + check("text/plain", "UTF-8", true);
Do you want to check for x="'" too?
Assignee | ||
Comment 8•13 years ago
|
||
(In reply to Jason Duell (:jduell) from comment #7)
> Comment on attachment 572910 [details] [diff] [review] [diff] [details] [review]
> Proposed patch, incl updated test case results, plus one new test
>
> Review of attachment 572910 [details] [diff] [review] [diff] [details] [review]:
> -----------------------------------------------------------------
>
> Thanks for the patch. A couple minor questions.
>
> ::: netwerk/test/unit/test_parse_content_type.js
> @@ +112,3 @@
> >
> > type = netutil.parseContentType('text/plain, TEXT/HTML; param=charset=UTF8; charset=\'ISO-8859-1\'; param2=charset=UTF16, text/html, TEXT/HTML', charset, hadCharset);
> > + check("text/html", "'ISO-8859-1'", true);
>
> I'm not clear on why you're adding all the single quoting to the ISO-8859-1
> args. Is that just to test that single quotes make it through the parser
> and are returned as part of the value, or is this what should actually show
> up on the web? If we suspect that most servers are sending the value in
> double quotes, why not change most of the tests to pass in a dbl-quoted
> value instead?
Well, I just adjusted test results. Apparently the person working on this before felt it was important to test all these cases; I will review those, and also make sure that " has sufficient coverage.
> @@ +135,5 @@
> > check("text/html", "", false);
> >
> > + // Bug 700589
> > + type = netutil.parseContentType("text/plain; x='; charset=\"UTF-8\"", charset, hadCharset);
> > + check("text/plain", "UTF-8", true);
>
> Do you want to check for x="'" too?
Yes, I'll that for clarity.
Thanks so far.
Assignee | ||
Comment 9•13 years ago
|
||
Updated tests; I modified those that didn't seem to test ' vs " to use " instead (so the test changes, but the test result does not). Also added a specific one to the end of the test suite covering the bug for which this ticket was opened.
Attachment #572910 -
Attachment is obsolete: true
Attachment #572910 -
Flags: review?(jduell.mcbugs)
Attachment #573779 -
Flags: review?(jduell.mcbugs)
Comment 10•13 years ago
|
||
Comment on attachment 573779 [details] [diff] [review]
Proposed patch, incl updated test case results, plus new tests
Review of attachment 573779 [details] [diff] [review]:
-----------------------------------------------------------------
OK, looks good. Thanks Julian!
Attachment #573779 -
Flags: review?(jduell.mcbugs) → review+
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Comment 11•13 years ago
|
||
Comment on attachment 573779 [details] [diff] [review]
Proposed patch, incl updated test case results, plus new tests
># HG changeset patch
># Parent 1374294a61191a19ba6f52be7ee980b1f5186532
># User julian.reschke@gmx.de
>Bug 700589 - HTTP content type charset parameter accepts single quotes
Julian: It looks like this is the description of the bug rather than the description of the change. Could you suggest a checkin message that describes the change?
Assignee | ||
Comment 12•13 years ago
|
||
"Fix Content-Type parser to treat single quote as regular character instead of a delimiter"
Assignee | ||
Updated•13 years ago
|
Target Milestone: --- → mozilla11
Comment 13•13 years ago
|
||
Pushed to try; assuming that goes well, I can push this to mozilla-inbound later today.
https://tbpl.mozilla.org/?tree=Try&rev=143a2ba7ad7c
Comment 14•13 years ago
|
||
This makes us fail a mochitest:
{
10593 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_bug397234.html | Headers should match - got text/plain; charset=UTF-8, expected text/plain; charset='uTf-8'
}
https://tbpl.mozilla.org/php/getParsedLog.php?id=7409173&tree=Try
It may be that the test is broken; if so, the test-fixup needs to be included as part of the patch, so that our test boxes will stay green when this is pushed.
Comment 15•13 years ago
|
||
For reference, the test that failed is:
http://mxr.mozilla.org/mozilla-central/source/content/base/test/test_bug397234.html?force=1
Assignee | ||
Comment 16•13 years ago
|
||
So what happens is that the test case checks that the case of the charset param is preserved in the request being sent *if* it does match the charset that is actually in use.
The header set by the test case uses
charset='uTf-8'
from which we now extract "'uTf-8'" as charset, previously "UTf-8" (single quotes now preserved).
This is an illegal charset, so XMLHttpRequest defaults to UTF-8 (my theory), and thus the code that tries to re-insert the funny-cased original value doesn't get triggered anymore.
Essentially this works as intended, and we can change the test to use double quotes rather than single quotes. It would be good to know though whether it's a pure accident that the test uses single quotes, or whether this was really seen in the wild.
Assignee | ||
Comment 17•13 years ago
|
||
The conservative fix seems to add a workaround to the code in XmlHTTPRequest so that the charset *with* single quotes matches as well, such as (pseudo-code):
if (specifiedCharset.startsWith("'") && specifiedCharset.ensWith("'")) {
...remove the quoting
}
That way, the observable behavior would stay the same.
(It would be better if this hack could be removed; it might be good to check what other UAs do here, and whether the XHR spec says something about it)
Assignee | ||
Comment 18•13 years ago
|
||
Same as previous patch; except that it adds a workaround on top of another workaround, so that the logic in XmlHttpRequest that rewrites the content-type header continues to do the right thing even for charset names in single quotes.
Attachment #573779 -
Attachment is obsolete: true
Attachment #574984 -
Flags: review?(jduell.mcbugs)
Comment 19•13 years ago
|
||
Comment on attachment 574984 [details] [diff] [review]
Proposed patch, incl updated test case results, plus new tests
specifiedCharset could be empty there, no? You need to check specifiedCharset.Length() >= 2.
Assignee | ||
Comment 20•13 years ago
|
||
Patch updated as suggested, mochitests not run yet; will try try server now.
Attachment #574984 -
Attachment is obsolete: true
Attachment #574984 -
Flags: review?(jduell.mcbugs)
Attachment #575957 -
Flags: review?(bzbarsky)
Comment 21•13 years ago
|
||
Try run for d967b35c9d35 is complete.
Detailed breakdown of the results available here:
https://tbpl.mozilla.org/?tree=Try&rev=d967b35c9d35
Results (out of 13 total builds):
exception: 12
failure: 1
Builds available at http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/julian.reschke@gmx.de-d967b35c9d35
Assignee | ||
Comment 22•13 years ago
|
||
Comment on attachment 575957 [details] [diff] [review]
Proposed patch, incl test case
Try results: https://tbpl.mozilla.org/?tree=Try&rev=2002a0e4a1f2 (I don't believe that any problems related here have anything to do with the patch; in particular the test failure for test_bug397234.html is gone)
Comment 23•13 years ago
|
||
Try run for 2002a0e4a1f2 is complete.
Detailed breakdown of the results available here:
https://tbpl.mozilla.org/?tree=Try&rev=2002a0e4a1f2
Results (out of 247 total builds):
exception: 2
success: 206
warnings: 35
failure: 4
Builds available at http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/julian.reschke@gmx.de-2002a0e4a1f2
Comment 24•13 years ago
|
||
Comment on attachment 575957 [details] [diff] [review]
Proposed patch, incl test case
This doesn't seem quite right either for the case when specifiedCharset is, say, "'ut'f-8'".
Attachment #575957 -
Flags: review?(bzbarsky) → review-
Assignee | ||
Comment 25•13 years ago
|
||
(addressed review comment, try results: https://tbpl.mozilla.org/?tree=Try&rev=38eaa7d2fb60)
Attachment #575957 -
Attachment is obsolete: true
Attachment #577733 -
Flags: review?(bzbarsky)
Comment 26•13 years ago
|
||
Comment on attachment 577733 [details] [diff] [review]
Proposed patch, incl test case
r=me on the XHR bits
Now we get to watch out for this breaking sites....
Attachment #577733 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 27•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #26)
> Now we get to watch out for this breaking sites....
Maybe. We'll see.
Comment 28•13 years ago
|
||
I removed 2 instances of end-of-line whitespace (one in nsXMLHttpRequest.cpp, one in test_parse_content_type.js) and pushed:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4b085d906272
Comment 29•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•