Issue 9309049: Merge 106514 - contentDispositionType misparses the Content-Disposition header in some obscure co...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 9309049: Merge 106514 - contentDispositionType misparses the Content-Disposition header in some obscure co... (Closed)

Created:
8 years, 10 months ago by abarth-chromium

Modified:
8 years, 10 months ago

Reviewers:
abarth

CC:
chromium-reviews

Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/1025/

Visibility:
Public.

More Reviews

Description

Merge 106514 - contentDispositionType misparses the Content-Disposition header in some obscure corner cases https://bugs.webkit.org/show_bug.cgi?id=77577 Reviewed by Eric Seidel. The contentDispositionType extracts the disposition-type from the Content-Disposition header. According to RFC 6266 (and previous RFCs), the disposition-type must be an RFC 2616 token. Rather than enforce this general rule, we had special-cased some examples (including name=foo and filename=bar). This patch generalizes our check to properly validate that the disposition-type is an RFC 2616 token. In conjunction with some other work in the Chromium network stack, this causes Chromium to pass the following tests: http://greenbytes.de/tech/tc2231/#inlonlyquoted http://greenbytes.de/tech/tc2231/#attonlyquoted Without this patch, these test cases neither trigger a navigation nor a download in Chromium. This patch does not appear to cause any visible change in Safari. (Safari passes these tests both before and after this patch.) * platform/network/HTTPParsers.cpp: (WebCore::isRFC2616Token): (WebCore::contentDispositionType): - This patch also adds a comment to filenameFromHTTPContentDisposition, which explains some of the was this function incorrectly implements the requirements in RFC 6266. Resolving these issues is a subject for a future patch. * platform/network/HTTPParsers.h: TBR=abarth@webkit.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=106519

Patch Set 1 #

Created: 8 years, 10 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+37 lines, -14 lines)			Patch
	M	Source/WebCore/platform/network/HTTPParsers.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
	M	Source/WebCore/platform/network/HTTPParsers.cpp	View		2 chunks	+36 lines, -14 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages