Title: [264155] releases/WebKitGTK/webkit-2.28
- Revision
- 264155
- Author
- carlo...@webkit.org
- Date
- 2020-07-09 00:01:24 -0700 (Thu, 09 Jul 2020)
Log Message
Merge r263388 - REGRESSION(r258741): [GTK] anchor-file-blob-download-includes-backslash.html is failing
https://bugs.webkit.org/show_bug.cgi?id=209329
Reviewed by Adrian Perez de Castro.
Source/WebCore:
Sanitize the suggested filename. We replace characters that can be problematic in filenames with '_' to match
what Chromium and Firefox do.
* platform/network/soup/ResourceResponseSoup.cpp:
(WebCore::sanitizeFilename):
(WebCore::ResourceResponse::platformSuggestedFilename const):
LayoutTests:
Rebaseline tests.
* platform/gtk/TestExpectations:
* platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt: Added.
* platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
* platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt:
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog (264154 => 264155)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-07-09 07:01:16 UTC (rev 264154)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-07-09 07:01:24 UTC (rev 264155)
@@ -1,3 +1,17 @@
+2020-06-22 Carlos Garcia Campos <cgar...@igalia.com>
+
+ REGRESSION(r258741): [GTK] anchor-file-blob-download-includes-backslash.html is failing
+ https://bugs.webkit.org/show_bug.cgi?id=209329
+
+ Reviewed by Adrian Perez de Castro.
+
+ Rebaseline tests.
+
+ * platform/gtk/TestExpectations:
+ * platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt: Added.
+ * platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
+ * platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt:
+
2020-03-19 Alex Christensen <achristen...@webkit.org>
Sanitize suggested download filename received from web process
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt (0 => 264155)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt 2020-07-09 07:01:24 UTC (rev 264155)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "_.png"
+Download completed.
+The suggested filename above should be "*.png" and the download should succeed.
+
+File backed blob URL
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt (0 => 264155)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt 2020-07-09 07:01:24 UTC (rev 264155)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "test_abe.png"
+Download completed.
+The suggested filename above should be 'test"abe.png' and the download should succeed.
+
+File backed blob URL
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt (264154 => 264155)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt 2020-07-09 07:01:16 UTC (rev 264154)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/platform/gtk/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt 2020-07-09 07:01:24 UTC (rev 264155)
@@ -1,5 +1,5 @@
Download started.
-Downloading URL with suggested filename "test2\\abe.png"
+Downloading URL with suggested filename "test2__abe.png"
Download completed.
The suggested filename above should NOT include slashes or backslashes and the download should succeed.
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (264154 => 264155)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-07-09 07:01:16 UTC (rev 264154)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-07-09 07:01:24 UTC (rev 264155)
@@ -1,3 +1,17 @@
+2020-06-22 Carlos Garcia Campos <cgar...@igalia.com>
+
+ REGRESSION(r258741): [GTK] anchor-file-blob-download-includes-backslash.html is failing
+ https://bugs.webkit.org/show_bug.cgi?id=209329
+
+ Reviewed by Adrian Perez de Castro.
+
+ Sanitize the suggested filename. We replace characters that can be problematic in filenames with '_' to match
+ what Chromium and Firefox do.
+
+ * platform/network/soup/ResourceResponseSoup.cpp:
+ (WebCore::sanitizeFilename):
+ (WebCore::ResourceResponse::platformSuggestedFilename const):
+
2020-05-27 Miguel Gomez <mago...@igalia.com>
[WPE] REGRESSION(r253675) Crash when using threaded rendering
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp (264154 => 264155)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp 2020-07-09 07:01:16 UTC (rev 264154)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp 2020-07-09 07:01:24 UTC (rev 264155)
@@ -28,6 +28,7 @@
#include "HTTPParsers.h"
#include "MIMETypeRegistry.h"
#include "URLSoup.h"
+#include <unicode/uset.h>
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
@@ -95,11 +96,45 @@
return CertificateInfo(m_certificate.get(), m_tlsErrors);
}
+static String sanitizeFilename(const String& filename)
+{
+ if (filename.isEmpty())
+ return filename;
+
+ // Strip leading/trailing whitespaces, path separators and dots
+ auto result = filename.stripLeadingAndTrailingCharacters([](UChar character) -> bool {
+ return isSpaceOrNewline(character) || character == '/' || character == '\\' || character == '.';
+ });
+
+ if (result.isEmpty())
+ return result;
+
+ // Replace control, formatting and dangerous characters in filenames.
+ static USet* illegalCharacterSet = nullptr;
+ if (!illegalCharacterSet) {
+ UErrorCode errorCode = U_ZERO_ERROR;
+ String illegalCharacters = "[[\"~*/:<>?\\\\|][:Cc:][:Cf:]]"_s;
+ illegalCharacterSet = uset_openPattern(StringView(illegalCharacters).upconvertedCharacters(), illegalCharacters.length(), &errorCode);
+ ASSERT(U_SUCCESS(errorCode));
+ }
+
+ HashSet<UChar32> illegalCharactersInFilename;
+ for (unsigned i = 0; i < result.length(); ++i) {
+ auto character = result[i];
+ if (uset_contains(illegalCharacterSet, character))
+ illegalCharactersInFilename.add(character);
+ }
+ for (auto character : illegalCharactersInFilename)
+ result = result.replace(character, '_');
+
+ return result;
+}
+
String ResourceResponse::platformSuggestedFilename() const
{
String contentDisposition(httpHeaderField(HTTPHeaderName::ContentDisposition));
if (contentDisposition.isEmpty())
- return String();
+ return { };
if (contentDisposition.is8Bit())
contentDisposition = String::fromUTF8WithLatin1Fallback(contentDisposition.characters8(), contentDisposition.length());
@@ -108,8 +143,8 @@
GRefPtr<GHashTable> params;
soup_message_headers_get_content_disposition(soupHeaders, nullptr, ¶ms.outPtr());
soup_message_headers_free(soupHeaders);
- char* filename = params ? static_cast<char*>(g_hash_table_lookup(params.get(), "filename")) : nullptr;
- return filename ? String::fromUTF8(filename) : String();
+ auto filename = params ? String::fromUTF8(static_cast<char*>(g_hash_table_lookup(params.get(), "filename"))) : String();
+ return sanitizeFilename(filename);
}
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
