Commit 4750f0c3 authored by lrn@chromium.org's avatar lrn@chromium.org

Fix issue 1415 - allow surrogate pair codes in decodeURIComponent.

Also some cleanup of uri.js.

BUG=v8:1415
TEST=mjsunit/regress/regress-1415

Review URL: http://codereview.chromium.org/8118004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9509 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 3e4b4a6a
...@@ -111,47 +111,59 @@ function URIDecodeOctets(octets, result, index) { ...@@ -111,47 +111,59 @@ function URIDecodeOctets(octets, result, index) {
var o1 = octets[1]; var o1 = octets[1];
if (o0 < 0xe0) { if (o0 < 0xe0) {
var a = o0 & 0x1f; var a = o0 & 0x1f;
if ((o1 < 0x80) || (o1 > 0xbf)) if ((o1 < 0x80) || (o1 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var b = o1 & 0x3f; var b = o1 & 0x3f;
value = (a << 6) + b; value = (a << 6) + b;
if (value < 0x80 || value > 0x7ff) if (value < 0x80 || value > 0x7ff) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
} else { } else {
var o2 = octets[2]; var o2 = octets[2];
if (o0 < 0xf0) { if (o0 < 0xf0) {
var a = o0 & 0x0f; var a = o0 & 0x0f;
if ((o1 < 0x80) || (o1 > 0xbf)) if ((o1 < 0x80) || (o1 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var b = o1 & 0x3f; var b = o1 & 0x3f;
if ((o2 < 0x80) || (o2 > 0xbf)) if ((o2 < 0x80) || (o2 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var c = o2 & 0x3f; var c = o2 & 0x3f;
value = (a << 12) + (b << 6) + c; value = (a << 12) + (b << 6) + c;
if ((value < 0x800) || (value > 0xffff)) if ((value < 0x800) || (value > 0xffff)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
} else { } else {
var o3 = octets[3]; var o3 = octets[3];
if (o0 < 0xf8) { if (o0 < 0xf8) {
var a = (o0 & 0x07); var a = (o0 & 0x07);
if ((o1 < 0x80) || (o1 > 0xbf)) if ((o1 < 0x80) || (o1 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var b = (o1 & 0x3f); var b = (o1 & 0x3f);
if ((o2 < 0x80) || (o2 > 0xbf)) if ((o2 < 0x80) || (o2 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var c = (o2 & 0x3f); var c = (o2 & 0x3f);
if ((o3 < 0x80) || (o3 > 0xbf)) if ((o3 < 0x80) || (o3 > 0xbf)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
var d = (o3 & 0x3f); var d = (o3 & 0x3f);
value = (a << 18) + (b << 12) + (c << 6) + d; value = (a << 18) + (b << 12) + (c << 6) + d;
if ((value < 0x10000) || (value > 0x10ffff)) if ((value < 0x10000) || (value > 0x10ffff)) {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
}
} else { } else {
throw new $URIError("URI malformed"); throw new $URIError("URI malformed");
} }
} }
} }
} }
if (0xD800 <= value && value <= 0xDFFF) {
throw new $URIError("URI malformed");
}
if (value < 0x10000) { if (value < 0x10000) {
result[index++] = value; result[index++] = value;
return index; return index;
...@@ -214,7 +226,8 @@ function Decode(uri, reserved) { ...@@ -214,7 +226,8 @@ function Decode(uri, reserved) {
if (k + 3 * (n - 1) >= uriLength) throw new $URIError("URI malformed"); if (k + 3 * (n - 1) >= uriLength) throw new $URIError("URI malformed");
for (var i = 1; i < n; i++) { for (var i = 1; i < n; i++) {
if (uri.charAt(++k) != '%') throw new $URIError("URI malformed"); if (uri.charAt(++k) != '%') throw new $URIError("URI malformed");
octets[i] = URIHexCharsToCharCode(uri.charCodeAt(++k), uri.charCodeAt(++k)); octets[i] = URIHexCharsToCharCode(uri.charCodeAt(++k),
uri.charCodeAt(++k));
} }
index = URIDecodeOctets(octets, result, index); index = URIDecodeOctets(octets, result, index);
} else { } else {
...@@ -366,7 +379,9 @@ function CharCodeToHex4Str(cc) { ...@@ -366,7 +379,9 @@ function CharCodeToHex4Str(cc) {
function IsValidHex(s) { function IsValidHex(s) {
for (var i = 0; i < s.length; ++i) { for (var i = 0; i < s.length; ++i) {
var cc = s.charCodeAt(i); var cc = s.charCodeAt(i);
if ((48 <= cc && cc <= 57) || (65 <= cc && cc <= 70) || (97 <= cc && cc <= 102)) { if ((48 <= cc && cc <= 57) ||
(65 <= cc && cc <= 70) ||
(97 <= cc && cc <= 102)) {
// '0'..'9', 'A'..'F' and 'a' .. 'f'. // '0'..'9', 'A'..'F' and 'a' .. 'f'.
} else { } else {
return false; return false;
......
// Copyright 2011 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Surrogate pair range.
// U+D800
assertThrows(function(){ decodeURIComponent("%ED%A0%80"); }, URIError);
// U+DBFF
assertThrows(function(){ decodeURIComponent("%ED%AF%BF"); }, URIError);
// U+DC00
assertThrows(function(){ decodeURIComponent("%ED%B0%80"); }, URIError);
// U+DFFF
assertThrows(function(){ decodeURIComponent("%ED%BF%BF"); }, URIError);
// Overlong encodings
// U+007F in two bytes.
assertThrows(function(){ decodeURIComponent("%C1%BF"); }, URIError);
// U+07FF in three bytes.
assertThrows(function(){ decodeURIComponent("%E0%9F%BF"); }, URIError);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment