This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Constructing a FormData from a form can lead to entries with lone sur…
…rogates https://bugs.webkit.org/show_bug.cgi?id=225299 Patch by Andreu Botella <email@example.com> on 2021-11-30 Reviewed by Chris Dumez. LayoutTests/imported/w3c: * web-platform-tests/html/semantics/forms/form-submission-0/form-data-set-usv-expected.txt: Source/WebCore: According to the HTML specification, names and non-file values in a form's entry list are scalar value strings. While this is enforced through WebIDL when the entries are added through the FormData web API, entries that come directly from form controls can contain lone surrogates. What's more, when a form payload is created from such an entry list, those lone surrogates can end up encoded as invalid UTF-8. Since names and non-file values being scalar value strings is an invariant of entry lists, this change modifies the createFileEntry function in DOMFormData.cpp to replace lone surrogates in the entry name, and adds a corresponding createStringEntry function, in order to ensure that every item of the entry list fulfills this invariant. Tests: imported/w3c/web-platform-tests/html/semantics/forms/form-submission-0/form-data-set-usv.html * html/DOMFormData.cpp: (WebCore::createStringEntry): Added to mirror createFileEntry. Replaces lone surrogates in the name and value. (WebCore::createFileEntry): Moved from DOMFormData::createFileEntry, and changed to replace lone surrogates in the entry name. (WebCore::DOMFormData::append): Changed to use createStringEntry. (WebCore::DOMFormData::createFileEntry): Moved to createFileEntry. * html/DOMFormData.h: Canonical link: https://commits.webkit.org/244669@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286310 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing 5 changed files with 58 additions and 10 deletions.