LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-untermina…

…ted.html crashing

https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Remove an incorrect assertion that the absolute URL associated with a protection space cannot
contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
with the invariants for WebCore::protectionSpaceMapKeyFromURL().

Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
       http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

LayoutTests:

The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).

* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.

Canonical link: https://commits.webkit.org/171453@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog

@@ -1,3 +1,22 @@
+2016-01-22  Daniel Bates  <dabates@apple.com>
+
+        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
+        https://bugs.webkit.org/show_bug.cgi?id=153250
+        <rdar://problem/12172843>
+        And
+        <rdar://problem/24248040>
+
+        Reviewed by Alexey Proskuryakov.
+
+        The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
+        from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).
+
+        * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+        * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
+        * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+        * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
+        * platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+
 2016-01-22  Ryan Haddad  <ryanhaddad@apple.com>
 
         Rebaselining http/tests/security/originHeader/origin-header-for-https.html after r195477

LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt

@@ -0,0 +1,19 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+http://127.0.0.1:8000/loading/resources/basic-auth-testing.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html 
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+frame "frame" - didCancelClientRedirectForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didReceiveTitle: 404 Not Found
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didFailLoadWithError
+PASS did not cause assertion failure.

LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.setHandlesAuthenticationChallenges(true);
+    testRunner.setAuthenticationUsername("webkit");
+    testRunner.setAuthenticationPassword("rocks");
+    testRunner.waitUntilDone();
+}
+
+function done()
+{
+    document.body.removeChild(document.getElementById("frame"));
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+function notifyFrameDidLoad(frame)
+{
+    frame.onload = done;
+    frame.src = "http://127.0.0.1:8000/a//b/non-existent-file.html";
+}
+</script>
+</head>
+<body>
+<iframe id="frame" src="resources/basic-auth-testing.php?username=webkit&password=rocks" onload="notifyFrameDidLoad(this)"></iframe>
+<p>PASS did not cause assertion failure.</p>
+</body>
+</html>

LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt

@@ -0,0 +1 @@
+PASS did not cause assertion failure.

LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText()
+
+function sendWithCredentials()
+{
+    var xhr = new XMLHttpRequest;
+    xhr.open("GET", "resources/remember-bad-password/count-failures.php", false, "foo", "bar");
+    xhr.send("");
+}
+
+function sendWithoutCredentials()
+{
+    var xhr = new XMLHttpRequest;
+    xhr.open("GET", "resources/remember-bad-password//count-failures.php", false);
+    xhr.send("");
+}
+
+function reset()
+{
+    var xhr = new XMLHttpRequest;
+    xhr.open("GET", "resources/remember-bad-password/count-failures.php?command=reset", false);
+    xhr.send("");
+}
+
+sendWithCredentials();
+sendWithoutCredentials();
+reset();
+</script>
+<p>PASS did not cause assertion failure.</p>
+</body>
+</html>

LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt

@@ -0,0 +1,19 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html 
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+frame "frame" - didCancelClientRedirectForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didReceiveTitle: 404 Not Found
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didFailLoadWithError
+PASS did not cause assertion failure.

Source/WebCore/ChangeLog

@@ -1,3 +1,24 @@
+2016-01-22  Daniel Bates  <dabates@apple.com>
+
+        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
+        https://bugs.webkit.org/show_bug.cgi?id=153250
+        <rdar://problem/12172843>
+        And
+        <rdar://problem/24248040>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Remove an incorrect assertion that the absolute URL associated with a protection space cannot
+        contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
+        This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
+        with the invariants for WebCore::protectionSpaceMapKeyFromURL().
+
+        Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
+               http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html
+
+        * platform/network/CredentialStorage.cpp:
+        (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
+
 2016-01-22  Chris Dumez  <cdumez@apple.com>
 
         DOMImplementation.createHTMLDocument("") should append an empty Text Node to the title Element

Source/WebCore/platform/network/CredentialStorage.cpp

@@ -123,7 +123,6 @@ HashMap<String, ProtectionSpace>::iterator CredentialStorage::findDefaultProtect
         ASSERT(index != notFound);
         directoryURL = directoryURL.substring(0, (index == directoryURLPathStart) ? index + 1 : index);
         ASSERT(directoryURL.length() > directoryURLPathStart);
-        ASSERT(directoryURL.length() == directoryURLPathStart + 1 || directoryURL[directoryURL.length() - 1] != '/');
     }
 }