Browse Source

[Navigator] Update losslessDecodeURI()

custom-2020
Matt A. Tobin 2 years ago committed by Roy Tam
parent
commit
f293b1e1e3
  1. 42
      navigator/base/content/navigator.js

42
navigator/base/content/navigator.js

@ -2083,10 +2083,10 @@ function URLBarSetURI(aURI, aValid) {
}
function losslessDecodeURI(aURI) {
let scheme = aURI.scheme;
var value = aURI.spec;
var scheme = aURI.scheme;
var decodeASCIIOnly = !["https", "http", "file", "ftp"].includes(scheme);
let decodeASCIIOnly = !["https", "http", "file", "ftp"].includes(scheme);
// Try to decode as UTF-8 if there's no encoding sequence that we would break.
if (!/%25(?:3B|2F|3F|3A|40|26|3D|2B|24|2C|23)/i.test(value)) {
if (decodeASCIIOnly) {
@ -2098,26 +2098,36 @@ function losslessDecodeURI(aURI) {
} else {
try {
value = decodeURI(value)
// decodeURI decodes %25 to %, which creates unintended
// encoding sequences. Re-encode it, unless it's part of
// a sequence that survived decodeURI, i.e. one for:
// ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#'
// (RFC 3987 section 3.2)
.replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)/ig,
// 1. decodeURI decodes %25 to %, which creates unintended
// encoding sequences. Re-encode it, unless it's part of
// a sequence that survived decodeURI, i.e. one for:
// ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#'
// (RFC 3987 section 3.2)
// 2. Re-encode select whitespace so that it doesn't get eaten
// away by the location bar (bug 410726). Re-encode all
// adjacent whitespace, to prevent spoofing attempts where
// invisible characters would push part of the URL to
// overflow the location bar (bug 1395508).
.replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]|\s(?=\s)|\s$/ig,
encodeURIComponent);
} catch (e) {}
}
}
// Encode invisible characters (soft hyphen, zero-width space, BOM,
// line and paragraph separator, word joiner, invisible times,
// invisible separator, object replacement character,
// C0/C1 controls). (bug 452979, bug 909264)
// Encode bidirectional formatting characters.
// Encode invisible characters (C0/C1 control characters, U+007F [DEL],
// U+00A0 [no-break space], line and paragraph separator, braille space
// object replacement character) (bug 452979, bug 909264, bug 1629506)
value = value.replace(/[\u0000-\u001f\u007f-\u00a0\u2028\u2029\u2800\ufffc]/g,
encodeURIComponent);
// Encode default ignorable characters (bug 546013)
// except ZWNJ (U+200C) and ZWJ (U+200D) (bug 582186).
// This includes all bidirectional formatting characters.
// (RFC 3987 sections 3.2 and 4.1 paragraph 6)
// Re-encode whitespace so that it doesn't get eaten away
// by the location bar (bug 410726).
return value.replace(/[\u0000-\u001f\u007f-\u00a0\u00ad\u034f\u061c\u115f\u1160\u17b4\u17b5\u180b-\u180d\u200b\u200e\u200f\u2028-\u202e\u2060-\u206f\u3164\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufff8\ufffc]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]/g, encodeURIComponent);
value = value.replace(/[\u00ad\u034f\u061c\u115f-\u1160\u17b4-\u17b5\u180b-\u180d\u200b\u200e-\u200f\u202a-\u202e\u2060-\u206f\u3164\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufff8]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]/g,
encodeURIComponent);
return value;
}
/**

Loading…
Cancel
Save