Skip to content

Fix issue with host-matching and non-ascii hosts #597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Apr 28, 2023
Merged

Fix issue with host-matching and non-ascii hosts #597

merged 16 commits into from
Apr 28, 2023

Conversation

@arichiv
Copy link
Member

@arichiv arichiv commented Apr 11, 2023

We need to filter out non-ascii hosts before treating them as strings. The note about IPv4/6 addresses can be moved to the top as a result.

closes #590

@arichiv
Fix issue with host-matching and non-ascii hosts
e9423b3 
We need to filter out non-ascii hosts before treating them as strings. The note about IPv4/6 addresses can be moved to the top as a result.

closes #590
@arichiv arichiv requested a review from annevk April 11, 2023 14:56
@arichiv arichiv self-assigned this Apr 11, 2023
@arichiv
Copy link
Member Author

arichiv commented Apr 19, 2023

@annevk have time to take a look?

annevk
annevk reviewed Apr 20, 2023
View reviewed changes
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a test that given input %61 or some such it does not match a host that's a? I.e., that this is far more restrictive than the host parser?

@arichiv
Copy link
Member Author

arichiv commented Apr 20, 2023

Do we have a test that given input %61 or some such it does not match a host that's a? I.e., that this is far more restrictive than the host parser?

Looks like we don't permit URL encoded characters in the host https://chromium-review.googlesource.com/c/chromium/src/+/4454670

@chromium-wpt-export-bot chromium-wpt-export-bot mentioned this pull request Apr 20, 2023
Merged
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Apr 20, 2023
@arichiv @chromium-wpt-export-bot
[CSP] WPTs for matching edge cases
ea0de32 
We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
annevk
annevk reviewed Apr 21, 2023
View reviewed changes
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is a lot better.

chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Apr 22, 2023
@arichiv @chromium-wpt-export-bot
[CSP] WPTs for matching edge cases
d83c7fe 
We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Apr 24, 2023
@arichiv @chromium-wpt-export-bot
[CSP] WPTs for matching edge cases
fb9ece2 
We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4454670
Reviewed-by: Dustin Mitchell <[email protected]>
Commit-Queue: Ari Chivukula <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1134816}
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request Apr 24, 2023
@arichiv @chromium-wpt-export-bot
[CSP] WPTs for matching edge cases
4f8df7a 
We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4454670
Reviewed-by: Dustin Mitchell <[email protected]>
Commit-Queue: Ari Chivukula <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1134816}
@arichiv arichiv requested a review from annevk April 27, 2023 08:49
annevk
annevk reviewed Apr 27, 2023
View reviewed changes
@arichiv arichiv requested a review from annevk April 27, 2023 11:59
annevk
annevk reviewed Apr 27, 2023
View reviewed changes
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good if @antosart did the final review.

arichiv and others added 2 commits April 27, 2023 10:02
@arichiv @annevk
Update index.bs
63f1233 
Co-authored-by: Anne van Kesteren <[email protected]>
@arichiv @annevk
Update index.bs
b2bf877 
Co-authored-by: Anne van Kesteren <[email protected]>
@arichiv arichiv requested a review from antosart April 27, 2023 14:02
antosart
antosart reviewed Apr 27, 2023
View reviewed changes
antosart
antosart reviewed Apr 27, 2023
View reviewed changes
@arichiv arichiv requested a review from antosart April 27, 2023 16:29
annevk
annevk reviewed Apr 27, 2023
View reviewed changes
antosart
antosart approved these changes Apr 28, 2023
View reviewed changes
Copy link
Member

@antosart antosart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

@arichiv arichiv merged commit 71c967b into main Apr 28, 2023
@arichiv arichiv deleted the host-match branch April 28, 2023 06:15
github-actions bot added a commit that referenced this pull request Apr 28, 2023
@arichiv @github-actions
Fix issue with host-matching and non-ascii hosts (#597)
2159277 
SHA: 71c967b
Reason: push, by arichiv

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@annevk
Copy link
Member

annevk commented Apr 28, 2023

Indeed, thanks @arichiv!

moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull request May 22, 2023
@arichiv @moz-wptsync-bot
Bug 1829211 [wpt PR 39631] - [CSP] WPTs for matching edge cases, a=te…
c72de66 
…stonly

Automatic update from web-platform-tests
[CSP] WPTs for matching edge cases

We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4454670
Reviewed-by: Dustin Mitchell <[email protected]>
Commit-Queue: Ari Chivukula <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1134816}

--

wpt-commits: 4f8df7ab83ab1562214fcca2f67bb1718cc28808
wpt-pr: 39631
jwidar pushed a commit to jwidar/LatencyZeroGithub that referenced this pull request Sep 16, 2025
@arichiv @moz-wptsync-bot
Bug 1829211 [wpt PR 39631] - [CSP] WPTs for matching edge cases, a=te…
80287df 
…stonly

Automatic update from web-platform-tests
[CSP] WPTs for matching edge cases

We don't allow url encoded hosts but do permit ports with leading 0s.
w3c/webappsec-csp#597
w3c/webappsec-csp#596

Bug: 1418009
Change-Id: Ie8ddc509b63e1aa9d35d4e2b989df63483bfca6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4454670
Reviewed-by: Dustin Mitchell <[email protected]>
Commit-Queue: Ari Chivukula <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1134816}

--

wpt-commits: 4f8df7ab83ab1562214fcca2f67bb1718cc28808
wpt-pr: 39631
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@annevk annevk annevk left review comments

@antosart antosart antosart approved these changes

Assignees

@arichiv arichiv

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

host-part match issues

4 participants

@arichiv @annevk @antosart