Bug 1606798 [wpt PR 21019] - HTTP: 0x00 in a header value, a=testonly

Automatic update from web-platform-tests HTTP: 0x00 in a header value Tests to complement those written in web-platform-tests/wpt#10424. -- wpt-commits: 38ecde806a5f1710d9e5beba700cef7352f7570e wpt-pr: 21019
mozilla · Jan 8, 2020 · c1da2fb · c1da2fb
1 parent 0de910d
commit c1da2fb
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 0 deletions.
diff --git a/testing/web-platform/tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js b/testing/web-platform/tests/fetch/h1-parsing/resources-with-0x00-in-header.window.js
@@ -0,0 +1,31 @@
+async_test(t => {
+  const script = document.createElement("script");
+  t.add_cleanup(() => script.remove());
+  script.src = "resources/script-with-0x00-in-header.py";
+  script.onerror = t.step_func_done();
+  script.onload = t.unreached_func();
+  document.body.append(script);
+}, "Expect network error for script with 0x00 in a header");
+
+async_test(t => {
+  const frame = document.createElement("iframe");
+  t.add_cleanup(() => frame.remove());
+  frame.src = "resources/document-with-0x00-in-header.py";
+  // If network errors result in load events for frames per
+  // https://github.com/whatwg/html/issues/125 and https://github.com/whatwg/html/issues/1230 this
+  // should be changed to use the load event instead.
+  t.step_timeout(() => {
+    assert_equals(frame.contentDocument, null);
+    t.done();
+  }, 1000);
+  document.body.append(frame);
+}, "Expect network error for frame navigation to resource with 0x00 in a header");
+
+async_test(t => {
+  const img = document.createElement("img");
+  t.add_cleanup(() => img.remove());
+  img.src = "resources/blue-with-0x00-in-a-header.asis";
+  img.onerror = t.step_func_done();
+  img.onload = t.unreached_func();
+  document.body.append(img);
+}, "Expect network error for image with 0x00 in a header");
diff --git a/testing/web-platform/tests/fetch/h1-parsing/resources/README.md b/testing/web-platform/tests/fetch/h1-parsing/resources/README.md
@@ -0,0 +1,6 @@
+`blue-with-0x00-in-a-header.asis` is a copy from `../../images/blue.png` with the following prepended using Control Pictures to signify actual newlines and 0x00:
+```
+HTTP/1.1 200 AN IMAGE␍␊
+Content-Type: image/png␍␊
+Custom: ␀␍␊␍␊
+```
diff --git a/testing/web-platform/tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis b/testing/web-platform/tests/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis
diff --git a/testing/web-platform/tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py b/testing/web-platform/tests/fetch/h1-parsing/resources/document-with-0x00-in-header.py
@@ -0,0 +1,4 @@
+def main(request, response):
+    response.headers.set("Content-Type", "text/html")
+    response.headers.set("Custom", "\0")
+    return "<!doctype html><b>This is a document.</b>"
diff --git a/testing/web-platform/tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py b/testing/web-platform/tests/fetch/h1-parsing/resources/script-with-0x00-in-header.py
@@ -0,0 +1,4 @@
+def main(request, response):
+    response.headers.set("Content-Type", "text/javascript")
+    response.headers.set("Custom", "\0")
+    return "var thisIsJavaScript = 0"
diff --git a/testing/web-platform/tests/lint.whitelist b/testing/web-platform/tests/lint.whitelist
@@ -77,6 +77,7 @@ AHEM COPY: css/vendor-imports/mozilla/mozilla-central-reftests/*/Ahem.ttf
 # Intentional use of CRLF
 CR AT EOL: WebIDL/valid/idl/documentation-dos.widl
 CR AT EOL: cors/resources/cors-headers.asis
+CR AT EOL: fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis
 CR AT EOL: html/semantics/forms/the-textarea-element/multiline-placeholder-cr.html
 CR AT EOL: html/semantics/forms/the-textarea-element/multiline-placeholder-crlf.html
 CR AT EOL: html/semantics/forms/the-input-element/multiline-placeholder-cr.html