Skip to content

Commit

Permalink
Add a final newline normalization for form payloads
Browse files Browse the repository at this point in the history 
When entries are added to a form's entry list through the "append an
entry" algorithm, their newlines are normalized, but entries can be
added to an entry list through other means. This change adds a final
newline normalization before serializing the form payload, since "append
an entry" cannot be changed because its results are observable through
the `FormData` object or through the `formdata` event.

This change additionally changes the input passed to the
`application/x-www-form-urlencoded` and `text/plain` serializes to be a
list of name-value pairs, where the values are strings rather than
`File` objects. This simplifies the serializer algorithms.

Closes whatwg#6247. Closes whatwg/url#562.
  • Loading branch information
Andreu Botella committed Jan 13, 2021
1 parent fba814b commit 3a328cf
Showing 1 changed file with 95 additions and 18 deletions.
113 changes: 95 additions & 18 deletions source
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56069,9 +56069,12 @@ fur
<dl>
<dt><dfn data-x="submit-mutate-action">Mutate action URL</dfn>
<dd>
<p>Let <var>pairs</var> be the result of <span data-x="convert to a list of name-value
pairs">converting to a list of name-value pairs</span> with <var>entry list</var>.</p>

<p>Let <var>query</var> be the result of running the
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>entry
list</var> and <var>encoding</var>.</p>
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>pairs</var>
and <var>encoding</var>.</p>

<p>Set <var>parsed action</var>'s <span data-x="concept-url-query">query</span>
component to <var>query</var>.</p>
Expand All @@ -56087,9 +56090,12 @@ fur
<dt><code data-x="attr-fs-enctype-urlencoded">application/x-www-form-urlencoded</code></dt>

<dd>
<p>Let <var>pairs</var> be the result of <span data-x="convert to a list of name-value
pairs">converting to a list of name-value pairs</span> with <var>entry list</var>.</p>

<p>Let <var>body</var> be the result of running the
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>entry
list</var> and <var>encoding</var>.</p>
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>pairs</var>
and <var>encoding</var>.</p>

<p>Set <var>body</var> to the result of <span data-x="UTF-8 encode">encoding</span>
<var>body</var>.</p>
Expand All @@ -56100,6 +56106,24 @@ fur
<dt><code data-x="attr-fs-enctype-formdata">multipart/form-data</code></dt>

<dd>
<p>For each <span data-x="formdata-entry">entry</span> in <var>entry list</var>:</p>

<ol>
<li><p>Replace every occurrence of U+000D (CR) not followed by U+000A (LF), and every
occurrence of U+000A (LF) not preceded by U+000D (CR), in the entry's name, by a string
consisting of a U+000D (CR) and U+000A (LF).</p></li>
<li><p>If the entry's value is not a <code>File</code> object, replace every occurrence of
U+000D (CR) not followed by U+000A (LF), and every occurrence of U+000A (LF) not preceded
by U+000D (CR), in the entry's value, by a string consisting of a U+000D (CR) and U+000A
(LF).</p></li>
</ol>

<p class="note">These newline conversions in this algorithm are necessary because not all
names and string values in entry lists reaching this point need have been previously
normalized when <span data-x="append an entry">appending the entry</span>. That
normalization is idempotent, so implementations are allowed to keep track of which names and
values have been previously normalized in order to skip them in this algorithm.</p>

<p>Let <var>body</var> be the result of running the <span><code
data-x="">multipart/form-data</code> encoding algorithm</span> with <var>entry list</var>
and <var>encoding</var>.</p>
Expand All @@ -56114,8 +56138,11 @@ fur
<dt><code data-x="attr-fs-enctype-text">text/plain</code></dt>

<dd>
<p>Let <var>pairs</var> be the result of <span data-x="convert to a list of name-value
pairs">converting to a list of name-value pairs</span> with <var>entry list</var>.</p>

<p>Let <var>body</var> be the result of running the <span><code data-x="">text/plain</code>
encoding algorithm</span> with <var>entry list</var>.</p>
encoding algorithm</span> with <var>pairs</var>.</p>

<p>Set <var>body</var> to the result of <span data-x="encode">encoding</span>
<var>body</var> using <var>encoding</var>.</p>
Expand All @@ -56141,9 +56168,12 @@ fur

<dt><dfn data-x="submit-mailto-headers">Mail with headers</dfn>
<dd>
<p>Let <var>pairs</var> be the result of <span data-x="convert to a list of name-value
pairs">converting to a list of name-value pairs</span> with <var>entry list</var>.</p>

<p>Let <var>headers</var> be the result of running the
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>entry
list</var> and <var>encoding</var>.</p>
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>pairs</var>
and <var>encoding</var>.</p>

<p>Replace occurrences of U+002B PLUS SIGN characters (+) in <var>headers</var> with
the string "<code data-x="">%20</code>".</p>
Expand All @@ -56156,14 +56186,17 @@ fur

<dt><dfn data-x="submit-mailto-body">Mail as body</dfn>
<dd>
<p>Let <var>pairs</var> be the result of <span data-x="convert to a list of name-value
pairs">converting to a list of name-value pairs</span> with <var>entry list</var>.</p>

<p>Switch on <var>enctype</var>:

<dl class="switch">
<dt><code data-x="attr-fs-enctype-text">text/plain</code></dt>

<dd>
<p>Let <var>body</var> be the result of running the <span><code data-x="">text/plain</code>
encoding algorithm</span> with <var>entry list</var>.</p>
encoding algorithm</span> with <var>pairs</var>.</p>

<p>Set <var>body</var> to the result of running <span>UTF-8 percent-encode</span> on
<var>body</var> using the <span>default encode set</span>. <ref spec=URL></p>
Expand All @@ -56172,8 +56205,8 @@ fur
<dt>Otherwise</dt>

<dd><p>Let <var>body</var> be the result of running the
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>entry
list</var> and <var>encoding</var>.</p></dd>
<span><code>application/x-www-form-urlencoded</code> serializer</span> with <var>pairs</var>
and <var>encoding</var>.</p></dd>
</dl>

<p>If <var>parsed action</var>'s <span data-x="concept-url-query">query</span> is null, then
Expand Down Expand Up @@ -56514,6 +56547,53 @@ fur

</div>

<div w-nodev>

<h5>Converting an entry list to a list of name-value pairs</h5>

<p>The <code>application/x-www-form-urlencoded</code> and <code data-x="text/plain encoding
algorithm">text/plain</code> encoding algorithms take a list of name-value pairs, where the values
must be strings, rather than an entry list where the value can be a <code>File</code>. The
following algorithm performs the conversion.</p>

<p>To <dfn>convert to a list of name-value pairs</dfn> an entry list <var>entry list</var>, run
these steps:</p>

<ol>
<li><p>Let <var>list</var> be an empty <span>list</span> of name-value pairs.</p></li>

<li>
<p>For each <span data-x="formdata-entry">entry</span> in <var>entry list</var>:</p>

<ol>
<li><p>Let <var>name</var> be the entry's name, with every occurrence of U+000D (CR) not
followed by U+000A (LF), and every occurrence of U+000A (LF) not preceded by U+000D (CR),
replaced by a string consisting of U+000D (CR) and U+000A (LF).</p></li>

<li><p>If the entry's value is a <code>File</code>, then let <var>value</var> be the entry's
value's <code data-x="dom-file-name">name</code>. Otherwise, let <var>value</var> be the
entry's value, with every occurrence of U+000D (CR) not followed by U+000A (LF), and every
occurrence of U+000A (LF) not preceded by U+000D (CR), replaced by a string consisting of
U+000D (CR) and U+000A (LF).</p></li>

<li><p><span data-x="list append">Append</span> to <var>list</var> a new name-value pair whose
name is <var>name</var> and whose value is <var>value</var>.</p></li>
</ol>
</li>

<li><p>Return <var>list</var>.</p></li>
</ol>

<p class="note">The newline conversions in this algorithm are necessary because not all names and
string values reaching the <code>application/x-www-form-urlencoded</code> or <code
data-x="text/plain encoding algorithm">text/plain</code> serializers need have been previously
normalized when <span data-x="append an entry">appending the entry</span>, and in fact no
filenames have. That normalization is idempotent, so implementations are allowed to keep track of
which names and string values have been previously normalized in order to skip them in this
algorithm.</p>

</div>


<h5>URL-encoded form data</h5>

Expand Down Expand Up @@ -56576,24 +56656,21 @@ fur

<div w-nodev>

<p>The <dfn><code data-x="">text/plain</code> encoding algorithm</dfn>, given an <var>entry
list</var>, is as follows:</p>
<p>The <dfn><code data-x="">text/plain</code> encoding algorithm</dfn>, given a list of name-value
pairs <var>pairs</var>, is as follows:</p>

<ol>
<li><p>Let <var>result</var> be the empty string.</p></li>

<li>
<p>For each <span data-x="formdata-entry">entry</span> in <var>entry list</var>:</p>
<p>For each <var>pair</var> in <var>pairs</var>:</p>

<ol>
<li><p>If the entry's value is a <code>File</code> object, then set its value to the
<code>File</code> object's <code data-x="dom-file-name">name</code>.</p></li>

<li><p>Append the entry's name to <var>result</var>.</p></li>
<li><p>Append <var>pair</var>'s name to <var>result</var>.</p></li>

<li><p>Append a single U+003D EQUALS SIGN character (=) to <var>result</var>.</p></li>

<li><p>Append the entry's value to <var>result</var>.</p></li>
<li><p>Append <var>pair</var>'s value to <var>result</var>.</p></li>

<li><p>Append a U+000D CARRIAGE RETURN (CR) U+000A LINE FEED (LF) character pair to <var>result</var>.</p></li>
</ol>
Expand Down

0 comments on commit 3a328cf

Please sign in to comment.