Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test cases for newline handling in form payloads #26740

Merged
merged 15 commits into from
Apr 12, 2021
Merged
5 changes: 5 additions & 0 deletions html/semantics/forms/form-submission-0/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Form submissions involving files are also tested in:

- `/FileAPI/file/send-file*` (for `multipart/form-data`)
- `/url/urlencoded-filenames.window.js` (for
`application/x-www-form-urlencoded`)
130 changes: 130 additions & 0 deletions html/semantics/forms/form-submission-0/text-plain.window.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
form({
filename: "basic-test.txt",
expectedFilename: "basic-test.txt",
description: "Basic test",
});

form({
filename: "a\0b",
expectedFilename: "a\0b",
description: "Controls: 0x00",
});

form({
filename: "a\nb",
expectedFilename: "a\r\nb",
description: "Newlines: \\n becomes \\r\\n",
});

form({
filename: "a\rb",
expectedFilename: "a\r\nb",
description: "Newlines: \\r becomes \\r\\n",
});

form({
filename: "a\n\rb",
expectedFilename: "a\r\n\r\nb",
description: "Newlines: \\n\\r becomes \\r\\n\\r\\n",
});

form({
filename: "a\r\nb",
expectedFilename: "a\r\nb",
description: "Newlines: \\r\\n stays unchanged",
});

form({
filename: 'a"b',
expectedFilename: 'a"b',
description: "Special punctuation: double quote",
});

form({
filename: "a'b",
expectedFilename: "a'b",
description: "Special punctuation: single quote",
});

form({
filename: "a\\b",
expectedFilename: "a\\b",
description: "Special punctuation: backslash",
});

form({
filename: "ábc",
expectedFilename: "\xC3\xA1bc",
description: "Non-ASCII",
});

form({
filename: "a\uFFFDb",
expectedFilename: "a�b",
formEncoding: "windows-1252",
description: "Character not in encoding",
});

function form({
filename,
expectedFilename,
formEncoding = "utf-8",
description,
}) {
promise_test(async (testCase) => {
if (document.readyState !== "complete") {
await new Promise((resolve) => addEventListener("load", resolve));
}

const formTargetFrame = Object.assign(document.createElement("iframe"), {
name: "formtargetframe",
});
document.body.append(formTargetFrame);
testCase.add_cleanup(() => {
document.body.removeChild(formTargetFrame);
});

const form = Object.assign(document.createElement("form"), {
acceptCharset: formEncoding,
action: "/FileAPI/file/resources/echo-content-escaped.py",
method: "POST",
enctype: "text/plain",
target: formTargetFrame.name,
});
document.body.append(form);
testCase.add_cleanup(() => {
document.body.removeChild(form);
});

const fileInput = Object.assign(document.createElement("input"), {
type: "file",
name: "file",
});
form.append(fileInput);

const textPlain = await new Promise((resolve) => {
const dataTransfer = new DataTransfer();
dataTransfer.items.add(new File([], filename, { type: "text/plain" }));
fileInput.files = dataTransfer.files;

form.submit();
formTargetFrame.onload = () => {
// Undo the newline normalization caused by loading the server's output
// as an iframe, and decode the echo-content-escaped.py escapes to reach
// an isomorphic-encoding of the bytes sent to the server.
resolve(
formTargetFrame.contentDocument.body.textContent
.replace(/\n/g, "\r\n")
.replace(
/\\x[0-9a-f]{2}/gi,
(esc) => String.fromCodePoint(parseInt(esc.substring(2), 16)),
)
.replace(/\\\\/g, "\\"),
);
};
});

const expected = `file=${expectedFilename}\r\n`;
assert_equals(textPlain, expected);
}, `Test urlencoding of filenames: ${description}`);
}
122 changes: 122 additions & 0 deletions url/urlencoded-filenames.window.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
form({
filename: "basic-test.txt",
expectedFilename: "basic-test.txt",
description: "Basic test",
});

form({
filename: "a\0b",
expectedFilename: "a%00b",
description: "Controls: 0x00",
});

form({
filename: "a\nb",
expectedFilename: "a%0D%0Ab",
description: "Newlines: \\n becomes \\r\\n",
});

form({
filename: "a\rb",
expectedFilename: "a%0D%0Ab",
description: "Newlines: \\r becomes \\r\\n",
});

form({
filename: "a\n\rb",
expectedFilename: "a%0D%0A%0D%0Ab",
description: "Newlines: \\n\\r becomes \\r\\n\\r\\n",
});

form({
filename: "a\r\nb",
expectedFilename: "a%0D%0Ab",
description: "Newlines: \\r\\n stays unchanged",
});

form({
filename: 'a"b',
expectedFilename: "a%22b",
description: "Special punctuation: double quote",
});

form({
filename: "a'b",
expectedFilename: "a%27b",
description: "Special punctuation: single quote",
});

form({
filename: "a\\b",
expectedFilename: "a%5Cb",
description: "Special punctuation: backslash",
});

form({
filename: "ábc",
expectedFilename: "%C3%A1bc",
description: "Non-ASCII",
});

form({
filename: "a\uFFFDb",
expectedFilename: "a%26%2365533%3Bb",
formEncoding: "windows-1252",
description: "Character not in encoding",
});

function form({
filename,
expectedFilename,
formEncoding = "utf-8",
description,
}) {
promise_test(async (testCase) => {
if (document.readyState !== "complete") {
await new Promise((resolve) => addEventListener("load", resolve));
}

const formTargetFrame = Object.assign(document.createElement("iframe"), {
name: "formtargetframe",
});
document.body.append(formTargetFrame);
testCase.add_cleanup(() => {
document.body.removeChild(formTargetFrame);
});

const form = Object.assign(document.createElement("form"), {
acceptCharset: formEncoding,
// Using echo-content-escaped.py rather than /fetch/api/resources/echo-content.py
// to work around WebKit not percent-encoding \x00 (which causes the
// response to be detected as a binary file and served as a download).
// The output should not change if the urlencoded serializer is correct.
action: "/FileAPI/file/resources/echo-content-escaped.py",
method: "POST",
enctype: "application/x-www-form-urlencoded",
target: formTargetFrame.name,
});
document.body.append(form);
testCase.add_cleanup(() => {
document.body.removeChild(form);
});

const fileInput = Object.assign(document.createElement("input"), {
type: "file",
name: "file",
});
form.append(fileInput);

await new Promise((resolve) => {
const dataTransfer = new DataTransfer();
dataTransfer.items.add(new File([], filename, { type: "text/plain" }));
fileInput.files = dataTransfer.files;

form.submit();
formTargetFrame.onload = resolve;
});

const urlencoded = formTargetFrame.contentDocument.body.textContent;
const expected = `file=${expectedFilename}`;
assert_equals(urlencoded, expected);
}, `Test urlencoding of filenames: ${description}`);
}