From ba020a59075dcfb481a4d613fd3725dd3e484abc Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Mon, 30 Nov 2020 00:28:27 +0000 Subject: [PATCH] AK: Fix logic error in urldecode() percent-decoding We also need to append the raw consumed value if *either* of the two characters after the % isn't a hex digit, not only if *both* aren't. Fixes #4257. --- AK/Tests/TestURL.cpp | 14 ++++++++++++++ AK/URLParser.cpp | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/AK/Tests/TestURL.cpp b/AK/Tests/TestURL.cpp index 22729ff4b6..606eabe834 100644 --- a/AK/Tests/TestURL.cpp +++ b/AK/Tests/TestURL.cpp @@ -172,9 +172,22 @@ TEST_CASE(data_url) EXPECT_EQ(url.protocol(), "data"); EXPECT_EQ(url.host(), ""); EXPECT_EQ(url.data_mime_type(), "text/html"); + EXPECT_EQ(url.data_payload(), "test"); EXPECT_EQ(url.to_string(), "data:text/html,test"); } +TEST_CASE(data_url_encoded) +{ + URL url("data:text/html,Hello%20friends%2C%0X%X0"); + EXPECT_EQ(url.is_valid(), true); + EXPECT_EQ(url.protocol(), "data"); + EXPECT_EQ(url.host(), ""); + EXPECT_EQ(url.data_mime_type(), "text/html"); + EXPECT_EQ(url.data_payload(), "Hello friends,%0X%X0"); + // FIXME: Surely this should be URL-encoded again?! + EXPECT_EQ(url.to_string(), "data:text/html,Hello friends,%0X%X0"); +} + TEST_CASE(data_url_base64_encoded) { URL url("data:text/html;base64,test"); @@ -182,6 +195,7 @@ TEST_CASE(data_url_base64_encoded) EXPECT_EQ(url.protocol(), "data"); EXPECT_EQ(url.host(), ""); EXPECT_EQ(url.data_mime_type(), "text/html"); + EXPECT_EQ(url.data_payload(), "test"); EXPECT_EQ(url.to_string(), "data:text/html;base64,test"); } diff --git a/AK/URLParser.cpp b/AK/URLParser.cpp index 1a00334466..5cd94aae01 100644 --- a/AK/URLParser.cpp +++ b/AK/URLParser.cpp @@ -57,7 +57,7 @@ String urldecode(const StringView& input) builder.append(consume()); continue; } - if (!is_ascii_hex_digit(peek(1)) && !is_ascii_hex_digit(peek(2))) { + if (!is_ascii_hex_digit(peek(1)) || !is_ascii_hex_digit(peek(2))) { builder.append(consume()); continue; }