HTTP: 0x00 in a header value

annevk · annevk · commit d2da82088749 · 2020-01-03T11:18:08.000+01:00
Tests to complement those written in #10424.
diff --git a/fetch/h1-parsing/resources-with-0x00-in-header.window.js b/fetch/h1-parsing/resources-with-0x00-in-header.window.js
@@ -0,0 +1,31 @@
+async_test(t => {
+  const script = document.createElement("script");
+  t.add_cleanup(() => script.remove());
+  script.src = "resources/script-with-0x00-in-header.py";
+  script.onerror = t.step_func_done();
+  script.onload = t.unreached_func();
+  document.body.append(script);
+}, "Expect network error for script with 0x00 in a header");
+
+async_test(t => {
+  const frame = document.createElement("iframe");
+  t.add_cleanup(() => frame.remove());
+  frame.src = "resources/document-with-0x00-in-header.py";
+  // If network errors result in load events for frames per
+  // https://github.com/whatwg/html/issues/125 and https://github.com/whatwg/html/issues/1230 this
+  // should be changed to use the load event instead.
+  t.step_timeout(() => {
+    assert_equals(frame.contentDocument, null);
+    t.done();
+  }, 1000);
+  document.body.append(frame);
+}, "Expect network error for frame navigation to resource with 0x00 in a header");
+
+async_test(t => {
+  const img = document.createElement("img");
+  t.add_cleanup(() => img.remove());
+  img.src = "resources//blue-with-0x00-in-a-header.asis";
+  img.onerror = t.step_func_done();
+  img.onload = t.unreached_func();
+  document.body.append(img);
+}, "Expect network error for image with 0x00 in a header");
diff --git a/fetch/h1-parsing/resources/README.md b/fetch/h1-parsing/resources/README.md
@@ -0,0 +1,6 @@
+`blue-with-0x00-in-a-header.asis` is a copy from `../../images/blue.png` with the following prepended using Control Pictures to signify actual newlines and 0x00:
+```
+HTTP/1.1 200 AN IMAGE␍␊
+Content-Type: image/png␍␊
+Custom: ␀␍␊␍␊
+```
diff --git a/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis b/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis
diff --git a/fetch/h1-parsing/resources/document-with-0x00-in-header.py b/fetch/h1-parsing/resources/document-with-0x00-in-header.py
@@ -0,0 +1,4 @@
+def main(request, response):
+    response.headers.set("Content-Type", "text/html")
+    response.headers.set("Custom", "\0")
+    return "<!doctype html><b>This is irrelevant.</b>"
diff --git a/fetch/h1-parsing/resources/script-with-0x00-in-header.py b/fetch/h1-parsing/resources/script-with-0x00-in-header.py
@@ -0,0 +1,4 @@
+def main(request, response):
+    response.headers.set("Content-Type", "text/javascript")
+    response.headers.set("Custom", "\0")
+    return "var irrelevant = 0"
