diff --git a/fetch/h1-parsing/resources-with-0x00-in-header.window.js b/fetch/h1-parsing/resources-with-0x00-in-header.window.js new file mode 100644 index 00000000000000..f1afeeb740b1d7 --- /dev/null +++ b/fetch/h1-parsing/resources-with-0x00-in-header.window.js @@ -0,0 +1,31 @@ +async_test(t => { + const script = document.createElement("script"); + t.add_cleanup(() => script.remove()); + script.src = "resources/script-with-0x00-in-header.py"; + script.onerror = t.step_func_done(); + script.onload = t.unreached_func(); + document.body.append(script); +}, "Expect network error for script with 0x00 in a header"); + +async_test(t => { + const frame = document.createElement("iframe"); + t.add_cleanup(() => frame.remove()); + frame.src = "resources/document-with-0x00-in-header.py"; + // If network errors result in load events for frames per + // https://github.com/whatwg/html/issues/125 and https://github.com/whatwg/html/issues/1230 this + // should be changed to use the load event instead. + t.step_timeout(() => { + assert_equals(frame.contentDocument, null); + t.done(); + }, 1000); + document.body.append(frame); +}, "Expect network error for frame navigation to resource with 0x00 in a header"); + +async_test(t => { + const img = document.createElement("img"); + t.add_cleanup(() => img.remove()); + img.src = "resources/blue-with-0x00-in-a-header.asis"; + img.onerror = t.step_func_done(); + img.onload = t.unreached_func(); + document.body.append(img); +}, "Expect network error for image with 0x00 in a header"); diff --git a/fetch/h1-parsing/resources/README.md b/fetch/h1-parsing/resources/README.md new file mode 100644 index 00000000000000..2175d274088bda --- /dev/null +++ b/fetch/h1-parsing/resources/README.md @@ -0,0 +1,6 @@ +`blue-with-0x00-in-a-header.asis` is a copy from `../../images/blue.png` with the following prepended using Control Pictures to signify actual newlines and 0x00: +``` +HTTP/1.1 200 AN IMAGE␍␊ +Content-Type: image/png␍␊ +Custom: ␀␍␊␍␊ +``` diff --git a/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis b/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis new file mode 100644 index 00000000000000..102340a6313feb Binary files /dev/null and b/fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis differ diff --git a/fetch/h1-parsing/resources/document-with-0x00-in-header.py b/fetch/h1-parsing/resources/document-with-0x00-in-header.py new file mode 100644 index 00000000000000..6e8db6195910ef --- /dev/null +++ b/fetch/h1-parsing/resources/document-with-0x00-in-header.py @@ -0,0 +1,4 @@ +def main(request, response): + response.headers.set("Content-Type", "text/html") + response.headers.set("Custom", "\0") + return "This is a document." diff --git a/fetch/h1-parsing/resources/script-with-0x00-in-header.py b/fetch/h1-parsing/resources/script-with-0x00-in-header.py new file mode 100644 index 00000000000000..f4a016a369831e --- /dev/null +++ b/fetch/h1-parsing/resources/script-with-0x00-in-header.py @@ -0,0 +1,4 @@ +def main(request, response): + response.headers.set("Content-Type", "text/javascript") + response.headers.set("Custom", "\0") + return "var thisIsJavaScript = 0" diff --git a/lint.whitelist b/lint.whitelist index d06f4c59bca28d..b5a8f80687044b 100644 --- a/lint.whitelist +++ b/lint.whitelist @@ -77,6 +77,7 @@ AHEM COPY: css/vendor-imports/mozilla/mozilla-central-reftests/*/Ahem.ttf # Intentional use of CRLF CR AT EOL: WebIDL/valid/idl/documentation-dos.widl CR AT EOL: cors/resources/cors-headers.asis +CR AT EOL: fetch/h1-parsing/resources/blue-with-0x00-in-a-header.asis CR AT EOL: html/semantics/forms/the-textarea-element/multiline-placeholder-cr.html CR AT EOL: html/semantics/forms/the-textarea-element/multiline-placeholder-crlf.html CR AT EOL: html/semantics/forms/the-input-element/multiline-placeholder-cr.html