[Cfx] Revert incompatible URL parsing changes

The changes in whatwg/url#619 broke NUI URLs such as `https://cfx-nui-dr-scratching-3.1.0/`, which is a compat break for our use case. Since we don't rely on URL display to end users as much as browsers do, the security risks leading to this change do not apply here. This both reverts the behavior from f21b724, as well as 6998eb4 which is required to not fail mojo deserialization on IP-style hosts.
citizenfx · Nov 1, 2022 · 1dd9a14 · 1dd9a14
1 parent d05d08c
commit 1dd9a14
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/net/base/schemeful_site.cc b/net/base/schemeful_site.cc
@@ -38,6 +38,21 @@ SchemefulSite::ObtainASiteResult SchemefulSite::ObtainASite(
   if (IsStandardSchemeWithNetworkHost(origin.scheme())) {
     registerable_domain = GetDomainAndRegistry(
         origin, net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
+
+    // For domains in which the eTLD+1 is not canonical, do not use the eTLD+1.
+    // This is for domains like foo.127.1, which has an eTLD+1 of 127.1, but
+    // https://127.1/ == https://127.0.0.1. This is intended as a temporary
+    // hack not to DCHECK for such origins, until the URL spec is updated to
+    // make such domains invalid in URLs.
+    // TODO(https://crbug.com/1157010): Remove once the fetch spec is updated,
+    // and GURL rejects such domains names.
+    url::CanonHostInfo host_info;
+    bool site_domain_is_safe =
+        registerable_domain.empty() || registerable_domain == origin.host() ||
+        registerable_domain ==
+            CanonicalizeHost(registerable_domain, &host_info);
+    if (!site_domain_is_safe)
+      registerable_domain.clear();
   }
 
   // If origin's host's registrable domain is null, then return (origin's

diff --git a/url/url_canon_ip.cc b/url/url_canon_ip.cc
@@ -165,7 +165,7 @@ CanonHostInfo::Family DoIPv4AddressToNumber(const CHAR* spec,
       return CanonHostInfo::NEUTRAL;
 
     if (family != CanonHostInfo::IPV4)
-      return CanonHostInfo::BROKEN;
+      return CanonHostInfo::NEUTRAL;
 
     ++existing_components;
 
@@ -175,7 +175,7 @@ CanonHostInfo::Family DoIPv4AddressToNumber(const CHAR* spec,
 
     // If there are more than 4 components, fail.
     if (existing_components == 4)
-      return CanonHostInfo::BROKEN;
+      return CanonHostInfo::NEUTRAL;
 
     current_component_end = current_position - 1;
     --current_position;
@@ -187,7 +187,7 @@ CanonHostInfo::Family DoIPv4AddressToNumber(const CHAR* spec,
   // within an 8-bit field.
   for (int i = existing_components - 1; i > 0; i--) {
     if (component_values[i] > std::numeric_limits<uint8_t>::max())
-      return CanonHostInfo::BROKEN;
+      return CanonHostInfo::NEUTRAL;
     address[existing_components - i - 1] =
         static_cast<unsigned char>(component_values[i]);
   }
@@ -200,7 +200,7 @@ CanonHostInfo::Family DoIPv4AddressToNumber(const CHAR* spec,
 
   // If the last component has residual bits, report overflow.
   if (last_value != 0)
-    return CanonHostInfo::BROKEN;
+    return CanonHostInfo::NEUTRAL;
 
   // Tell the caller how many components we saw.
   *num_ipv4_components = existing_components;