Extract bits out of a javascript URL through serialization

The root cause here is a change in the URL parser that allows all schemes to have components such as host. Without this change more obscure javascript URLs such as javascript://test/%0Aalert(1) would fail to function. Fixes #672.
whatwg · Jun 1, 2016 · 4113965 · 4113965
1 parent 9a49f18
commit 4113965
Showing 1 changed file with 6 additions and 18 deletions.
diff --git a/source b/source
@@ -81497,26 +81497,14 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O
        <span>active document</span>'s <span>origin</span>, then let <var>result</var> be undefined,
        and jump to the step labeled <i>process result</i> below.</p></li>
 
-       <li><p>Let <var>urlRecord</var> be the result of running the <span>URL parser</span> on the
-       <span>URL</span> of <var>resource</var>.</p></li>
+       <li><p>Let <var>urlString</var> be the result of running the <span
+       data-x="concept-url-serialiser">URL serialiser</span> on <var>resource</var>.</p></li>
 
-       <li><p>Let <var>script source</var> be the empty string.</p></li>
-
-       <li><p>Append the first string of <var>urlRecord</var>'s <span
-       data-x="concept-url-path">path</span> component to <var>script source</var>.</p></li>
-
-       <li><p>If <var>urlRecord</var>'s <span data-x="concept-url-query">query</span> component is
-       not null, then first append a U+003F QUESTION MARK character (?) to <var>script source</var>,
-       and then append <var>urlRecord</var>'s <span data-x="concept-url-query">query</span>
-       component to <var>script source</var>.</p></li>
-
-       <li><p>If <var>urlRecord</var>'s <span data-x="concept-url-fragment">fragment</span>
-       component is not null, then first append a U+0023 NUMBER SIGN character (#) to <var>script
-       source</var>, and then append <var>urlRecord</var>'s <span
-       data-x="concept-url-fragment">fragment</span> component to <var>script source</var>.</p></li>
+       <li><p>Remove the leading "<code data-x="">javascript:</code>" string from
+       <var>urlString</var>.</p></li>
 
-       <li><p>Replace <var>script source</var> with the result of applying the
-       <span>percent decode</span> algorithm to <var>script source</var>.</p></li>
+       <li><p>Let <var>script source</var> be the result of applying the <span>percent decode</span>
+       algorithm to <var>urlString</var>.</p></li>
 
        <li><p>Replace <var>script source</var> with the result of applying the <span>UTF-8
        decode</span> algorithm to <var>script source</var>.</p></li>