Avoid decoding XHR type="json" responses as UTF-16BE/LE

https://infra.spec.whatwg.org/#parse-json-from-bytes says to use
"UTF-8 decode" rather than "decode", so UTF-16BE/LE BOM should
not be honored.
This commit is contained in:
Henri Sivonen 2017-11-01 16:50:53 +02:00
parent edb2db55b7
commit 18a52ea0e9
4 changed files with 46 additions and 3 deletions

View file

@ -1164,8 +1164,8 @@ impl XMLHttpRequest {
return NullValue();
}
// Step 4
fn decode_to_utf16(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
let mut decoder = encoding.new_decoder();
fn decode_to_utf16_with_bom_removal(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
let mut decoder = encoding.new_decoder_with_bom_removal();
let capacity = decoder.max_utf16_buffer_length(bytes.len()).expect("Overflow");
let mut utf16 = Vec::with_capacity(capacity);
let extra = unsafe {
@ -1179,7 +1179,12 @@ impl XMLHttpRequest {
}
utf16
}
let json_text = decode_to_utf16(&bytes, UTF_8);
// https://xhr.spec.whatwg.org/#json-response refers to
// https://infra.spec.whatwg.org/#parse-json-from-bytes which refers to
// https://encoding.spec.whatwg.org/#utf-8-decode which means
// that the encoding is always UTF-8 and the UTF-8 BOM is removed,
// if present, but UTF-16BE/LE BOM must not be honored.
let json_text = decode_to_utf16_with_bom_removal(&bytes, UTF_8);
// Step 5
rooted!(in(cx) let mut rval = UndefinedValue());
unsafe {