Avoid decoding XHR type="json" responses as UTF-16BE/LE

https://infra.spec.whatwg.org/#parse-json-from-bytes says to use
"UTF-8 decode" rather than "decode", so UTF-16BE/LE BOM should
not be honored.

components/script/dom/xmlhttprequest.rs

@@ -1164,8 +1164,8 @@ impl XMLHttpRequest {
             return NullValue();
         }
         // Step 4
-        fn decode_to_utf16(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
+        fn decode_to_utf16_with_bom_removal(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
-            let mut decoder = encoding.new_decoder();
+            let mut decoder = encoding.new_decoder_with_bom_removal();
             let capacity = decoder.max_utf16_buffer_length(bytes.len()).expect("Overflow");
             let mut utf16 = Vec::with_capacity(capacity);
             let extra = unsafe {
@@ -1179,7 +1179,12 @@ impl XMLHttpRequest {
             }
             utf16
         }
-        let json_text = decode_to_utf16(&bytes, UTF_8);
+        // https://xhr.spec.whatwg.org/#json-response refers to
+        // https://infra.spec.whatwg.org/#parse-json-from-bytes which refers to
+        // https://encoding.spec.whatwg.org/#utf-8-decode which means
+        // that the encoding is always UTF-8 and the UTF-8 BOM is removed,
+        // if present, but UTF-16BE/LE BOM must not be honored.
+        let json_text = decode_to_utf16_with_bom_removal(&bytes, UTF_8);
         // Step 5
         rooted!(in(cx) let mut rval = UndefinedValue());
         unsafe {

tests/wpt/metadata/MANIFEST.json

@@ -180079,6 +180079,11 @@
      {}
     ]
    ],
+   "XMLHttpRequest/resources/utf16-bom.json": [
+    [
+     {}
+    ]
+   ],
    "XMLHttpRequest/resources/utf16.txt": [
     [
      {}
@@ -293760,6 +293765,12 @@
      {}
     ]
    ],
+   "XMLHttpRequest/no-utf16-json.htm": [
+    [
+     "/XMLHttpRequest/no-utf16-json.htm",
+     {}
+    ]
+   ],
    "XMLHttpRequest/open-after-abort.htm": [
     [
      "/XMLHttpRequest/open-after-abort.htm",
@@ -377781,6 +377792,10 @@
    "6804845b3ba0e52ee407fc7e8036ce905283751c",
    "testharness"
   ],
+  "XMLHttpRequest/no-utf16-json.htm": [
+   "4546215ad6f138676d3c473782e6e34b4c922589",
+   "testharness"
+  ],
   "XMLHttpRequest/open-after-abort.htm": [
    "082fa646606cf8f278d61960f02fafa264e57e9f",
    "testharness"
@@ -378273,6 +378288,10 @@
    "e1addc2a9f014c2546b5770dd328b1562dc4fdc3",
    "support"
   ],
+  "XMLHttpRequest/resources/utf16-bom.json": [
+   "3d344828308b32594a8ed51a3cf186ccfa83cfb1",
+   "support"
+  ],
   "XMLHttpRequest/resources/utf16.txt": [
    "47e95b463051a904934ec51df445a39301c5f671",
    "support"

tests/wpt/web-platform-tests/XMLHttpRequest/no-utf16-json.htm

@@ -0,0 +1,19 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>XMLHttpRequest: responseType "json" should be decoded as UTF-8 even when there's a UTF-16 BOM</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+    <link rel="help" href="https://infra.spec.whatwg.org/#parse-json-from-bytes" data-tested-assertations="following::ol/li[1]" />
+<div id="log"></div>
+
+<script>
+  async_test(function() {
+    var client = new XMLHttpRequest();
+    client.responseType = 'json';
+    client.onload = this.step_func_done(function(e) {
+      assert_equals(client.response, null);
+    });
+    client.open("GET", "resources/utf16-bom.json");
+    client.send(null);
+  }, 'JSON asa UTF-16 with BOM should decode as UTF-8 (and, therefore, fail)');
+</script>