From d8bbc7858622b6d9c278469aab701ca0b609cddf Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 15 May 2024 05:35:49 +0200
Subject: Merging upstream version 126.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../url-classifier/nsUrlClassifierUtils.cpp        | 26 +++++++++++++++++++++-
 .../url-classifier/nsUrlClassifierUtils.h          |  2 ++
 .../tests/mochitest/classifierCommon.js            |  2 +-
 .../tests/mochitest/classifierHelper.js            |  2 +-
 .../tests/unit/test_canonicalization.js            | 10 +++++++++
 5 files changed, 39 insertions(+), 3 deletions(-)

(limited to 'toolkit/components/url-classifier')

diff --git a/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp b/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp
index da5e9cd451..6a329830d6 100644
--- a/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp
@@ -293,7 +293,12 @@ nsUrlClassifierUtils::GetKeyForURI(nsIURI* uri, nsACString& _retval) {
     rv = innerURI->GetQuery(query);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    _retval.AppendPrintf("?%s", query.get());
+    // We have to canonicalize the query too based on
+    // https://developers.google.com/safe-browsing/v4/urls-hashing?hl=en#canonicalization
+    rv = CanonicalizeQuery(query, temp);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    _retval.Append(temp);
   }
 
   return NS_OK;
@@ -917,6 +922,25 @@ nsresult nsUrlClassifierUtils::CanonicalizePath(const nsACString& path,
   return NS_OK;
 }
 
+nsresult nsUrlClassifierUtils::CanonicalizeQuery(const nsACString& query,
+                                                 nsACString& _retval) {
+  _retval.Truncate();
+  _retval.Append('?');
+
+  // Unescape the query
+  nsAutoCString unescaped;
+  if (!NS_UnescapeURL(PromiseFlatCString(query).get(),
+                      PromiseFlatCString(query).Length(), 0, unescaped)) {
+    unescaped.Assign(query);
+  }
+
+  // slash folding does not apply to the query parameters, but we need to
+  // percent-escape all characters that are <= ASCII 32, >= 127, "#", or "%"
+  SpecialEncode(unescaped, false, _retval);
+
+  return NS_OK;
+}
+
 void nsUrlClassifierUtils::CleanupHostname(const nsACString& hostname,
                                            nsACString& _retval) {
   _retval.Truncate();
diff --git a/toolkit/components/url-classifier/nsUrlClassifierUtils.h b/toolkit/components/url-classifier/nsUrlClassifierUtils.h
index 5ff9d97fdc..bcced1a76a 100644
--- a/toolkit/components/url-classifier/nsUrlClassifierUtils.h
+++ b/toolkit/components/url-classifier/nsUrlClassifierUtils.h
@@ -29,6 +29,8 @@ class nsUrlClassifierUtils final : public nsIUrlClassifierUtils,
                                 nsACString& _retval);
   nsresult CanonicalizePath(const nsACString& url, nsACString& _retval);
 
+  nsresult CanonicalizeQuery(const nsACString& query, nsACString& _retval);
+
   // This function will encode all "special" characters in typical url encoding,
   // that is %hh where h is a valid hex digit.  The characters which are encoded
   // by this function are any ascii characters under 32(control characters and
diff --git a/toolkit/components/url-classifier/tests/mochitest/classifierCommon.js b/toolkit/components/url-classifier/tests/mochitest/classifierCommon.js
index 00a4e8d08b..bf3d35047f 100644
--- a/toolkit/components/url-classifier/tests/mochitest/classifierCommon.js
+++ b/toolkit/components/url-classifier/tests/mochitest/classifierCommon.js
@@ -63,7 +63,7 @@ function doReload() {
   }
 }
 
-// SafeBrowsing.jsm is initialized after mozEntries are added. Add observer
+// SafeBrowsing.sys.mjs is initialized after mozEntries are added. Add observer
 // to receive "finished" event. For the case when this function is called
 // after the event had already been notified, we lookup entries to see if
 // they are already added to database.
diff --git a/toolkit/components/url-classifier/tests/mochitest/classifierHelper.js b/toolkit/components/url-classifier/tests/mochitest/classifierHelper.js
index b07bfc7fc5..55870b462c 100644
--- a/toolkit/components/url-classifier/tests/mochitest/classifierHelper.js
+++ b/toolkit/components/url-classifier/tests/mochitest/classifierHelper.js
@@ -24,7 +24,7 @@ classifierHelper._updatesToCleanup = [];
 
 classifierHelper._initsCB = [];
 
-// This function return a Promise, promise is resolved when SafeBrowsing.jsm
+// This function return a Promise, promise is resolved when SafeBrowsing.sys.mjs
 // is initialized.
 classifierHelper.waitForInit = function () {
   return new Promise(function (resolve) {
diff --git a/toolkit/components/url-classifier/tests/unit/test_canonicalization.js b/toolkit/components/url-classifier/tests/unit/test_canonicalization.js
index e26bb5d84a..a9fdf71315 100644
--- a/toolkit/components/url-classifier/tests/unit/test_canonicalization.js
+++ b/toolkit/components/url-classifier/tests/unit/test_canonicalization.js
@@ -80,4 +80,14 @@ function run_test() {
     canonicalize("http://host.com//twoslashes?more//slashes"),
     "http://host.com/twoslashes?more//slashes"
   );
+  equal(
+    canonicalize("http://host.com/path?query%3Awith%3Acolons"),
+    "http://host.com/path?query:with:colons"
+  );
+  equal(
+    canonicalize(
+      "https://wiki.mozilla.org/index.php?title=MozillaWiki%3AHelp&action=history"
+    ),
+    "https://wiki.mozilla.org/index.php?title=MozillaWiki:Help&action=history"
+  );
 }
-- 
cgit v1.2.3