Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Complete ice server url validation #2996

Merged
merged 1 commit into from
Oct 24, 2024
Merged

Complete ice server url validation #2996

merged 1 commit into from
Oct 24, 2024

Conversation

dontcallmedom
Copy link
Member

@dontcallmedom dontcallmedom commented Sep 3, 2024
edited by pr-preview bot
Loading

close #2912

Preview | Diff

@dontcallmedom dontcallmedom mentioned this pull request Sep 3, 2024
Open
@dontcallmedom
Copy link
Member Author

(the CI error is because we don't have tests for this; as noted in #2950 this is only a continuation of the lack of test for this change; see also #2997)

@dontcallmedom
Copy link
Member Author

as discussed in #2997 (comment), reusing the application/x-www-form-urlencoded parser means making ?&transport=udp parsable; an alternative would be to instead do the split on = ourselves (rather than invoking the URL algorithm), limiting the set of acceptable query strings to ?transport=udp and ?transport=tcp (which would align better at least with the libwebrtc implementation). happy to change the PR in that direction if that's the preferred path.

@jan-ivar
Copy link
Member

jan-ivar commented Sep 3, 2024

... reusing the application/x-www-form-urlencoded parser means making ?&transport=udp parsable

Less custom URL parsing seems in line with being "consistent with how we treat URLs elsewhere in the platform.". #2660 (comment)

an alternative would be to instead do the split on = ourselves (rather than invoking the URL algorithm), limiting the set of acceptable query strings to ?transport=udp and ?transport=tcp

OTOH, if this simple string compare lets us keep this in REC, why not do that for now, and add application/x-www-form-urlencoded back in later?

That seems a reasonable way to increment here to me.

@jan-ivar
Copy link
Member

jan-ivar commented Sep 3, 2024
edited
Loading

Are there any URLs that would reveal differences in parsing of the first part of the url (ahead of the ?) ?

dontcallmedom added a commit that referenced this pull request Sep 4, 2024
@dontcallmedom
Use simple string comparison for query string
fb9a1b0 
and forbid query string on stun/stuns
see #2996 (comment)
@dontcallmedom
Copy link
Member Author

I've switched to using a simple string comparison; I'm not sure using application/x-www-form-urlencoded parsing buys us much when it is not clear the RFC means it that way.

dontcallmedom added a commit that referenced this pull request Sep 4, 2024
@dontcallmedom
Use simple string comparison for query string
7601b0d 
and forbid query string on stun/stuns
see #2996 (comment)
@dontcallmedom dontcallmedom force-pushed the transport-qs-parsing branch 2 times, most recently from 940aa73 to 785dfaa Compare September 4, 2024 12:37
@jan-ivar
Copy link
Member

jan-ivar commented Sep 4, 2024

Yeah that algorithm supports multiple query parameters whereas our RFC does not, so it's arguably odd to support & at all

jan-ivar
jan-ivar approved these changes Oct 10, 2024
View reviewed changes
webrtc.html Outdated
<li><p>TODO: validate ?transport=udp|tcp</p></li>
<li>Let <var>urlParams</var> be the result of applying <a data-cite="url#concept-urlencoded-string-parser"><code>application/x-www-form-urlencoded</code> string parser</a> to <var>parsedURL</var>'s [=url/query=].</li>
<li>If <var>urlParams</var>’s [=list/size=] is greater than 1, then fail.</li>
<li>If <var>urlParams</var>’s [=list/size=] is 1, let <code>(<var>paramName</var>, <var>paramValue</var>)</code> be the two items of <code><var>urlParams/var>[0]</code>.</li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing <

Suggested change
<li>If <var>urlParams</var>’s [=list/size=] is 1, let <code>(<var>paramName</var>, <var>paramValue</var>)</code> be the two items of <code><var>urlParams/var>[0]</code>.</li>
<li>If <var>urlParams</var>’s [=list/size=] is 1, let <code>(<var>paramName</var>, <var>paramValue</var>)</code> be the two items of <code><var>urlParams</var>[0]</code>.</li>

@dontcallmedom dontcallmedom mentioned this pull request Oct 10, 2024
Merged
@henbos henbos merged commit e00c759 into main Oct 24, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-ivar jan-ivar jan-ivar approved these changes

Assignees
No one assigned
Labels
Editors can integrate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix ICE server URL querystring validation
3 participants
@dontcallmedom @jan-ivar @henbos