CMXSL.org/trisquel-icecat
2
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages Wiki Activity Actions

icecat: add release icecat-140.6.0-1gnu1 for aramo

Browse source
This commit is contained in:
Ark74 2026-01-17 18:56:47 -06:00
parent 92fef42cd6
commit 17ba0259bf
3382 changed files with 457689 additions and 569094 deletions
Download patch file Download diff file Expand all files Collapse all files

17
icecat/devtools/client/netmonitor/test/browser_net_copy_as_curl.js
View file

@ -26,17 +26,17 @@ add_task(async function () {
? [
{
menuItemId: "request-list-context-copy-as-curl-win",
data: buildTestData(QUOTE_WIN),
data: buildTestData(QUOTE_WIN, true),
},
{
menuItemId: "request-list-context-copy-as-curl-posix",
data: buildTestData(QUOTE_POSIX),
data: buildTestData(QUOTE_POSIX, false),
},
]
: [
{
menuItemId: "request-list-context-copy-as-curl",
data: buildTestData(QUOTE_POSIX),
data: buildTestData(QUOTE_POSIX, false),
},
];
@ -45,7 +45,7 @@ add_task(async function () {
await teardown(monitor);
});
function buildTestData(QUOTE) {
function buildTestData(QUOTE, isWin) {
// Quote a string, escape the quotes inside the string
function quote(str) {
return QUOTE + str.replace(new RegExp(QUOTE, "g"), `\\${QUOTE}`) + QUOTE;
@ -56,9 +56,11 @@ function buildTestData(QUOTE) {
return "-H " + quote(h);
}
const CMD = isWin ? "curl.exe " : "curl ";
// Construct the expected command
const SIMPLE_BASE = ["curl " + quote(HTTPS_SIMPLE_SJS)];
const SLOW_BASE = ["curl " + quote(HTTPS_SLOW_SJS)];
const SIMPLE_BASE = [CMD + quote(HTTPS_SIMPLE_SJS)];
const SLOW_BASE = [CMD + quote(HTTPS_SLOW_SJS)];
const BASE_RESULT = [
"--compressed",
header("User-Agent: " + navigator.userAgent),
@ -220,8 +222,9 @@ async function testForPlatform(tab, monitor, testData) {
// This monster regexp parses the command line into an array of arguments,
// recognizing quoted args with matching quotes and escaped quotes inside:
// [ "curl.exe 'url'", "--standalone-arg", "-arg-with-quoted-string 'value\'s'" ]
// [ "curl 'url'", "--standalone-arg", "-arg-with-quoted-string 'value\'s'" ]
const matchRe = /[-A-Za-z1-9]+(?: ([\^\\"']+)(?:\\\1|.)*?\1)?/g;
const matchRe = /[-\.A-Za-z1-9]+(?: ([\^\"']+)(?:\\\1|.)*?\1)?/g;
const actual = result.match(matchRe);
// Must begin with the same "curl 'URL'" segment

59
icecat/devtools/client/netmonitor/test/browser_net_curl-utils.js
View file

@ -153,7 +153,7 @@ function testDataArgumentOnGeneratedCommand(data) {
}
function testDataEscapeOnGeneratedCommand(data) {
const paramsWin = `--data-raw ^"{\\"param1\\":\\"value1\\",\\"param2\\":\\"value2\\"}^"`;
const paramsWin = `--data-raw ^"^{^\\^"param1^\\^":^\\^"value1^\\^",^\\^"param2^\\^":^\\^"value2^\\^"^}^`;
const paramsPosix = `--data-raw '{"param1":"value1","param2":"value2"}'`;
let curlCommand = Curl.generateCommand(data, "WINNT");
@ -209,13 +209,13 @@ function testRemoveBinaryDataFromMultipartText(data) {
'^"',
boundary,
"^\u000A\u000A",
'Content-Disposition: form-data; name=\\"param1\\"',
'Content-Disposition: form-data; name=^\\^"param1^\\^"',
"^\u000A\u000A^\u000A\u000A",
"value1",
"^\u000A\u000A",
boundary,
"^\u000A\u000A",
'Content-Disposition: form-data; name=\\"file\\"; filename=\\"filename.png\\"',
'Content-Disposition: form-data; name=^\\^"file^\\^"; filename=^\\^"filename.png^\\^"',
"^\u000A\u000A",
"Content-Type: image/png",
"^\u000A\u000A^\u000A\u000A",
@ -269,7 +269,14 @@ function testEscapeStringPosix() {
const escapeChar = "'!ls:q:gs|ls|;ping 8.8.8.8;|";
is(
CurlUtils.escapeStringPosix(escapeChar),
"$'\\'\\041ls:q:gs^|ls^|;ping 8.8.8.8;^|'",
"$'\\'\\041ls:q:gs|ls|;ping 8.8.8.8;|'",
"'!' should be escaped."
);
const escapeBangOnlyChar = "!";
is(
CurlUtils.escapeStringPosix(escapeBangOnlyChar),
"$'\\041'",
"'!' should be escaped."
);
@ -295,49 +302,34 @@ function testEscapeStringPosix() {
"$'\\xc3\\xa6 \\xc3\\xb8 \\xc3\\xbc \\xc3\\x9f \\xc3\\xb6 \\xc3\\xa9'",
"Character codes outside of the decimal range 32 - 126 should be escaped."
);
// Assert that ampersands are correctly escaped in case its tried to run on Windows
const evilCommand = `query=evil\n\ncmd & calc.exe\n\n`;
is(
CurlUtils.escapeStringPosix(evilCommand),
"$'query=evil\\n\\ncmd ^& calc.exe\\n\\n'",
"The evil command is escaped properly"
);
const str = "EvilHeader: &calc.exe&";
is(
CurlUtils.escapeStringPosix(str),
"'EvilHeader: ^&calc.exe^&'",
"The evil command is escaped properly"
);
}
function testEscapeStringWin() {
const surroundedWithDoubleQuotes = "A simple string";
is(
CurlUtils.escapeStringWin(surroundedWithDoubleQuotes),
'^"A simple string^"',
'^\"A simple string^\"',
"The string should be surrounded with double quotes."
);
const doubleQuotes = 'Quote: "Time is an illusion. Lunchtime doubly so."';
is(
CurlUtils.escapeStringWin(doubleQuotes),
'^"Quote: \\"Time is an illusion. Lunchtime doubly so.\\"^"',
'^\"Quote: ^\\^\"Time is an illusion. Lunchtime doubly so.^\\^\"^\"',
"Double quotes should be escaped."
);
const percentSigns = "%TEMP% %@foo% %2XX% %_XX% %?XX%";
is(
CurlUtils.escapeStringWin(percentSigns),
'^"^%^TEMP^% ^%^@foo^% ^%^2XX^% ^%^_XX^% ^%?XX^%^"',
'^\"^%^TEMP^% ^%^@foo^% ^%^2XX^% ^%^_XX^% ^%?XX^%^\"',
"Percent signs should be escaped."
);
const backslashes = "\\A simple string\\";
is(
CurlUtils.escapeStringWin(backslashes),
'^"\\\\A simple string\\\\^"',
'^\"^\\A simple string^\\^\"',
"Backslashes should be escaped."
);
@ -351,23 +343,38 @@ function testEscapeStringWin() {
const dollarSignCommand = "$(calc.exe)";
is(
CurlUtils.escapeStringWin(dollarSignCommand),
'^"\\$(calc.exe)^"',
'^\"^$(calc.exe)^\"',
"Dollar sign should be escaped."
);
const tickSignCommand = "`$(calc.exe)";
is(
CurlUtils.escapeStringWin(tickSignCommand),
'^"\\`\\$(calc.exe)^"',
'^\"`^$(calc.exe)^\"',
"Both the tick and dollar signs should be escaped."
);
const evilCommand = `query=evil\r\rcmd" /c timeout /t 3 & calc.exe\r\r`;
is(
CurlUtils.escapeStringWin(evilCommand),
'^\"query=evil^\n\n^\n\ncmd\\\" /c timeout /t 3 & calc.exe^\n\n^\n\n^\"',
'^\"query=evil^\n\n^\n\ncmd^\\^\" /c timeout /t 3 ^& calc.exe^\n\n^\n\n^\"',
"The evil command is escaped properly"
);
// Control characters https://www.ascii-code.com/characters/control-characters
const containsControlChars = " - \u0007 \u0010 \u0014 \u001B \x1a - ";
is(
CurlUtils.escapeStringWin(containsControlChars),
'^\" - \u0007 \u0010 \u0014 \u001b \u001a - ^\"',
"Control characters should not be escaped with ^."
);
const controlCharsWithWhitespaces = " -\tcalc.exe\f- ";
is(
CurlUtils.escapeStringWin(controlCharsWithWhitespaces),
'^\" - calc.exe - ^\"',
"Control (non-printable) characters which are whitespace like charaters e.g (tab & form feed)"
);
}
async function createCurlData(selected, getLongString, requestData) {

41
icecat/devtools/client/shared/curl.js
View file

@ -160,16 +160,15 @@ const Curl = {
// Format with line breaks if the command has more than 2 parts
// e.g
// Command with 2 parts - curl https://foo.com
// Command with 2 parts - curl https://foo.com
// Commands with more than 2 parts -
// curl https://foo.com
// -X POST
// -H "Accept : */*"
// -H "accept-language: en-US"
const joinStr = currentPlatform === "WINNT" ? " ^\n " : " \\\n ";
return (
"curl " + commandParts.join(commandParts.length >= 3 ? joinStr : " ")
);
const CMD = currentPlatform == "WINNT" ? "curl.exe " : "curl ";
return CMD + commandParts.join(commandParts.length >= 3 ? joinStr : " ");
},
};
@ -421,10 +420,9 @@ const CurlUtils = {
return "\\u" + ("0000" + code).substr(code.length, 4);
}
// Escape & and |, which are special characters on Windows.
const winSpecialCharsRegEx = /([&\|])/g;
if (/[^\x20-\x7E]|\'/.test(str)) {
// Escape characters which are not within the charater range
// SPACE to "~"(char codes 32 - 126), the `!` (code 33) and '(code 39);
if (/[^\x20-\x7E]|!|\'/.test(str)) {
// Use ANSI-C quoting syntax.
return (
"$'" +
@ -434,14 +432,13 @@ const CurlUtils = {
.replace(/\n/g, "\\n")
.replace(/\r/g, "\\r")
.replace(/!/g, "\\041")
.replace(winSpecialCharsRegEx, "^$1")
.replace(/[^\x20-\x7E]/g, escapeCharacter) +
"'"
);
}
// Use single quote syntax.
return "'" + str.replace(winSpecialCharsRegEx, "^$1") + "'";
return "'" + str + "'";
},
/**
@ -453,24 +450,22 @@ const CurlUtils = {
Because cmd.exe parser and MS Crt arguments parsers use some of the
same escape characters, they can interact with each other in
horrible ways, the order of operations is critical.
Also see https://ss64.com/nt/syntax-esc.html for details on
escaping characters on Windows.
*/
const encapsChars = '^"';
return (
encapsChars +
str
// Replace \ with \\ first because it is an escape character for certain
// conditions in both parsers.
.replace(/\\/g, "\\\\")
// Escape double quotes with double slashes.
// Replace all " with \" to ensure the first parser does not remove it.
.replace(/"/g, '\\"')
// Escape ` and $ so commands do not get executed e.g $(calc.exe) or `\$(calc.exe)
.replace(/[`$]/g, "\\$&")
// Then escape all characters we are not sure about with ^ to ensure it
// gets to MS Crt parser safely.
.replace(/[^a-zA-Z0-9\s_\-:=+~\/.',?;()*\$&\\{}\"`]/g, "^$&")
// Note: Also do not escape unicode control (C) non-printable characters
// https://www.compart.com/en/unicode/category (this is captured with `\p{C}` and the `u` unicode flag)
.replace(/[^-a-zA-Z0-9\s_:=+~\/.',?;()*`\p{C}]/gu, "^$&")
// The % character is special because MS Crt parser will try and look for
// ENV variables and fill them in its place. We cannot escape them with %
@ -481,6 +476,14 @@ const CurlUtils = {
// by the previous replace.
.replace(/%(?=[a-zA-Z0-9_])/g, "%^")
// All other whitespace characters are replaced with a single space, as there
// is no way to enter their literal values in a command line, and they do break
// the command allowing for injection.
// Since want to keep line breaks, we need to exclude them in the regex (`[^\r\n]`),
// and use double negations to get the other whitespace chars (`[^\S]` translates
// to "not not whitespace")
.replace(/[^\S\r\n]/g, " ")
// Lastly we replace new lines with ^ and TWO new lines because the first
// new line is there to enact the escape command the second is the character
// to escape (in this case new line).

11
icecat/devtools/client/shared/test/xpcshell/test_curl.js
View file

@ -347,9 +347,7 @@ const QUOTE = isWin() ? '^"' : "'";
function quote(str) {
let escaped;
if (isWin()) {
escaped = str
.replace(new RegExp(QUOTE, "g"), `${QUOTE}${QUOTE}`)
.replace(/"/g, '\\"');
escaped = str.replace(new RegExp('"', "g"), `^\\${QUOTE}`);
} else {
escaped = str.replace(new RegExp(QUOTE, "g"), `\\${QUOTE}`);
}
@ -358,10 +356,10 @@ function quote(str) {
function escapeNewline(txt) {
if (isWin()) {
// Replace new lines with ^ and TWO new lines because the first
// For windows we replace new lines with ^ and TWO new lines because the first
// new line is there to enact the escape command the second is the character
// to escape (in this case new line).
return txt.replace(/\r?\n/g, "^\n\n");
return txt.replace(/\r?\n|\r/g, "^\n\n");
}
return txt.replace(/\r/g, "\\r").replace(/\n/g, "\\n");
}
@ -396,7 +394,8 @@ function inParams(curlParams, param) {
function parseCurl(curlCmd) {
// This monster regexp parses the command line into an array of arguments,
// recognizing quoted args with matching quotes and escaped quotes inside:
// [ "curl.exe 'url'", "--standalone-arg", "-arg-with-quoted-string 'value\'s'" ]
// [ "curl 'url'", "--standalone-arg", "-arg-with-quoted-string 'value\'s'" ]
const matchRe = /[-A-Za-z1-9]+(?: ([\^\\"']+)(?:\\\1|.)*?\1)?/g;
const matchRe = /[-\.A-Za-z1-9]+(?: ([\^\"']+)(?:\\\1|.)*?\1)?/g;
return curlCmd.match(matchRe);
}