search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1867190 - Add prefs for PHC probablities r=glandium
[gecko.git] / xpcom / io / nsEscape.cpp
blobf211ea28096b3f24c66bc4ea8aeb55fa35b20f98
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "nsEscape.h"
8
9 #include "mozilla/ArrayUtils.h"
10 #include "mozilla/BinarySearch.h"
11 #include "mozilla/CheckedInt.h"
12 #include "mozilla/TextUtils.h"
13 #include "nsTArray.h"
14 #include "nsCRT.h"
15 #include "nsASCIIMask.h"
16
17 static const char hexCharsUpper[] = "0123456789ABCDEF";
18 static const char hexCharsUpperLower[] = "0123456789ABCDEFabcdef";
19
20 static const unsigned char netCharType[256] =
21 // clang-format off
22 /* Bit 0 xalpha -- the alphas
23 ** Bit 1 xpalpha -- as xalpha but
24 ** converts spaces to plus and plus to %2B
25 ** Bit 3 ... path -- as xalphas but doesn't escape '/'
26 ** Bit 4 ... NSURL-ref -- extra encoding for Apple NSURL compatibility.
27 ** This encoding set is used on encoded URL ref
28 ** components before converting a URL to an NSURL
29 ** so we don't include '%' to avoid double encoding.
30 */
31 /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
32 { 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, /* 0x */
33 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0, /* 1x */
34 /* ! " # $ % & ' ( ) * + , - . / */
35 0x0,0x8,0x0,0x0,0x8,0x8,0x8,0x8,0x8,0x8,0xf,0xc,0x8,0xf,0xf,0xc, /* 2x */
36 /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
37 0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0x8,0x8,0x0,0x8,0x0,0x8, /* 3x */
38 /* @ A B C D E F G H I J K L M N O */
39 0x8,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf, /* 4x */
40 /* bits for '@' changed from 7 to 0 so '@' can be escaped */
41 /* in usernames and passwords in publishing. */
42 /* P Q R S T U V W X Y Z [ \ ] ^ _ */
43 0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0x0,0x0,0x0,0x0,0xf, /* 5x */
44 /* ` a b c d e f g h i j k l m n o */
45 0x0,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf, /* 6x */
46 /* p q r s t u v w x y z { | } ~ DEL */
47 0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0xf,0x0,0x0,0x0,0x8,0x0, /* 7x */
48 0x0,
49 };
50
51 /* decode % escaped hex codes into character values
52 */
53 #define UNHEX(C) \
54 ((C >= '0' && C <= '9') ? C - '0' : \
55 ((C >= 'A' && C <= 'F') ? C - 'A' + 10 : \
56 ((C >= 'a' && C <= 'f') ? C - 'a' + 10 : 0)))
57 // clang-format on
58
59 #define IS_OK(C) (netCharType[((unsigned char)(C))] & (aFlags))
60 #define HEX_ESCAPE '%'
61
62 static const uint32_t ENCODE_MAX_LEN = 6; // %uABCD
63
64 static uint32_t AppendPercentHex(char* aBuffer, unsigned char aChar) {
65 uint32_t i = 0;
66 aBuffer[i++] = '%';
67 aBuffer[i++] = hexCharsUpper[aChar >> 4]; // high nibble
68 aBuffer[i++] = hexCharsUpper[aChar & 0xF]; // low nibble
69 return i;
70 }
71
72 static uint32_t AppendPercentHex(char16_t* aBuffer, char16_t aChar) {
73 uint32_t i = 0;
74 aBuffer[i++] = '%';
75 if (aChar & 0xff00) {
76 aBuffer[i++] = 'u';
77 aBuffer[i++] = hexCharsUpper[aChar >> 12]; // high-byte high nibble
78 aBuffer[i++] = hexCharsUpper[(aChar >> 8) & 0xF]; // high-byte low nibble
79 }
80 aBuffer[i++] = hexCharsUpper[(aChar >> 4) & 0xF]; // low-byte high nibble
81 aBuffer[i++] = hexCharsUpper[aChar & 0xF]; // low-byte low nibble
82 return i;
83 }
84
85 //----------------------------------------------------------------------------------------
86 char* nsEscape(const char* aStr, size_t aLength, size_t* aOutputLength,
87 nsEscapeMask aFlags)
88 //----------------------------------------------------------------------------------------
89 {
90 if (!aStr) {
91 return nullptr;
92 }
93
94 size_t charsToEscape = 0;
95
96 const unsigned char* src = (const unsigned char*)aStr;
97 for (size_t i = 0; i < aLength; ++i) {
98 if (!IS_OK(src[i])) {
99 charsToEscape++;
100 }
101 }
102
103 // calculate how much memory should be allocated
104 // original length + 2 bytes for each escaped character + terminating '\0'
105 // do the sum in steps to check for overflow
106 size_t dstSize = aLength + 1 + charsToEscape;
107 if (dstSize <= aLength) {
108 return nullptr;
109 }
110 dstSize += charsToEscape;
111 if (dstSize < aLength) {
112 return nullptr;
113 }
114
115 // fail if we need more than 4GB
116 if (dstSize > UINT32_MAX) {
117 return nullptr;
118 }
119
120 char* result = (char*)moz_xmalloc(dstSize);
121
122 unsigned char* dst = (unsigned char*)result;
123 if (aFlags == url_XPAlphas) {
124 for (size_t i = 0; i < aLength; ++i) {
125 unsigned char c = *src++;
126 if (IS_OK(c)) {
127 *dst++ = c;
128 } else if (c == ' ') {
129 *dst++ = '+'; /* convert spaces to pluses */
130 } else {
131 *dst++ = HEX_ESCAPE;
132 *dst++ = hexCharsUpper[c >> 4]; /* high nibble */
133 *dst++ = hexCharsUpper[c & 0x0f]; /* low nibble */
134 }
135 }
136 } else {
137 for (size_t i = 0; i < aLength; ++i) {
138 unsigned char c = *src++;
139 if (IS_OK(c)) {
140 *dst++ = c;
141 } else {
142 *dst++ = HEX_ESCAPE;
143 *dst++ = hexCharsUpper[c >> 4]; /* high nibble */
144 *dst++ = hexCharsUpper[c & 0x0f]; /* low nibble */
145 }
146 }
147 }
148
149 *dst = '\0'; /* tack on eos */
150 if (aOutputLength) {
151 *aOutputLength = dst - (unsigned char*)result;
152 }
153
154 return result;
155 }
156
157 //----------------------------------------------------------------------------------------
158 char* nsUnescape(char* aStr)
159 //----------------------------------------------------------------------------------------
160 {
161 nsUnescapeCount(aStr);
162 return aStr;
163 }
164
165 //----------------------------------------------------------------------------------------
166 int32_t nsUnescapeCount(char* aStr)
167 //----------------------------------------------------------------------------------------
168 {
169 char* src = aStr;
170 char* dst = aStr;
171
172 char c1[] = " ";
173 char c2[] = " ";
174 char* const pc1 = c1;
175 char* const pc2 = c2;
176
177 if (!*src) {
178 // A null string was passed in. Nothing to escape.
179 // Returns early as the string might not actually be mutable with
180 // length 0.
181 return 0;
182 }
183
184 while (*src) {
185 c1[0] = *(src + 1);
186 if (*(src + 1) == '\0') {
187 c2[0] = '\0';
188 } else {
189 c2[0] = *(src + 2);
190 }
191
192 if (*src != HEX_ESCAPE || strpbrk(pc1, hexCharsUpperLower) == nullptr ||
193 strpbrk(pc2, hexCharsUpperLower) == nullptr) {
194 *dst++ = *src++;
195 } else {
196 src++; /* walk over escape */
197 if (*src) {
198 *dst = UNHEX(*src) << 4;
199 src++;
200 }
201 if (*src) {
202 *dst = (*dst + UNHEX(*src));
203 src++;
204 }
205 dst++;
206 }
207 }
208
209 *dst = 0;
210 return (int)(dst - aStr);
211
212 } /* NET_UnEscapeCnt */
213
214 void nsAppendEscapedHTML(const nsACString& aSrc, nsACString& aDst) {
215 // Preparation: aDst's length will increase by at least aSrc's length. If the
216 // addition overflows, we skip this, which is fine, and we'll likely abort
217 // while (infallibly) appending due to aDst becoming too large.
218 mozilla::CheckedInt<nsACString::size_type> newCapacity = aDst.Length();
219 newCapacity += aSrc.Length();
220 if (newCapacity.isValid()) {
221 aDst.SetCapacity(newCapacity.value());
222 }
223
224 for (auto cur = aSrc.BeginReading(); cur != aSrc.EndReading(); cur++) {
225 if (*cur == '<') {
226 aDst.AppendLiteral("&lt;");
227 } else if (*cur == '>') {
228 aDst.AppendLiteral("&gt;");
229 } else if (*cur == '&') {
230 aDst.AppendLiteral("&amp;");
231 } else if (*cur == '"') {
232 aDst.AppendLiteral("&quot;");
233 } else if (*cur == '\'') {
234 aDst.AppendLiteral("&#39;");
235 } else {
236 aDst.Append(*cur);
237 }
238 }
239 }
240
241 //----------------------------------------------------------------------------------------
242 //
243 // The following table encodes which characters needs to be escaped for which
244 // parts of an URL. The bits are the "url components" in the enum EscapeMask,
245 // see nsEscape.h.
246
247 template <size_t N>
248 static constexpr void AddUnescapedChars(const char (&aChars)[N],
249 uint32_t aFlags,
250 std::array<uint32_t, 256>& aTable) {
251 for (size_t i = 0; i < N - 1; ++i) {
252 aTable[static_cast<unsigned char>(aChars[i])] |= aFlags;
253 }
254 }
255
256 static constexpr std::array<uint32_t, 256> BuildEscapeChars() {
257 constexpr uint32_t kAllModes = esc_Scheme | esc_Username | esc_Password |
258 esc_Host | esc_Directory | esc_FileBaseName |
259 esc_FileExtension | esc_Param | esc_Query |
260 esc_Ref | esc_ExtHandler;
261
262 std::array<uint32_t, 256> table{0};
263
264 // Alphanumerics shouldn't be escaped in all escape modes.
265 AddUnescapedChars("0123456789", kAllModes, table);
266 AddUnescapedChars("ABCDEFGHIJKLMNOPQRSTUVWXYZ", kAllModes, table);
267 AddUnescapedChars("abcdefghijklmnopqrstuvwxyz", kAllModes, table);
268 AddUnescapedChars("!$&()*+,-_~", kAllModes, table);
269
270 // Extra characters which aren't escaped in particular escape modes.
271 AddUnescapedChars(".", esc_Scheme, table);
272 // Note that behavior of esc_Username and esc_Password is the same, so these
273 // could be merged (in the URL spec, both reference the "userinfo encode set"
274 // https://url.spec.whatwg.org/#userinfo-percent-encode-set, so the same
275 // behavior is expected.)
276 // Leaving separate for now to minimize risk, as these are also IDL-exposed
277 // as separate constants.
278 AddUnescapedChars("'.", esc_Username, table);
279 AddUnescapedChars("'.", esc_Password, table);
280 AddUnescapedChars(".", esc_Host, table); // Same as esc_Scheme
281 AddUnescapedChars("'./:;=@[]|", esc_Directory, table);
282 AddUnescapedChars("'.:;=@[]|", esc_FileBaseName, table);
283 AddUnescapedChars("':;=@[]|", esc_FileExtension, table);
284 AddUnescapedChars(".:;=@[\\]^`{|}", esc_Param, table);
285 AddUnescapedChars("./:;=?@[\\]^`{|}", esc_Query, table);
286 AddUnescapedChars("#'./:;=?@[\\]^{|}", esc_Ref, table);
287 AddUnescapedChars("#'./:;=?@[]", esc_ExtHandler, table);
288
289 return table;
290 }
291
292 static constexpr std::array<uint32_t, 256> EscapeChars = BuildEscapeChars();
293
294 static bool dontNeedEscape(unsigned char aChar, uint32_t aFlags) {
295 return EscapeChars[(size_t)aChar] & aFlags;
296 }
297 static bool dontNeedEscape(uint16_t aChar, uint32_t aFlags) {
298 return aChar < EscapeChars.size() ? (EscapeChars[(size_t)aChar] & aFlags)
299 : false;
300 }
301
302 //----------------------------------------------------------------------------------------
303
304 /**
305 * Templated helper for URL escaping a portion of a string.
306 *
307 * @param aPart The pointer to the beginning of the portion of the string to
308 * escape.
309 * @param aPartLen The length of the string to escape.
310 * @param aFlags Flags used to configure escaping. @see EscapeMask
311 * @param aResult String that has the URL escaped portion appended to. Only
312 * altered if the string is URL escaped or |esc_AlwaysCopy| is specified.
313 * @param aDidAppend Indicates whether or not data was appended to |aResult|.
314 * @return NS_ERROR_INVALID_ARG, NS_ERROR_OUT_OF_MEMORY on failure.
315 */
316 template <class T>
317 static nsresult T_EscapeURL(const typename T::char_type* aPart, size_t aPartLen,
318 uint32_t aFlags, const ASCIIMaskArray* aFilterMask,
319 T& aResult, bool& aDidAppend) {
320 typedef nsCharTraits<typename T::char_type> traits;
321 typedef typename traits::unsigned_char_type unsigned_char_type;
322 static_assert(sizeof(*aPart) == 1 || sizeof(*aPart) == 2,
323 "unexpected char type");
324
325 if (!aPart) {
326 MOZ_ASSERT_UNREACHABLE("null pointer");
327 return NS_ERROR_INVALID_ARG;
328 }
329
330 bool forced = !!(aFlags & esc_Forced);
331 bool ignoreNonAscii = !!(aFlags & esc_OnlyASCII);
332 bool ignoreAscii = !!(aFlags & esc_OnlyNonASCII);
333 bool writing = !!(aFlags & esc_AlwaysCopy);
334 bool colon = !!(aFlags & esc_Colon);
335 bool spaces = !!(aFlags & esc_Spaces);
336
337 auto src = reinterpret_cast<const unsigned_char_type*>(aPart);
338
339 typename T::char_type tempBuffer[100];
340 unsigned int tempBufferPos = 0;
341
342 for (size_t i = 0; i < aPartLen; ++i) {
343 unsigned_char_type c = *src++;
344
345 // If there is a filter, we wish to skip any characters which match it.
346 // This is needed so we don't perform an extra pass just to extract the
347 // filtered characters.
348 if (aFilterMask && mozilla::ASCIIMask::IsMasked(*aFilterMask, c)) {
349 if (!writing) {
350 if (!aResult.Append(aPart, i, mozilla::fallible)) {
351 return NS_ERROR_OUT_OF_MEMORY;
352 }
353 writing = true;
354 }
355 continue;
356 }
357
358 // if the char has not to be escaped or whatever follows % is
359 // a valid escaped string, just copy the char.
360 //
361 // Also the % will not be escaped until forced
362 // See bugzilla bug 61269 for details why we changed this
363 //
364 // And, we will not escape non-ascii characters if requested.
365 // On special request we will also escape the colon even when
366 // not covered by the matrix.
367 // ignoreAscii is not honored for control characters (C0 and DEL)
368 //
369 // 0x20..0x7e are the valid ASCII characters.
370 if ((dontNeedEscape(c, aFlags) || (c == HEX_ESCAPE && !forced) ||
371 (c > 0x7f && ignoreNonAscii) ||
372 (c >= 0x20 && c < 0x7f && ignoreAscii)) &&
373 !(c == ':' && colon) && !(c == ' ' && spaces)) {
374 if (writing) {
375 tempBuffer[tempBufferPos++] = c;
376 }
377 } else { /* do the escape magic */
378 if (!writing) {
379 if (!aResult.Append(aPart, i, mozilla::fallible)) {
380 return NS_ERROR_OUT_OF_MEMORY;
381 }
382 writing = true;
383 }
384 uint32_t len = ::AppendPercentHex(tempBuffer + tempBufferPos, c);
385 tempBufferPos += len;
386 MOZ_ASSERT(len <= ENCODE_MAX_LEN, "potential buffer overflow");
387 }
388
389 // Flush the temp buffer if it doesnt't have room for another encoded char.
390 if (tempBufferPos >= mozilla::ArrayLength(tempBuffer) - ENCODE_MAX_LEN) {
391 NS_ASSERTION(writing, "should be writing");
392 if (!aResult.Append(tempBuffer, tempBufferPos, mozilla::fallible)) {
393 return NS_ERROR_OUT_OF_MEMORY;
394 }
395 tempBufferPos = 0;
396 }
397 }
398 if (writing) {
399 if (!aResult.Append(tempBuffer, tempBufferPos, mozilla::fallible)) {
400 return NS_ERROR_OUT_OF_MEMORY;
401 }
402 }
403 aDidAppend = writing;
404 return NS_OK;
405 }
406
407 bool NS_EscapeURL(const char* aPart, int32_t aPartLen, uint32_t aFlags,
408 nsACString& aResult) {
409 size_t partLen;
410 if (aPartLen < 0) {
411 partLen = strlen(aPart);
412 } else {
413 partLen = aPartLen;
414 }
415
416 return NS_EscapeURLSpan(mozilla::Span(aPart, partLen), aFlags, aResult);
417 }
418
419 bool NS_EscapeURLSpan(mozilla::Span<const char> aStr, uint32_t aFlags,
420 nsACString& aResult) {
421 bool appended = false;
422 nsresult rv = T_EscapeURL(aStr.Elements(), aStr.Length(), aFlags, nullptr,
423 aResult, appended);
424 if (NS_FAILED(rv)) {
425 ::NS_ABORT_OOM(aResult.Length() * sizeof(nsACString::char_type));
426 }
427
428 return appended;
429 }
430
431 nsresult NS_EscapeURL(const nsACString& aStr, uint32_t aFlags,
432 nsACString& aResult, const mozilla::fallible_t&) {
433 bool appended = false;
434 nsresult rv = T_EscapeURL(aStr.Data(), aStr.Length(), aFlags, nullptr,
435 aResult, appended);
436 if (NS_FAILED(rv)) {
437 aResult.Truncate();
438 return rv;
439 }
440
441 if (!appended) {
442 aResult = aStr;
443 }
444
445 return rv;
446 }
447
448 nsresult NS_EscapeAndFilterURL(const nsACString& aStr, uint32_t aFlags,
449 const ASCIIMaskArray* aFilterMask,
450 nsACString& aResult,
451 const mozilla::fallible_t&) {
452 bool appended = false;
453 nsresult rv = T_EscapeURL(aStr.Data(), aStr.Length(), aFlags, aFilterMask,
454 aResult, appended);
455 if (NS_FAILED(rv)) {
456 aResult.Truncate();
457 return rv;
458 }
459
460 if (!appended) {
461 if (!aResult.Assign(aStr, mozilla::fallible)) {
462 return NS_ERROR_OUT_OF_MEMORY;
463 }
464 }
465
466 return rv;
467 }
468
469 const nsAString& NS_EscapeURL(const nsAString& aStr, uint32_t aFlags,
470 nsAString& aResult) {
471 bool result = false;
472 nsresult rv = T_EscapeURL<nsAString>(aStr.Data(), aStr.Length(), aFlags,
473 nullptr, aResult, result);
474
475 if (NS_FAILED(rv)) {
476 ::NS_ABORT_OOM(aResult.Length() * sizeof(nsAString::char_type));
477 }
478
479 if (result) {
480 return aResult;
481 }
482 return aStr;
483 }
484
485 // Starting at aStr[aStart] find the first index in aStr that matches any
486 // character that is forbidden by aFunction. Return false if not found.
487 static bool FindFirstMatchFrom(const nsString& aStr, size_t aStart,
488 const std::function<bool(char16_t)>& aFunction,
489 size_t* aIndex) {
490 for (size_t j = aStart, l = aStr.Length(); j < l; ++j) {
491 if (aFunction(aStr[j])) {
492 *aIndex = j;
493 return true;
494 }
495 }
496 return false;
497 }
498
499 const nsAString& NS_EscapeURL(const nsString& aStr,
500 const std::function<bool(char16_t)>& aFunction,
501 nsAString& aResult) {
502 bool didEscape = false;
503 for (size_t i = 0, strLen = aStr.Length(); i < strLen;) {
504 size_t j;
505 if (MOZ_UNLIKELY(FindFirstMatchFrom(aStr, i, aFunction, &j))) {
506 if (i == 0) {
507 didEscape = true;
508 aResult.Truncate();
509 aResult.SetCapacity(aStr.Length());
510 }
511 if (j != i) {
512 // The substring from 'i' up to 'j' that needs no escaping.
513 aResult.Append(nsDependentSubstring(aStr, i, j - i));
514 }
515 char16_t buffer[ENCODE_MAX_LEN];
516 uint32_t bufferLen = ::AppendPercentHex(buffer, aStr[j]);
517 MOZ_ASSERT(bufferLen <= ENCODE_MAX_LEN, "buffer overflow");
518 aResult.Append(buffer, bufferLen);
519 i = j + 1;
520 } else {
521 if (MOZ_UNLIKELY(didEscape)) {
522 // The tail of the string that needs no escaping.
523 aResult.Append(nsDependentSubstring(aStr, i, strLen - i));
524 }
525 break;
526 }
527 }
528 if (MOZ_UNLIKELY(didEscape)) {
529 return aResult;
530 }
531 return aStr;
532 }
533
534 bool NS_UnescapeURL(const char* aStr, int32_t aLen, uint32_t aFlags,
535 nsACString& aResult) {
536 bool didAppend = false;
537 nsresult rv =
538 NS_UnescapeURL(aStr, aLen, aFlags, aResult, didAppend, mozilla::fallible);
539 if (rv == NS_ERROR_OUT_OF_MEMORY) {
540 ::NS_ABORT_OOM(aLen * sizeof(nsACString::char_type));
541 }
542
543 return didAppend;
544 }
545
546 nsresult NS_UnescapeURL(const char* aStr, int32_t aLen, uint32_t aFlags,
547 nsACString& aResult, bool& aDidAppend,
548 const mozilla::fallible_t&) {
549 if (!aStr) {
550 MOZ_ASSERT_UNREACHABLE("null pointer");
551 return NS_ERROR_INVALID_ARG;
552 }
553
554 MOZ_ASSERT(aResult.IsEmpty(),
555 "Passing a non-empty string as an out parameter!");
556
557 uint32_t len;
558 if (aLen < 0) {
559 size_t stringLength = strlen(aStr);
560 if (stringLength >= UINT32_MAX) {
561 return NS_ERROR_OUT_OF_MEMORY;
562 }
563 len = stringLength;
564 } else {
565 len = aLen;
566 }
567
568 bool ignoreNonAscii = !!(aFlags & esc_OnlyASCII);
569 bool ignoreAscii = !!(aFlags & esc_OnlyNonASCII);
570 bool writing = !!(aFlags & esc_AlwaysCopy);
571 bool skipControl = !!(aFlags & esc_SkipControl);
572 bool skipInvalidHostChar = !!(aFlags & esc_Host);
573
574 unsigned char* destPtr;
575 uint32_t destPos;
576
577 if (writing) {
578 if (!aResult.SetLength(len, mozilla::fallible)) {
579 return NS_ERROR_OUT_OF_MEMORY;
580 }
581 destPos = 0;
582 destPtr = reinterpret_cast<unsigned char*>(aResult.BeginWriting());
583 }
584
585 const char* last = aStr;
586 const char* end = aStr + len;
587
588 for (const char* p = aStr; p < end; ++p) {
589 if (*p == HEX_ESCAPE && p + 2 < end) {
590 unsigned char c1 = *((unsigned char*)p + 1);
591 unsigned char c2 = *((unsigned char*)p + 2);
592 unsigned char u = (UNHEX(c1) << 4) + UNHEX(c2);
593 if (mozilla::IsAsciiHexDigit(c1) && mozilla::IsAsciiHexDigit(c2) &&
594 (!skipInvalidHostChar || dontNeedEscape(u, aFlags) || c1 >= '8') &&
595 ((c1 < '8' && !ignoreAscii) || (c1 >= '8' && !ignoreNonAscii)) &&
596 !(skipControl &&
597 (c1 < '2' || (c1 == '7' && (c2 == 'f' || c2 == 'F'))))) {
598 if (MOZ_UNLIKELY(!writing)) {
599 writing = true;
600 if (!aResult.SetLength(len, mozilla::fallible)) {
601 return NS_ERROR_OUT_OF_MEMORY;
602 }
603 destPos = 0;
604 destPtr = reinterpret_cast<unsigned char*>(aResult.BeginWriting());
605 }
606 if (p > last) {
607 auto toCopy = p - last;
608 memcpy(destPtr + destPos, last, toCopy);
609 destPos += toCopy;
610 MOZ_ASSERT(destPos <= len);
611 last = p;
612 }
613 destPtr[destPos] = u;
614 destPos += 1;
615 MOZ_ASSERT(destPos <= len);
616 p += 2;
617 last += 3;
618 }
619 }
620 }
621 if (writing && last < end) {
622 auto toCopy = end - last;
623 memcpy(destPtr + destPos, last, toCopy);
624 destPos += toCopy;
625 MOZ_ASSERT(destPos <= len);
626 }
627
628 if (writing) {
629 aResult.Truncate(destPos);
630 }
631
632 aDidAppend = writing;
633 return NS_OK;
634 }