From 03184aeabb3e5f70aa9e66fd279b0285b810a830 Mon Sep 17 00:00:00 2001
From: Andreu Botella <abb@randomunok.com>
Date: Thu, 3 Jun 2021 20:48:09 +0200
Subject: [PATCH] fix(fetch): implement newline normalization and escapes in
 the multipart/form-data serializer (#10832)

---
 extensions/fetch/21_formdata.js | 37 ++++++++++++++++++++++++++++++---
 tools/wpt/expectation.json      | 12 ++---------
 2 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/extensions/fetch/21_formdata.js b/extensions/fetch/21_formdata.js
index db4cfafa35..7b519ddc2a 100644
--- a/extensions/fetch/21_formdata.js
+++ b/extensions/fetch/21_formdata.js
@@ -323,11 +323,13 @@
       filename,
       type,
     ) {
+      const escapedField = this.#headerEscape(field);
+      const escapedFilename = this.#headerEscape(filename, true);
       /** @type {[string, string][]} */
       const headers = [
         [
           "Content-Disposition",
-          `form-data; name="${field}"; filename="${filename}"`,
+          `form-data; name="${escapedField}"; filename="${escapedFilename}"`,
         ],
         ["Content-Type", type || "application/octet-stream"],
       ];
@@ -340,7 +342,10 @@
      */
     #writeFieldHeaders(field) {
       /** @type {[string, string][]} */
-      const headers = [["Content-Disposition", `form-data; name="${field}"`]];
+      const headers = [[
+        "Content-Disposition",
+        `form-data; name="${this.#headerEscape(field)}"`,
+      ]];
       return this.#writeHeaders(headers);
     }
 
@@ -351,7 +356,7 @@
      */
     #writeField(field, value) {
       this.#writeFieldHeaders(field);
-      this.chunks.push(encoder.encode(value));
+      this.chunks.push(encoder.encode(this.#normalizeNewlines(value)));
     }
 
     /**
@@ -363,6 +368,32 @@
       this.#writeFileHeaders(field, value.name, value.type);
       this.chunks.push(value[_byteSequence]);
     }
+
+    /**
+     * @param {string} string
+     * @returns {string}
+     */
+    #normalizeNewlines(string) {
+      return string.replace(/\r(?!\n)|(?<!\r)\n/g, "\r\n");
+    }
+
+    /**
+     * Performs the percent-escaping and the normalization required for field
+     * names and filenames in Content-Disposition headers.
+     * @param {string} name
+     * @param {boolean} isFilename Whether we are encoding a filename. This
+     * skips the newline normalization that takes place for field names.
+     * @returns {string}
+     */
+    #headerEscape(name, isFilename = false) {
+      if (!isFilename) {
+        name = this.#normalizeNewlines(name);
+      }
+      return name
+        .replaceAll("\n", "%0A")
+        .replaceAll("\r", "%0D")
+        .replaceAll('"', "%22");
+    }
   }
 
   /**
diff --git a/tools/wpt/expectation.json b/tools/wpt/expectation.json
index a18e16b8fa..f12aa16fd9 100644
--- a/tools/wpt/expectation.json
+++ b/tools/wpt/expectation.json
@@ -990,16 +990,8 @@
     },
     "file": {
       "File-constructor.any.html": true,
-      "send-file-formdata-controls.any.html": [
-        "Upload file-for-upload-in-form-LF-[\n].txt (ASCII) in fetch with FormData",
-        "Upload file-for-upload-in-form-LF-CR-[\n\r].txt (ASCII) in fetch with FormData",
-        "Upload file-for-upload-in-form-CR-[\r].txt (ASCII) in fetch with FormData",
-        "Upload file-for-upload-in-form-CR-LF-[\r\n].txt (ASCII) in fetch with FormData"
-      ],
-      "send-file-formdata-punctuation.any.html": [
-        "Upload file-for-upload-in-form-QUOTATION-MARK-[\"].txt (ASCII) in fetch with FormData",
-        "Upload \"file-for-upload-in-form-double-quoted.txt\" (ASCII) in fetch with FormData"
-      ],
+      "send-file-formdata-controls.any.html": true,
+      "send-file-formdata-punctuation.any.html": true,
       "send-file-formdata-utf-8.any.html": true,
       "send-file-formdata.any.html": true
     },