Bug 1389251 - Do not escape spaces in nsSimpleURI r=bz

This change makes nsEscape::T_EscapeURL not escape spaces when passed esc_OnlyNonASCII.
This fixes a web-compat issue for URLs such as "javascript: alert('hello');" and the fact that data: URIs with spaces around MIME type are rejected.

MozReview-Commit-ID: 91Qw9foW6Y3

--HG--
extra : rebase_source : 2da1b5f305ca2abcce2f9988cd6a5cbc12635c61

browser/components/sessionstore/test/browser_formdata.js

@@ -62,7 +62,7 @@ add_task(async function test_formdata() {
  * before doing so.
  */
 add_task(async function test_url_check() {
-  const URL = "data:text/html;charset=utf-8,<input%20id=input>";
+  const URL = "data:text/html;charset=utf-8,<input id=input>";
   const VALUE = "value-" + Math.random();
 
   // Create a tab with an iframe containing an input field.
@@ -104,7 +104,7 @@ add_task(async function test_nested() {
   const FORM_DATA = {
     children: [{
       xpath: {"/xhtml:html/xhtml:body/xhtml:input": "m"},
-      url: "data:text/html;charset=utf-8,<input%20autofocus=true>"
+      url: "data:text/html;charset=utf-8,<input autofocus=true>"
     }]
   };
 

dom/url/tests/test_url.html

@@ -479,7 +479,7 @@
     // we don't implement a spec-compliant parser yet.
     // make sure we are bug compatible with existing implementations.
     url = new URL("data:text/html,<a href=\"http://example.org/?q\">Link</a>");
-    is(url.href, "data:text/html,<a%20href=\"http://example.org/?q\">Link</a>");
+    is(url.href, "data:text/html,<a href=\"http://example.org/?q\">Link</a>");
   </script>
 
   <script>

netwerk/test/unit/test_URIs.js

@@ -53,12 +53,18 @@ var gTests = [
     pathQueryRef: "text/html;charset=utf-8,<html></html>",
     ref:     "",
     nsIURL:  false, nsINestedURI: false },
-  { spec:    "data:text/plain,hello world",
+  { spec:    "data:text/plain,hello%20world",
     scheme:  "data",
     prePath: "data:",
     pathQueryRef: "text/plain,hello%20world",
     ref:     "",
     nsIURL:  false, nsINestedURI: false },
+  { spec:    "data:text/plain,hello world",
+    scheme:  "data",
+    prePath: "data:",
+    pathQueryRef: "text/plain,hello world",
+    ref:     "",
+    nsIURL:  false, nsINestedURI: false },
   { spec:    "file:///dir/afile",
     scheme:  "data",
     prePath: "data:",
@@ -194,7 +200,7 @@ var gTests = [
   { spec:    "javascript:new Date()",
     scheme:  "javascript",
     prePath: "javascript:",
-    pathQueryRef: "new%20Date()",
+    pathQueryRef: "new Date()",
     ref:     "",
     nsIURL:  false, nsINestedURI: false },
   { spec:    "blob:123456",

testing/web-platform/meta/fetch/data-urls/processing.any.js.ini

@@ -5,9 +5,6 @@
   ["data://test:test/,X"]
     expected: FAIL
 
-  ["data:text/plain ,X"]
-    expected: FAIL
-
   ["data:;x=x;charset=x,X"]
     expected: FAIL
 
@@ -29,9 +26,6 @@
   ["data:%00,%FF"]
     expected: FAIL
 
-  ["data:text/html  ,X"]
-    expected: FAIL
-
   ["data:text / html,X"]
     expected: FAIL
 
@@ -115,9 +109,6 @@
   ["data://test:test/,X"]
     expected: FAIL
 
-  ["data:text/plain ,X"]
-    expected: FAIL
-
   ["data:;x=x;charset=x,X"]
     expected: FAIL
 
@@ -139,9 +130,6 @@
   ["data:%00,%FF"]
     expected: FAIL
 
-  ["data:text/html  ,X"]
-    expected: FAIL
-
   ["data:text / html,X"]
     expected: FAIL
 

testing/web-platform/meta/url/url-constructor.html.ini

@@ -1,7 +1,4 @@
 [url-constructor.html]
-  [Parsing: <a:\t foo.com> against <http://example.org/foo/bar>]
-    expected: FAIL
-
   [Parsing: <foo://> against <http://example.org/foo/bar>]
     expected: FAIL
 
@@ -215,9 +212,6 @@
   [Parsing: <..> against <file:///C:/>]
     expected: FAIL
 
-  [Parsing: <lolscheme:x x#x x> against <about:blank>]
-    expected: FAIL
-
   [Parsing: <file://example:1/> against <about:blank>]
     expected: FAIL
 

xpcom/io/nsEscape.cpp

@@ -356,11 +356,10 @@ T_EscapeURL(const typename T::char_type* aPart, size_t aPartLen,
     // And, we should escape the '|' character when it occurs after any
     // non-ASCII character as it may be aPart of a multi-byte character.
     //
-    // 0x20..0x7e are the valid ASCII characters. We also escape spaces
+    // 0x20..0x7e are the valid ASCII characters.
-    // (0x20) since they are not legal in URLs.
     if ((dontNeedEscape(c, aFlags) || (c == HEX_ESCAPE && !forced)
          || (c > 0x7f && ignoreNonAscii)
-         || (c > 0x20 && c < 0x7f && ignoreAscii))
+         || (c >= 0x20 && c < 0x7f && ignoreAscii))
         && !(c == ':' && colon)
         && !(previousIsNonASCII && c == '|' && !ignoreNonAscii)) {
       if (writing) {