Forbid '|' in URL hosts

https://bugs.webkit.org/show_bug.cgi?id=220778 Patch by Alex Christensen <achristensen@webkit.org> on 2021-01-26 Reviewed by Youenn Fablet. LayoutTests/imported/w3c: * web-platform-tests/url/a-element-expected.txt: * web-platform-tests/url/a-element-origin-expected.txt: * web-platform-tests/url/a-element-origin-xhtml-expected.txt: * web-platform-tests/url/a-element-xhtml-expected.txt: * web-platform-tests/url/failure-expected.txt: * web-platform-tests/url/resources/urltestdata.json: * web-platform-tests/url/url-constructor-expected.txt: * web-platform-tests/url/url-origin-expected.txt: Source/WTF: This is one of the proposed solutions to whatwg/url#559 and RFC 3986 and 3987 forbid such characters, so let's try forbidding it. * wtf/URLParser.cpp: (WTF::isC0Control): (WTF::isForbiddenHostCodePoint): LayoutTests: * fast/url/file-http-base-expected.txt: * fast/url/file-http-base.html: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@271899 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Igalia · Jan 26, 2021 · 3d9105f · 3d9105f
1 parent 764d9be
commit 3d9105f
Show file tree

Hide file tree

Showing 14 changed files with 228 additions and 69 deletions.
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2021-01-26  Alex Christensen  <achristensen@webkit.org>
+
+        Forbid '|' in URL hosts
+        https://bugs.webkit.org/show_bug.cgi?id=220778
+
+        Reviewed by Youenn Fablet.
+
+        * fast/url/file-http-base-expected.txt:
+        * fast/url/file-http-base.html:
+
 2021-01-26  Rob Buis  <rbuis@igalia.com>
 
         Resync web-platform-tests/css/css-sizing/aspect-ratio from upstream

diff --git a/LayoutTests/fast/url/file-http-base-expected.txt b/LayoutTests/fast/url/file-http-base-expected.txt
@@ -3,35 +3,35 @@ Canonicalization of file URLs when the base URL is an http URL
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 
 
-FAIL canonicalize('file:c:\\foo\\bar.html') should be file:///C:/foo/bar.html. Was file:///c:/foo/bar.html.
-FAIL canonicalize('  File:c|////foo\\bar.html') should be file:///C:////foo/bar.html. Was file:///c:////foo/bar.html.
+PASS canonicalize('file:c:\\foo\\bar.html') is 'file:///c:/foo/bar.html'
+PASS canonicalize('  File:c|////foo\\bar.html') is 'file:///c:////foo/bar.html'
 PASS canonicalize('file:') is 'file:///'
-FAIL canonicalize('file:UNChost/path') should be file://unchost/path. Was file:///UNChost/path.
-FAIL canonicalize('c:\\foo\\bar') should be file:///C:/foo/bar. Was c:\foo\bar.
-FAIL canonicalize('C|/foo/bar') should be file:///C:/foo/bar. Was http://example.com/mock/C|/foo/bar.
-FAIL canonicalize('/C|\\foo\\bar') should be file:///C:/foo/bar. Was http://example.com/C|/foo/bar.
-FAIL canonicalize('//C|/foo/bar') should be file:///C:/foo/bar. Was http://c|/foo/bar.
-FAIL canonicalize('//server/file') should be file://server/file. Was http://server/file.
-FAIL canonicalize('\\\\server\\file') should be file://server/file. Was http://server/file.
-FAIL canonicalize('/\\server/file') should be file://server/file. Was http://server/file.
-FAIL canonicalize('file:c:foo/bar.html') should be file:///C:/foo/bar.html. Was file:///c:foo/bar.html.
-FAIL canonicalize('file:/\\/\\C:\\\\//foo\\bar.html') should be file:///C:////foo/bar.html. Was file:////C:////foo/bar.html.
+PASS canonicalize('file:UNChost/path') is 'file:///UNChost/path'
+PASS canonicalize('c:\\foo\\bar') is 'c:\\foo\\bar'
+PASS canonicalize('C|/foo/bar') is 'http://example.com/mock/C|/foo/bar'
+PASS canonicalize('/C|\\foo\\bar') is 'http://example.com/C|/foo/bar'
+PASS canonicalize('//C|/foo/bar') is '//C|/foo/bar'
+PASS canonicalize('//server/file') is 'http://server/file'
+PASS canonicalize('\\\\server\\file') is 'http://server/file'
+PASS canonicalize('/\\server/file') is 'http://server/file'
+PASS canonicalize('file:c:foo/bar.html') is 'file:///c:foo/bar.html'
+PASS canonicalize('file:/\\/\\C:\\\\//foo\\bar.html') is 'file:////C:////foo/bar.html'
 PASS canonicalize('file:///foo/bar.txt') is 'file:///foo/bar.txt'
-FAIL canonicalize('FILE:/\\/\\7:\\\\//foo\\bar.html') should be file://7:////foo/bar.html. Was file:////7:////foo/bar.html.
-FAIL canonicalize('file:filer/home\\me') should be file://filer/home/me. Was file:///filer/home/me.
+PASS canonicalize('FILE:/\\/\\7:\\\\//foo\\bar.html') is 'file:////7:////foo/bar.html'
+PASS canonicalize('file:filer/home\\me') is 'file:///filer/home/me'
 PASS canonicalize('file:///C:/foo/../../../bar.html') is 'file:///C:/bar.html'
-FAIL canonicalize('file:///C:/asdf#\xc2') should be file:///C:/asdf#Â. Was file:///C:/asdf#%C3%82.
-FAIL canonicalize('file:///C:/asdf#Â') should be file:///C:/asdf#Â. Was file:///C:/asdf#%C3%82.
+PASS canonicalize('file:///C:/asdf#\xc2') is 'file:///C:/asdf#%C3%82'
+PASS canonicalize('file:///C:/asdf#Â') is 'file:///C:/asdf#%C3%82'
 PASS canonicalize('file:///home/me') is 'file:///home/me'
 PASS canonicalize('file:c:\\foo\\bar.html') is 'file:///c:/foo/bar.html'
-FAIL canonicalize('file:c|//foo\\bar.html') should be file:///c%7C//foo/bar.html. Was file:///c://foo/bar.html.
-FAIL canonicalize('//') should be file:///. Was //.
-FAIL canonicalize('///') should be file:///. Was ///.
-FAIL canonicalize('///test') should be file:///test. Was http://test/.
+PASS canonicalize('file:c|//foo\\bar.html') is 'file:///c://foo/bar.html'
+PASS canonicalize('//') is '//'
+PASS canonicalize('///') is '///'
+PASS canonicalize('///test') is 'http://test/'
 PASS canonicalize('file://test') is 'file://test/'
-FAIL canonicalize('file://localhost') should be file://localhost/. Was file:///.
-FAIL canonicalize('file://localhost/') should be file://localhost/. Was file:///.
-FAIL canonicalize('file://localhost/test') should be file://localhost/test. Was file:///test.
+PASS canonicalize('file://localhost') is 'file:///'
+PASS canonicalize('file://localhost/') is 'file:///'
+PASS canonicalize('file://localhost/test') is 'file:///test'
 PASS successfullyParsed is true
 
 TEST COMPLETE

diff --git a/LayoutTests/fast/url/file-http-base.html b/LayoutTests/fast/url/file-http-base.html
@@ -11,26 +11,26 @@
 
 cases = [ 
     // Windows-style paths
-    ["file:c:\\\\foo\\\\bar.html", "file:///C:/foo/bar.html"],
-    ["  File:c|////foo\\\\bar.html", "file:///C:////foo/bar.html"],
+    ["file:c:\\\\foo\\\\bar.html", "file:///c:/foo/bar.html"],
+    ["  File:c|////foo\\\\bar.html", "file:///c:////foo/bar.html"],
     ["file:", "file:///"],
-    ["file:UNChost/path", "file://unchost/path"],
+    ["file:UNChost/path", "file:///UNChost/path"],
     // CanonicalizeFileURL supports absolute Windows style paths for IE
     // compatability. Note that the caller must decide that this is a file
     // URL itself so it can call the file canonicalizer. This is usually
     // done automatically as part of relative URL resolving.
-    ["c:\\\\foo\\\\bar", "file:///C:/foo/bar"],
-    ["C|/foo/bar", "file:///C:/foo/bar"],
-    ["/C|\\\\foo\\\\bar", "file:///C:/foo/bar"],
-    ["//C|/foo/bar", "file:///C:/foo/bar"],
-    ["//server/file", "file://server/file"],
-    ["\\\\\\\\server\\\\file", "file://server/file"],
-    ["/\\\\server/file", "file://server/file"],
+    ["c:\\\\foo\\\\bar", "c:\\\\foo\\\\bar"],
+    ["C|/foo/bar", "http://example.com/mock/C|/foo/bar"],
+    ["/C|\\\\foo\\\\bar", "http://example.com/C|/foo/bar"],
+    ["//C|/foo/bar", "//C|/foo/bar"],
+    ["//server/file", "http://server/file"],
+    ["\\\\\\\\server\\\\file", "http://server/file"],
+    ["/\\\\server/file", "http://server/file"],
     // We should preserve the number of slashes after the colon for IE
     // compatability, except when there is none, in which case we should
     // add one.
-    ["file:c:foo/bar.html", "file:///C:/foo/bar.html"],
-    ["file:/\\\\/\\\\C:\\\\\\\\//foo\\\\bar.html", "file:///C:////foo/bar.html"],
+    ["file:c:foo/bar.html", "file:///c:foo/bar.html"],
+    ["file:/\\\\/\\\\C:\\\\\\\\//foo\\\\bar.html", "file:////C:////foo/bar.html"],
     // Three slashes should be non-UNC, even if there is no drive spec (IE
     // does this, which makes the resulting request invalid).
     ["file:///foo/bar.txt", "file:///foo/bar.txt"],
@@ -40,27 +40,27 @@
     // "natural" result of the way the canonicalizer is written. There doesn't
     // seem to be a strong argument for why allowing it here would be bad, so
     // we just tolerate it and the load will fail later.
-    ["FILE:/\\\\/\\\\7:\\\\\\\\//foo\\\\bar.html", "file://7:////foo/bar.html"],
-    ["file:filer/home\\\\me", "file://filer/home/me"],
+    ["FILE:/\\\\/\\\\7:\\\\\\\\//foo\\\\bar.html", "file:////7:////foo/bar.html"],
+    ["file:filer/home\\\\me", "file:///filer/home/me"],
     // Make sure relative paths can't go above the "C:"
     ["file:///C:/foo/../../../bar.html", "file:///C:/bar.html"],
     // Busted refs shouldn't make the whole thing fail.
-    ["file:///C:/asdf#\\xc2", "file:///C:/asdf#\\xc2"],
-    ["file:///C:/asdf#\xc2", "file:///C:/asdf#\xc2"],
+    ["file:///C:/asdf#\\xc2", "file:///C:/asdf#%C3%82"],
+    ["file:///C:/asdf#\xc2", "file:///C:/asdf#%C3%82"],
 
     // Unix-style paths
     ["file:///home/me", "file:///home/me"],
     // Windowsy ones should get still treated as Unix-style.
     ["file:c:\\\\foo\\\\bar.html", "file:///c:/foo/bar.html"],
-    ["file:c|//foo\\\\bar.html", "file:///c%7C//foo/bar.html"],
+    ["file:c|//foo\\\\bar.html", "file:///c://foo/bar.html"],
     // file: tests from WebKit (LayoutTests/fast/loader/url-parse-1.html)
-    ["//", "file:///"],
-    ["///", "file:///"],
-    ["///test", "file:///test"],
+    ["//", "//"],
+    ["///", "///"],
+    ["///test", "http://test/"],
     ["file://test", "file://test/"],
-    ["file://localhost",  "file://localhost/"],
-    ["file://localhost/", "file://localhost/"],
-    ["file://localhost/test", "file://localhost/test"],
+    ["file://localhost",  "file:///"],
+    ["file://localhost/", "file:///"],
+    ["file://localhost/test", "file:///test"],
 ];
 
 var originalBaseURL = canonicalize(".");

diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog
@@ -1,3 +1,19 @@
+2021-01-26  Alex Christensen  <achristensen@webkit.org>
+
+        Forbid '|' in URL hosts
+        https://bugs.webkit.org/show_bug.cgi?id=220778
+
+        Reviewed by Youenn Fablet.
+
+        * web-platform-tests/url/a-element-expected.txt:
+        * web-platform-tests/url/a-element-origin-expected.txt:
+        * web-platform-tests/url/a-element-origin-xhtml-expected.txt:
+        * web-platform-tests/url/a-element-xhtml-expected.txt:
+        * web-platform-tests/url/failure-expected.txt:
+        * web-platform-tests/url/resources/urltestdata.json:
+        * web-platform-tests/url/url-constructor-expected.txt:
+        * web-platform-tests/url/url-origin-expected.txt:
+
 2021-01-26  Rob Buis  <rbuis@igalia.com>
 
         Resync web-platform-tests/css/css-sizing/aspect-ratio from upstream

diff --git a/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/url/a-element-expected.txt
@@ -367,8 +367,8 @@ PASS Parsing: <http://a^b> against <about:blank>
 PASS Parsing: <non-special://a<b> against <about:blank>
 PASS Parsing: <non-special://a>b> against <about:blank>
 PASS Parsing: <non-special://a^b> against <about:blank>
-PASS Parsing: <http://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
-PASS Parsing: <sc://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
+PASS Parsing: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>
+PASS Parsing: <sc://!"$&'()*+,-.;=_`{}~/> against <about:blank>
 PASS Parsing: <ftp://example.com%80/> against <about:blank>
 PASS Parsing: <ftp://example.com%A0/> against <about:blank>
 PASS Parsing: <https://example.com%80/> against <about:blank>
@@ -414,6 +414,14 @@ PASS Parsing: <https://0x100000000/test> against <about:blank>
 PASS Parsing: <https://256.0.0.1/test> against <about:blank>
 PASS Parsing: <file:///C%3A/> against <about:blank>
 PASS Parsing: <file:///C%7C/> against <about:blank>
+PASS Parsing: <file://%43%3A> against <about:blank>
+PASS Parsing: <file://%43%7C> against <about:blank>
+PASS Parsing: <file://%43|> against <about:blank>
+PASS Parsing: <file://C%7C> against <about:blank>
+PASS Parsing: <file://%43%7C/> against <about:blank>
+PASS Parsing: <https://%43%7C/> against <about:blank>
+PASS Parsing: <asdf://%43|/> against <about:blank>
+PASS Parsing: <asdf://%43%7C/> against <about:blank>
 PASS Parsing: <pix/submit.gif> against <file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/anchor.html>
 PASS Parsing: <..> against <file:///C:/>
 PASS Parsing: <..> against <file:///>

diff --git a/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt
@@ -263,8 +263,8 @@ FAIL Parsing origin: <wow:%NBD> against <about:blank> assert_equals: origin expe
 FAIL Parsing origin: <wow:%1G> against <about:blank> assert_equals: origin expected "null" but got "wow://"
 FAIL Parsing origin: <wow:> against <about:blank> assert_equals: origin expected "null" but got "wow://"
 PASS Parsing origin: <http://example.com/U+d800�U+dffeU+dfff﷐﷏﷯ﷰ?U+d800�U+dffeU+dfff﷐﷏﷯ﷰ> against <about:blank>
-PASS Parsing origin: <http://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
-FAIL Parsing origin: <sc://!"$&'()*+,-.;=_`{|}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;=_`{|}~"
+PASS Parsing origin: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>
+FAIL Parsing origin: <sc://!"$&'()*+,-.;=_`{}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;=_`{}~"
 PASS Parsing origin: <ftp://%e2%98%83> against <about:blank>
 PASS Parsing origin: <https://%e2%98%83> against <about:blank>
 PASS Parsing origin: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
@@ -297,6 +297,7 @@ PASS Parsing origin: <http://4294967295> against <http://other.com/>
 PASS Parsing origin: <http://0xffffffff> against <http://other.com/>
 PASS Parsing origin: <http://256.256.256.256.256> against <http://other.com/>
 PASS Parsing origin: <https://0x.0x.0> against <about:blank>
+FAIL Parsing origin: <asdf://%43%7C/> against <about:blank> assert_equals: origin expected "null" but got "asdf://%43%7c"
 PASS Parsing origin: <http://[1:0::]> against <http://example.net/>
 FAIL Parsing origin: <sc://ñ> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1"
 FAIL Parsing origin: <sc://ñ?x> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1"

diff --git a/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt
@@ -263,8 +263,8 @@ FAIL Parsing origin: <wow:%NBD> against <about:blank> assert_equals: origin expe
 FAIL Parsing origin: <wow:%1G> against <about:blank> assert_equals: origin expected "null" but got "wow://"
 FAIL Parsing origin: <wow:> against <about:blank> assert_equals: origin expected "null" but got "wow://"
 PASS Parsing origin: <http://example.com/U+d800�U+dffeU+dfff﷐﷏﷯ﷰ?U+d800�U+dffeU+dfff﷐﷏﷯ﷰ> against <about:blank>
-PASS Parsing origin: <http://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
-FAIL Parsing origin: <sc://!"$&'()*+,-.;=_`{|}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;=_`{|}~"
+PASS Parsing origin: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>
+FAIL Parsing origin: <sc://!"$&'()*+,-.;=_`{}~/> against <about:blank> assert_equals: origin expected "null" but got "sc://%1f!\"$&'()*+,-.;=_`{}~"
 PASS Parsing origin: <ftp://%e2%98%83> against <about:blank>
 PASS Parsing origin: <https://%e2%98%83> against <about:blank>
 PASS Parsing origin: <http://127.0.0.1:10100/relative_import.html> against <about:blank>
@@ -297,6 +297,7 @@ PASS Parsing origin: <http://4294967295> against <http://other.com/>
 PASS Parsing origin: <http://0xffffffff> against <http://other.com/>
 PASS Parsing origin: <http://256.256.256.256.256> against <http://other.com/>
 PASS Parsing origin: <https://0x.0x.0> against <about:blank>
+FAIL Parsing origin: <asdf://%43%7C/> against <about:blank> assert_equals: origin expected "null" but got "asdf://%43%7c"
 PASS Parsing origin: <http://[1:0::]> against <http://example.net/>
 FAIL Parsing origin: <sc://ñ> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1"
 FAIL Parsing origin: <sc://ñ?x> against <about:blank> assert_equals: origin expected "null" but got "sc://%c3%b1"

diff --git a/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml-expected.txt
@@ -367,8 +367,8 @@ PASS Parsing: <http://a^b> against <about:blank>
 PASS Parsing: <non-special://a<b> against <about:blank>
 PASS Parsing: <non-special://a>b> against <about:blank>
 PASS Parsing: <non-special://a^b> against <about:blank>
-PASS Parsing: <http://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
-PASS Parsing: <sc://!"$&'()*+,-.;=_`{|}~/> against <about:blank>
+PASS Parsing: <http://!"$&'()*+,-.;=_`{}~/> against <about:blank>
+PASS Parsing: <sc://!"$&'()*+,-.;=_`{}~/> against <about:blank>
 PASS Parsing: <ftp://example.com%80/> against <about:blank>
 PASS Parsing: <ftp://example.com%A0/> against <about:blank>
 PASS Parsing: <https://example.com%80/> against <about:blank>
@@ -414,6 +414,14 @@ PASS Parsing: <https://0x100000000/test> against <about:blank>
 PASS Parsing: <https://256.0.0.1/test> against <about:blank>
 PASS Parsing: <file:///C%3A/> against <about:blank>
 PASS Parsing: <file:///C%7C/> against <about:blank>
+PASS Parsing: <file://%43%3A> against <about:blank>
+PASS Parsing: <file://%43%7C> against <about:blank>
+PASS Parsing: <file://%43|> against <about:blank>
+PASS Parsing: <file://C%7C> against <about:blank>
+PASS Parsing: <file://%43%7C/> against <about:blank>
+PASS Parsing: <https://%43%7C/> against <about:blank>
+PASS Parsing: <asdf://%43|/> against <about:blank>
+PASS Parsing: <asdf://%43%7C/> against <about:blank>
 PASS Parsing: <pix/submit.gif> against <file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/anchor.html>
 PASS Parsing: <..> against <file:///C:/>
 PASS Parsing: <..> against <file:///>

diff --git a/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/url/failure-expected.txt
@@ -268,6 +268,48 @@ PASS XHR: https://256.0.0.1/test should throw
 PASS sendBeacon(): https://256.0.0.1/test should throw
 FAIL Location's href: https://256.0.0.1/test should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
 PASS window.open(): https://256.0.0.1/test should throw
+PASS URL's constructor's base argument: file://%43%3A should throw
+PASS URL's href: file://%43%3A should throw
+PASS XHR: file://%43%3A should throw
+PASS sendBeacon(): file://%43%3A should throw
+FAIL Location's href: file://%43%3A should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): file://%43%3A should throw
+PASS URL's constructor's base argument: file://%43%7C should throw
+PASS URL's href: file://%43%7C should throw
+PASS XHR: file://%43%7C should throw
+PASS sendBeacon(): file://%43%7C should throw
+FAIL Location's href: file://%43%7C should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): file://%43%7C should throw
+PASS URL's constructor's base argument: file://%43| should throw
+PASS URL's href: file://%43| should throw
+PASS XHR: file://%43| should throw
+PASS sendBeacon(): file://%43| should throw
+FAIL Location's href: file://%43| should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): file://%43| should throw
+PASS URL's constructor's base argument: file://C%7C should throw
+PASS URL's href: file://C%7C should throw
+PASS XHR: file://C%7C should throw
+PASS sendBeacon(): file://C%7C should throw
+FAIL Location's href: file://C%7C should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): file://C%7C should throw
+PASS URL's constructor's base argument: file://%43%7C/ should throw
+PASS URL's href: file://%43%7C/ should throw
+PASS XHR: file://%43%7C/ should throw
+PASS sendBeacon(): file://%43%7C/ should throw
+FAIL Location's href: file://%43%7C/ should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): file://%43%7C/ should throw
+PASS URL's constructor's base argument: https://%43%7C/ should throw
+PASS URL's href: https://%43%7C/ should throw
+PASS XHR: https://%43%7C/ should throw
+PASS sendBeacon(): https://%43%7C/ should throw
+FAIL Location's href: https://%43%7C/ should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): https://%43%7C/ should throw
+PASS URL's constructor's base argument: asdf://%43|/ should throw
+PASS URL's href: asdf://%43|/ should throw
+PASS XHR: asdf://%43|/ should throw
+PASS sendBeacon(): asdf://%43|/ should throw
+FAIL Location's href: asdf://%43|/ should throw assert_throws_js: function "() => self[0].location = test.input" did not throw
+PASS window.open(): asdf://%43|/ should throw
 PASS URL's constructor's base argument: \\\.\Y: should throw
 PASS URL's href: \\\.\Y: should throw
 FAIL XHR: \\\.\Y: should throw assert_throws_dom: function "() => client.open("GET", test.input)" did not throw