You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"# TODO: show all tests that now have unique behaviors in the new browser versions! i.e., they did not change the behavior to one of another browser but to something new!\n",
20460
+
"# ..."
20461
+
]
20462
+
},
20452
20463
{
20453
20464
"cell_type": "markdown",
20454
20465
"id": "b2bbd3e0-73bf-4fa5-969a-73efbeb213df",
20455
-
"metadata": {},
20466
+
"metadata": {
20467
+
"jp-MarkdownHeadingCollapsed": true
20468
+
},
20456
20469
"source": [
20457
20470
"### Safari (MacOS 14.3.1) vs Safari (MacOS 15.2)\n",
20458
-
"- Lot's of differences, mostly to do with HTTP(S)?\n",
20459
-
"- Inital glance: HSTS maybe bug (regression) with casing of header; in general: network library has changed (\\x00, \\r, \\n, space, : etc in headers now leads to error when it did not before and the other way round!)\n",
20460
-
"- Start:\n",
20461
-
"- End:\n",
20462
-
"- Time taken:\n",
20463
-
"- TODO: analyze them and test them!"
20471
+
"- Start: 13:47\n",
20472
+
"- End: 16:06\n",
20473
+
"- Time taken: 1h30m\n",
20474
+
"- Total of 1866 diffs\n",
20475
+
"- **TODO** ~3 new bug reports to WebKit!\n",
20476
+
"- Changes:\n",
20477
+
" - **TODO report** New behavior: `:<header>: <value>` is a network error in WebKit, was skipped before (and it other browsers)\n",
20478
+
" - New WebKit behavior (related to row 3 and 1): `\\r<header> | <header>\\n` and similar are now network error in WebKit (before they were skipped and/or accepted which is still the case in other browsers)\n",
20479
+
" - **TODO report** New behavior (bug?!): `<whitespace><header>: <value>` is now allowed in WebKit\n",
20480
+
" - New WebKit behavior (row 4): `<header>\\t: <value>` rows are now ignored (same as Firefox)\n",
20481
+
" - New WebKit behavior (row 8/9): mixed image autoupgrades (TAO and subresourceloading/CSP is affected)\n",
20482
+
" - New WebKit behavior (row 28): TAO and 302 fixed\n",
20483
+
" - New WebKit behavior (row 20): NULL and fetch fixed\n",
20484
+
" - **TODO report** New WebKit behavior (bug?!): HSTS only works with devtools open??\n",
20485
+
" - Some noise/strange results for subresourceloadingCORP_img: could be a caching (or timeout) issue in both new or old Safari or both"
20464
20486
]
20465
20487
},
20466
20488
{
@@ -20650,14 +20672,87 @@
20650
20672
},
20651
20673
{
20652
20674
"cell_type": "code",
20653
-
"execution_count": 167,
20675
+
"execution_count": 231,
20676
+
"id": "af54da7d-b6aa-4474-b956-699205bf243b",
20677
+
"metadata": {},
20678
+
"outputs": [],
20679
+
"source": [
20680
+
"# New general parsing change(s)\n",
20681
+
"# Related to 1-5 in Table 5\n",
20682
+
"# (no entry yet?, new behavior only in WebKit) :<header>: <value> is now \"network error\" in WebKit \"failed to load resource cannot parse response\", such rows are simply ignored/skipped in Firefox/Chrome (old WebKit)\n",
20683
+
"# (similar to row 3 and 1, but network error) \\r<header> | <header>\\r | <head \\r er> | <header>\\n all now result in \"network error\"\n",
20684
+
"# fullscreen_iframe_direct 30/30\n",
20685
+
"# fullscreen_iframe_child_allow 15/15\n",
20686
+
"# sniffing_script_direct 8/16 \n",
20687
+
"# acccesswindow_direct_direct 4/20\n",
20688
+
"# referrer_iframe_iframe 15/23\n",
20689
+
"# fetch_GET_credentials 19/41 (similar numbers for all other fetch_* tests)\n",
20690
+
"# script_execution_iframe_direct 26/42\n",
20691
+
"# framing_iframe_nested 26/42 (similar numbers for other framing tests)\n",
20692
+
"# subresourceloadingCORP_img_direct 34/51\n",
20693
+
"# imgloading_iframe_direct 30/67\n",
20694
+
"# subresourceloadingCOEP_img_direct 30/67\n",
20695
+
"# perfAPI_img_direct 2+16=18/82\n",
20696
+
"# framing_iframe_direct 52/84\n",
20697
+
"# upgradeHSTS_subdomain_subdomain 11/291\n",
20698
+
"# upgradeHSTS_direct_direct 31/828\n",
20699
+
"\n",
20700
+
"# (no entry yet, new behavior only in WebKit) <whitespace><header>: <value> is now allowed in WebKit (such rows are skipped in other browsers)\n",
20701
+
"# sniffing_script_direct 2/16\n",
20702
+
"# accesswindow_direct_direct 4/20\n",
20703
+
"# referrer_iframe_iframe 2/23\n",
20704
+
"# fetch_GET_credentials 3/41 (similar numbers for all other fetch_* tests)\n",
20705
+
"# script_execution_iframe_direct 4/42\n",
20706
+
"# framing_iframe_nested 4/42 (similar numbers for other framing tests)\n",
20707
+
"# subresourceloadingCORP_img_direct 4/51\n",
20708
+
"# imgloading_iframe_direct 4/67\n",
20709
+
"# perfAPI_img_direct 2/82\n",
20710
+
"# framing_iframe_direct 8/84\n",
20711
+
"\n",
20712
+
"# (row 4?) <header> : | <header>\\t: -> now results in ignoring the header (same as Firefox)\n",
20713
+
"# sniffing_script_direct 6/16\n",
20714
+
"# accesswindow_direct_direct 12/20\n",
20715
+
"# referrer_iframe_iframe 6/23\n",
20716
+
"# fetch_GET_credentials 19/41 (similar numbers for all other fetch_* tests)\n",
20717
+
"# script_execution_iframe_direct 12/42\n",
20718
+
"# framing_iframe_nested 12/42 (similar numbers for other framing tests)\n",
20719
+
"# subresourceloadingCORP_img_direct 13/51\n",
20720
+
"# imgloading_iframe_direct 6/67\n",
20721
+
"# perfAPI_img_direct 6/82\n",
20722
+
"# framing_iframe_direct 24/84\n",
20723
+
"\n",
20724
+
"# (row 8 or 9?) automated upgrade of mixed-content images\n",
20725
+
"# imgloading_iframe_direct 27/67\n",
20726
+
"# subresourceloadingCOEP_img_direct 9/67\n",
20727
+
"# perfAPI_img_direct 16+28=44/82\n",
20728
+
"\n",
20729
+
"# row 28: TAO and 302 fixed\n",
20730
+
"# perfAPI_img_direct 12/82\n",
20731
+
"\n",
20732
+
"# row 20: NULL in Header Values (Fetch)\n",
20733
+
"# upgradeHSTS_subdomain_subdomain: 8/291\n",
20734
+
"# upgradeHSTS_direct_direct: 8/828\n",
20735
+
"\n",
20736
+
"# (no entry yet) HSTS caching issue? with devtools closed\n",
20737
+
"# Example upgradeHSTS_subdomain_subdomain_http_sub.headers.websec.saarland_https_sub.headers.websec.saarland_134_basic\n",
20738
+
"# upgradeHSTS_subdomain_subdomain ~270/291 (a small number of these belong to row 16 or row 4 instead)\n",
20739
+
"# upgradeHSTS_direct_direct ~800/828 (a small number of these belong to row 16 or row 4 instead)\n",
20740
+
"\n",
20741
+
"# Other: \n",
20742
+
"# subresourceloadingCOEP_img_direct some noise (in either the new or the old Safari) 28/67; mostly cannot reproduce, could be due to some caching or timeout issuse?!\n",
20743
+
"# 13 of them are 1x load in old version and 2x load in new version, the other 15 are the other way round"
"- UpgradeHSTS: 202+32=234 cases, various fixes (#16 in table), only remaining differences with Firefox (#22, different caching of code 300)\n",
20692
20852
"- Framing: 39 cases, fix uppercase scheme (#11 in table)\n",
20693
20853
"- Fullscreen: 9 cases, fix uppercase scheme (#11? not in table as only chrome supports PP header)\n",
@@ -20879,6 +21039,7 @@
20879
21039
"- Start: 15:10\n",
20880
21040
"- End: 15:30\n",
20881
21041
"- Time: 20m\n",
21042
+
"- Total of 294 diffs\n",
20882
21043
"- Identical to Chrome (234+9+8+2; #16 HSTS fixes and #11 CSP uppercase scheme fix)\n",
20883
21044
"- Additionally: referrer, 8 cases, 7 cases stricter HTTPS upgrades (window.open URLs automatically get upgraded) (related to #9), 1 case could be noise or only works the first time"
"- perfAPI/TAO: 2 (code 300, #7 fixed), 16 related to #29 (not fixed but changed, TODO update bug report?, entry is still with the old URL but requestStart is 0 even though it should not be 0)\n",
21074
21236
"- fetch: 18 (code 300, #7 fixed)\n",
21075
21237
"- access_window: 8x changed handling of extra \\n in headers, before such responses were downloaded (null) now they are rendered as plaintext (related to #3 and #37), probably known?\n",
0 commit comments