Add Safari bug reports

hp23 Server · hp23 Server · commit 407e58509719 · 2025-01-09T09:34:06.000Z
diff --git a/_hp/hp/tools/analysis/analysis_december_2024.ipynb b/_hp/hp/tools/analysis/analysis_december_2024.ipynb
@@ -21954,25 +21954,23 @@
   {
    "cell_type": "markdown",
    "id": "b2bbd3e0-73bf-4fa5-969a-73efbeb213df",
-   "metadata": {
-    "jp-MarkdownHeadingCollapsed": true
-   },
+   "metadata": {},
    "source": [
     "### Safari (MacOS 14.3.1) vs Safari (MacOS 15.2)\n",
     "- Start: 13:47\n",
     "- End: 16:06\n",
     "- Time taken: 1h30m\n",
     "- Total of 1866 diffs\n",
-    "- **TODO** ~3 new bug reports to WebKit!\n",
+    "- ~3 new bug reports to WebKit!\n",
     "- Changes:\n",
-    "    - **TODO report** New behavior: `:<header>: <value>` is a network error in WebKit, was skipped before (and it other browsers)\n",
-    "    - New WebKit behavior (related to row 3 and 1): `\\r<header> | <header>\\n` and similar are now network error in WebKit (before they were skipped and/or accepted which is still the case in other browsers)\n",
-    "    - **TODO report** New behavior (bug?!): `<whitespace><header>: <value>` is now allowed in WebKit\n",
+    "    - **[New report](https://bugs.webkit.org/show_bug.cgi?id=285661)** New behavior: `:<header>: <value>` is a network error in WebKit, was skipped before (and it other browsers)\n",
+    "        - New WebKit behavior (related to row 3 and 1): `\\r<header> | <header>\\n | <header>: <val \\r ue>` and similar are now network error in WebKit (before they were skipped and/or accepted which is still the case in other browsers)\n",
+    "    - **[New report](https://bugs.webkit.org/show_bug.cgi?id=285606)** New behavior (bug?!): `<whitespace><header>: <value>` is now allowed in WebKit (issue in underlying apple system)\n",
     "    - New WebKit behavior (row 4): `<header>\\t: <value>` rows are now ignored (same as Firefox)\n",
     "    - New WebKit behavior (row 8/9): mixed image autoupgrades (TAO and subresourceloading/CSP is affected)\n",
-    "    - New WebKit behavior (row 28): TAO and 302 fixed\n",
-    "    - New WebKit behavior (row 20): NULL and fetch fixed\n",
-    "    - **TODO report** New WebKit behavior (bug?!): HSTS only works with devtools open??\n",
+    "    - WebKit behavior (row 28): TAO and 302 fixed\n",
+    "    - WebKit behavior (row 20): NULL and fetch fixed\n",
+    "    - **[New report](https://bugs.webkit.org/show_bug.cgi?id=285660)** New WebKit behavior (bug?!): ~~HSTS only works with devtools open?~~; timing/race condition of setting HSTS and starting new requests\n",
     "    - Some noise/strange results for subresourceloadingCORP_img: could be a caching (or timeout) issue in both new or old Safari or both"
    ]
   },
@@ -22171,7 +22169,7 @@
     "# New general parsing change(s)\n",
     "# Related to 1-5 in Table 5\n",
     "# (no entry yet?, new behavior only in WebKit) :<header>: <value> is now \"network error\" in WebKit \"failed to load resource cannot parse response\", such rows are simply ignored/skipped in Firefox/Chrome (old WebKit)\n",
-    "# (similar to row 3 and 1, but network error) \\r<header> | <header>\\r | <head \\r er> | <header>\\n all now result in \"network error\"\n",
+    "# (similar to row 3 and 1, but network error) \\r<header> | <header>\\r | <head \\r er> | <header>\\n all now result in \"network error\" such rows are ignored or accepted in Firefox/Chrome (depends)\n",
     "# fullscreen_iframe_direct 30/30\n",
     "# fullscreen_iframe_child_allow 15/15\n",
     "# sniffing_script_direct 8/16 \n",
@@ -22224,7 +22222,7 @@
     "# upgradeHSTS_subdomain_subdomain: 8/291\n",
     "# upgradeHSTS_direct_direct: 8/828\n",
     "\n",
-    "# (no entry yet) HSTS caching issue? with devtools closed\n",
+    "# (no entry yet) HSTS race condition\n",
     "# Example upgradeHSTS_subdomain_subdomain_http_sub.headers.websec.saarland_https_sub.headers.websec.saarland_134_basic\n",
     "# upgradeHSTS_subdomain_subdomain ~270/291 (a small number of these belong to row 16 or row 4 instead)\n",
     "# upgradeHSTS_direct_direct ~800/828 (a small number of these belong to row 16 or row 4 instead)\n",
@@ -22236,19 +22234,19 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 229,
+   "execution_count": 310,
    "id": "bdf73f36-3c44-426e-ba41-55c46dee9562",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "application/vnd.jupyter.widget-view+json": {
-       "model_id": "4ea8d8f248d349b4a83ee4c3fee71baf",
+       "model_id": "ea3237424d9b49e1a64350428b9c804d",
        "version_major": 2,
        "version_minor": 0
       },
       "text/plain": [
-       "Tab(children=(Output(), Output(), Output(), Output()), selected_index=0, titles=('Group 0', 'Group 1', 'Group …"
+       "Tab(children=(Output(), Output()), selected_index=0, titles=('Group 0', 'Group 1'))"
       ]
      },
      "metadata": {},
@@ -22257,7 +22255,7 @@
    ],
    "source": [
     "browser_ids = [73, 51]\n",
-    "test_name = \"upgradeHSTS_direct\"\n",
+    "test_name = \"fullscreen_iframe\"\n",
     "#test_name = \"fetch_GET\"\n",
     "relation = None\n",
     "show_response_groups(test_name, browser_ids=browser_ids, relation=relation)"
@@ -22723,10 +22721,10 @@
     "- Total of 167 diffs\n",
     "- Framing: 38 + 19, code 300 (#7, fixed), XFO whitspace (#15, fixed)\n",
     "- SubresourceloadingCOEP: 6 (code 300, #7 fixed),  32 continuing random CORP caching (#35)\n",
-    "- perfAPI/TAO: 2 (code 300, #7 fixed), 16 related to #29 (not fixed but changed, **TODO update bug report?**, entry is still with the old URL but requestStart is 0 even though it should not be 0)\n",
+    "- perfAPI/TAO: 2 (code 300, #7 fixed), 16 related to #29 (not fixed but changed, **updated bug report**, entry is still with the old URL but requestStart is 0 even though it should not be 0)\n",
     "- fetch: 18 (code 300, #7 fixed)\n",
-    "- access_window: 8x changed handling of extra \\n in headers, before such responses were downloaded (null) now they are rendered as plaintext (related to #3 and #37), probably known?\n",
-    "- imgloading: 6 (code 300, #7 fixed), fullscreen_iframe: 6+3 (code 300, #7 fixed), referrer_iframe: 3 (code 300, #7 fixed), script_execution 2 (#7), \n",
+    "- access_window: 8x changed handling of extra \\n in headers, before such responses were downloaded (null) now they are rendered as plaintext (related to #3 and #36, #37), probably known?\n",
+    "- imgloading: 6 (code 300, #7 fixed), fullscreen_iframe: 6+3 (code 300, #7 fixed), referrer_iframe: 3 (code 300, #7 fixed), script_execution 2 (#7 fixed), \n",
     "- subresourceloadingCORP_img: 4 (code 300, #7 fixed), 1 better mixed content upgrades (related to #8, fixed?)\n",
     "- upgradeHSTS: 2 (#16, fixed), 1 (code 300, #7 fixed)"
    ]
@@ -22915,19 +22913,19 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 162,
+   "execution_count": 306,
    "id": "357813dd-3fc0-426f-bbc5-b8bc3814bf4e",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "application/vnd.jupyter.widget-view+json": {
-       "model_id": "873714357bd349748174279c359bea70",
+       "model_id": "c79a5fbad30a4bfea0eaa1f2a5ba5600",
        "version_major": 2,
        "version_minor": 0
       },
       "text/plain": [
-       "Tab(children=(Output(), Output(), Output(), Output(), Output(), Output()), selected_index=0, titles=('Group 0'…"
+       "Tab(children=(Output(), Output(), Output(), Output()), selected_index=0, titles=('Group 0', 'Group 1', 'Group …"
       ]
      },
      "metadata": {},
@@ -22938,10 +22936,83 @@
     "browser_ids = [61, 75]\n",
     "#browser_ids = [74, 75]\n",
     "#browser_ids = [74, 76]\n",
-    "test_name = \"upgradeHSTS_subdomain\"\n",
+    "test_name = \"perfAPI_img\"\n",
     "relation = None\n",
     "show_response_groups(test_name, browser_ids=browser_ids, relation=relation)"
    ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 305,
+   "id": "8408f925-c155-4e4b-ba12-99f61b9c60d8",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>browser</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>outcome_str</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>{'window.open.opener': 'null'}</th>\n",
+       "      <td>[brave Ubuntu 22.04 v1.62.156 (121.0.6167.139) selenium headless-new, brave Ubuntu 22.04 v1.73.101 (Chromium 131.0.6778.139) selenium headless-new, chrome Android 11 121.0.6167.180 intent real, chrome Ubuntu 22.04 120 selenium headless-new, chrome Ubuntu 22.04 121 selenium headless-new, chrome Ubuntu 22.04 122 selenium headless-new, chrome Ubuntu 22.04 131 selenium headless-new, firefox Ubuntu 22.04 121 selenium headless, firefox Ubuntu 22.04 122 selenium headless, firefox Ubuntu 22.04 123 selenium headless]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>{'window.open.opener': 'object \"[object Window]\"'}</th>\n",
+       "      <td>[brave Android 11 1.62.165_shield intent real, chrome iPadOS 17.3.1 122.0.6261.89 intent real, firefox Ubuntu 22.04 133 selenium headless, firefox_beta Android 11 123.0b9 intent real, safari macOS 14.3.1 17.3.1 selenium real, safari macOS 15.2 18.2 selenium real]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              browser\n",
+       "outcome_str                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          \n",
+       "{'window.open.opener': 'null'}                      [brave Ubuntu 22.04 v1.62.156 (121.0.6167.139) selenium headless-new, brave Ubuntu 22.04 v1.73.101 (Chromium 131.0.6778.139) selenium headless-new, chrome Android 11 121.0.6167.180 intent real, chrome Ubuntu 22.04 120 selenium headless-new, chrome Ubuntu 22.04 121 selenium headless-new, chrome Ubuntu 22.04 122 selenium headless-new, chrome Ubuntu 22.04 131 selenium headless-new, firefox Ubuntu 22.04 121 selenium headless, firefox Ubuntu 22.04 122 selenium headless, firefox Ubuntu 22.04 123 selenium headless]\n",
+       "{'window.open.opener': 'object \"[object Window]\"'}                                                                                                                                                                                                                                                            [brave Android 11 1.62.165_shield intent real, chrome iPadOS 17.3.1 122.0.6261.89 intent real, firefox Ubuntu 22.04 133 selenium headless, firefox_beta Android 11 123.0b9 intent real, safari macOS 14.3.1 17.3.1 selenium real, safari macOS 15.2 18.2 selenium real]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "test_id = \"accesswindow_direct_direct_https_sub.headers.websec.saarland_https_headers.webappsec.eu_21640_parsing\"\n",
+    "test_id = \"accesswindow_direct_direct_https_sub.headers.websec.saarland_https_headers.webappsec.eu_23242_parsing\"\n",
+    "with pd.option_context(\"display.max_colwidth\", None):\n",
+    "    display(tree_df.loc[tree_df[\"test_id\"] == test_id].groupby(\"outcome_str\")[\"browser\"].unique().to_frame())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "c247df91-7ca3-4924-9242-a9163f3a6fa5",
+   "metadata": {},
+   "outputs": [],
+   "source": []
   }
  ],
  "metadata": {
