Avoid decoding XHR type="json" responses as UTF-16BE/LE

https://infra.spec.whatwg.org/#parse-json-from-bytes says to use
"UTF-8 decode" rather than "decode", so UTF-16BE/LE BOM should
not be honored.

1 files changed, 8 insertions, 3 deletions

diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs
index a20d8c90fb7..81133ea6bc9 100644
--- a/components/script/dom/xmlhttprequest.rs
+++ b/components/script/dom/xmlhttprequest.rs
@@ -1164,8 +1164,8 @@ impl XMLHttpRequest {
             return NullValue();
         }
         // Step 4
-        fn decode_to_utf16(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
-            let mut decoder = encoding.new_decoder();
+        fn decode_to_utf16_with_bom_removal(bytes: &[u8], encoding: &'static Encoding) -> Vec<u16> {
+            let mut decoder = encoding.new_decoder_with_bom_removal();
             let capacity = decoder.max_utf16_buffer_length(bytes.len()).expect("Overflow");
             let mut utf16 = Vec::with_capacity(capacity);
             let extra = unsafe {
@@ -1179,7 +1179,12 @@ impl XMLHttpRequest {
             }
             utf16
         }
-        let json_text = decode_to_utf16(&bytes, UTF_8);
+        // https://xhr.spec.whatwg.org/#json-response refers to
+        // https://infra.spec.whatwg.org/#parse-json-from-bytes which refers to
+        // https://encoding.spec.whatwg.org/#utf-8-decode which means
+        // that the encoding is always UTF-8 and the UTF-8 BOM is removed,
+        // if present, but UTF-16BE/LE BOM must not be honored.
+        let json_text = decode_to_utf16_with_bom_removal(&bytes, UTF_8);
         // Step 5
         rooted!(in(cx) let mut rval = UndefinedValue());
         unsafe {