[net] internal/httpsfv: add support for consuming Display String and Date type

[Nicholas Husin (Gerrit)]

Attention needed from Damien Neil

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:

• Damien Neil

Submit Requirements:

• Code-Review
• No-Unresolved-Comments
• Review-Enforcement
• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 1

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Damien Neil <dn...@google.com>

Gerrit-Comment-Date: Tue, 30 Sep 2025 15:14:31 +0000

Gerrit-HasComments: No

Gerrit-Has-Labels: No

[Damien Neil (Gerrit)]

Attention needed from Nicholas Husin

Damien Neil added 1 comment

File internal/httpsfv/httpsfv.go

Line 483, Patchset 1 (Latest): return s[:i+1], s[i+1:], true

Damien Neil . unresolved

I think this accepts a partial rune at the end of the string. If we're validating UTF-8 in this function, then we need to fail here if `runeLen > 0`.

I'm undecided on whether validating UTF-8 here is necessary. Perhaps this function should just look for the ending ", and we can use utf8.ValidString if/when the string is decoded?

Open in Gerrit

Related details

Attention is currently required from:

• Nicholas Husin

Submit Requirements:

• Code-Review

• No-Unresolved-Comments

• Review-Enforcement
• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 1

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Nicholas Husin <n...@golang.org>

Gerrit-Comment-Date: Tue, 30 Sep 2025 16:08:30 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

[Nicholas Husin (Gerrit)]

Attention needed from Nicholas Husin

Nicholas Husin uploaded new patchset

Nicholas Husin uploaded patch set #2 to this change.

Following approvals got outdated and were removed:

• TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Related details

Attention is currently required from:

• Nicholas Husin

Submit Requirements:

• Code-Review
• No-Unresolved-Comments
• Review-Enforcement

• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: newpatchset

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 2

[Nicholas Husin (Gerrit)]

Attention needed from Damien Neil

Nicholas Husin added 1 comment

File internal/httpsfv/httpsfv.go

Line 483, Patchset 1: return s[:i+1], s[i+1:], true

Damien Neil . resolved

I think this accepts a partial rune at the end of the string. If we're validating UTF-8 in this function, then we need to fail here if `runeLen > 0`.

I'm undecided on whether validating UTF-8 here is necessary. Perhaps this function should just look for the ending ", and we can use utf8.ValidString if/when the string is decoded?

Nicholas Husin

Oops right, thanks! Fixed that and added a test case for it.

I'm undecided on whether validating UTF-8 here is necessary. Perhaps this function should just look for the ending ", and we can use utf8.ValidString if/when the string is decoded?

I'm not wedded to the idea, but I think validating here is probably still preferable. If we do not validate UTF-8 here, our behavior will diverge from the spec when someone uses `ParseDictionary()` on a dictionary that contains an invalid display string that they are not actively using, for example. In this case, I believe an RFC 9651-compliant parser would fail due to the invalid display string. On the other hand, our parser will happily ignore the display string if the user does not explicitly use `ParseDictionary()`.

Having this compliance check be done in the `consumeDisplayString()` does introduce a minor bit of duplicated work, where the `ParseDisplayString()` will have to re-decode the non-ASCII characters using `decOctetHex()` when constructing the output string (we won't have to use `utf8.ValidString` though since the `consumeDisplayString()` will have done the validation). But, that seems minor enough, and probably worth it to stay compliant with the spec and be able to fail early on bad input?

Open in Gerrit

Related details

Attention is currently required from:

• Damien Neil

Submit Requirements:

• Code-Review

• No-Unresolved-Comments

• Review-Enforcement
• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 2

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Damien Neil <dn...@google.com>

Gerrit-Comment-Date: Tue, 30 Sep 2025 17:24:40 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

Comment-In-Reply-To: Damien Neil <dn...@google.com>

[Damien Neil (Gerrit)]

Attention needed from Nicholas Husin

Damien Neil voted Code-Review+2

Code-Review

+2

Open in Gerrit

Related details

Attention is currently required from:

• Nicholas Husin

Submit Requirements:

• Code-Review

• No-Unresolved-Comments
• Review-Enforcement

• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 3

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Nicholas Husin <n...@golang.org>

Gerrit-Comment-Date: Wed, 01 Oct 2025 21:44:05 +0000

Gerrit-HasComments: No

Gerrit-Has-Labels: Yes

[Damien Neil (Gerrit)]

Attention needed from Nicholas Husin

Damien Neil added 1 comment

File internal/httpsfv/httpsfv.go

Line 483, Patchset 1: return s[:i+1], s[i+1:], true

Damien Neil . resolved

I think this accepts a partial rune at the end of the string. If we're validating UTF-8 in this function, then we need to fail here if `runeLen > 0`.

I'm undecided on whether validating UTF-8 here is necessary. Perhaps this function should just look for the ending ", and we can use utf8.ValidString if/when the string is decoded?

Nicholas Husin

Oops right, thanks! Fixed that and added a test case for it.

I'm undecided on whether validating UTF-8 here is necessary. Perhaps this function should just look for the ending ", and we can use utf8.ValidString if/when the string is decoded?

I'm not wedded to the idea, but I think validating here is probably still preferable. If we do not validate UTF-8 here, our behavior will diverge from the spec when someone uses `ParseDictionary()` on a dictionary that contains an invalid display string that they are not actively using, for example. In this case, I believe an RFC 9651-compliant parser would fail due to the invalid display string. On the other hand, our parser will happily ignore the display string if the user does not explicitly use `ParseDictionary()`.

Having this compliance check be done in the `consumeDisplayString()` does introduce a minor bit of duplicated work, where the `ParseDisplayString()` will have to re-decode the non-ASCII characters using `decOctetHex()` when constructing the output string (we won't have to use `utf8.ValidString` though since the `consumeDisplayString()` will have done the validation). But, that seems minor enough, and probably worth it to stay compliant with the spec and be able to fail early on bad input?

Damien Neil

I'm convinced on validating here being useful.

Open in Gerrit

Related details

Attention is currently required from:

• Nicholas Husin

Submit Requirements:

• Code-Review
• No-Unresolved-Comments
• Review-Enforcement
• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 3

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Nicholas Husin <n...@golang.org>

Gerrit-Comment-Date: Wed, 01 Oct 2025 21:44:25 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

Comment-In-Reply-To: Damien Neil <dn...@google.com>

Comment-In-Reply-To: Nicholas Husin <n...@golang.org>

[Nicholas Husin (Gerrit)]

Attention needed from Nicholas Husin

Nicholas Husin voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

• Nicholas Husin

Submit Requirements:

• Code-Review
• No-Unresolved-Comments

• Review-Enforcement
• TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 3

Gerrit-Owner: Nicholas Husin <n...@golang.org>

Gerrit-Reviewer: Damien Neil <dn...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Nicholas Husin <hu...@google.com>

Gerrit-Reviewer: Nicholas Husin <n...@golang.org>

Gerrit-Attention: Nicholas Husin <n...@golang.org>

Gerrit-Comment-Date: Wed, 01 Oct 2025 21:45:00 +0000

Gerrit-HasComments: No

Gerrit-Has-Labels: Yes

[Nicholas Husin (Gerrit)]

Nicholas Husin submitted the change

Change information

Commit message:

internal/httpsfv: add support for consuming Display String and Date type

This CL adds consumeDisplayString() and consumeDate() function, meaning
that we can now consume all types that are defined within RFC 9651. In
future CL, we will add the corresponding parsing function for all the
types, so callers of this package will not have to implement their own
parsing / formatting.

For golang/go#75500

Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Reviewed-on: https://go-review.googlesource.com/c/net/+/708015

LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-by: Nicholas Husin <hu...@google.com>

Files:

• M internal/httpsfv/httpsfv.go
• M internal/httpsfv/httpsfv_test.go

Change size: L

Delta: 2 files changed, 272 insertions(+), 3 deletions(-)

Branch: refs/heads/master

Submit Requirements:

• Code-Review: +2 by Damien Neil, +1 by Nicholas Husin
• TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: net

Gerrit-Branch: master

Gerrit-Change-Id: I90aa132d3ab1385b310d821997da13a095cd71bc

Gerrit-Change-Number: 708015

Gerrit-PatchSet: 4