indexeddb: Use UUIDs instead of sanitization of object store names #38944

rodio · 2025-08-26T14:20:22Z

Sanitization of object store names brought some problems because of replacing special characters and making it impossible to have certain object store names that are allowed by the spec. These changes make sure deterministic UUIDs are used for file paths plus object store names are inserted into SQLite without sanitization.

Testing: Covered by existing tests and new unit tests were added.
Fixes: #37569

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

rodio · 2025-08-26T14:23:01Z

Also, sanitization might be not as safe as it seemed. For example: a legitimate user creates an object store secret_store and an attacker creates secret.store and is able to read secret_store (probably)

github-actions · 2025-08-27T07:20:11Z

🔨 Triggering try run (#17259973335) for Linux (WPT)

github-actions · 2025-08-27T08:01:09Z

Test results for linux-wpt from try job (#17259973335):

Flaky unexpected result (17)

OK /FileAPI/url/url-with-fetch.any.worker.html (#21517)
- FAIL [expected PASS] subtest: Revoke blob URL after calling fetch, fetch should succeed
```
promise_test: Unhandled rejection with value: object "TypeError: Network error occurred"
```
CRASH [expected TIMEOUT] /IndexedDB/crashtests/create-index.any.html
OK /IndexedDB/idbfactory_open.any.html
- FAIL [expected PASS] subtest: Calling open() with version argument 1.5 should not throw.
```
assert_equals: version expected 1 but got 9007199254740991
```
CRASH [expected OK] /IndexedDB/nested-cloning-basic.any.worker.html (#38842)

OK /_webgl/conformance/textures/misc/texture-upload-size.html (#21770)

FAIL [expected PASS] subtest: WebGL test #45

assert_true: Texture was smaller than the expected size 2x2 expected true got false

FAIL [expected PASS] subtest: WebGL test #47

assert_true: getError expected: INVALID_VALUE. Was NO_ERROR : when calling texSubImage2D with the same texture upload with offset 1, 1 expected true got false

FAIL [expected PASS] subtest: WebGL test #49

assert_true: Texture was smaller than the expected size 2x2 expected true got false

FAIL [expected PASS] subtest: WebGL test #51

assert_true: getError expected: INVALID_VALUE. Was NO_ERROR : when calling texSubImage2D with the same texture upload with offset 1, 1 expected true got false

PASS [expected FAIL] subtest: WebGL test #85
PASS [expected FAIL] subtest: WebGL test #87
PASS [expected FAIL] subtest: WebGL test #89
PASS [expected FAIL] subtest: WebGL test #91

FAIL [expected PASS] subtest: WebGL test #93

assert_true: Texture was smaller than the expected size 2x2 expected true got false

FAIL [expected PASS] subtest: WebGL test #95

assert_true: getError expected: INVALID_VALUE. Was NO_ERROR : when calling texSubImage2D with the same texture upload with offset 1, 1 expected true got false

And 10 more unexpected results...

PASS [expected FAIL] /css/css-fonts/font-palette-18.html
FAIL [expected PASS] /css/css-tables/paint/table-border-paint-caption-change.html (#38036)
TIMEOUT [expected ERROR] /fetch/fetch-later/quota/same-origin-iframe/max-payload.tentative.https.window.html (#35210)
OK /fetch/metadata/generated/css-font-face.https.sub.tentative.html (#32732)
- PASS [expected FAIL] subtest: sec-fetch-storage-access - Cross-site
OK /html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/load-pageshow-events-iframe-contentWindow.html (#28681)
- FAIL [expected PASS] subtest: load & pageshow events do not fire on contentWindow of <iframe> element created with src='about:blank'
```
assert_unreached: load should not be fired Reached unreachable code
```
OK /html/browsers/browsing-the-web/navigating-across-documents/refresh/same-document-refresh.html (#34597)
- PASS [expected FAIL] subtest: Same-Document Referrer from Refresh
TIMEOUT [expected OK] /html/browsers/browsing-the-web/navigating-across-documents/replace-before-load/form-requestsubmit.html (#28716)
- TIMEOUT [expected FAIL] subtest: Replace before load, triggered by formElement.requestSubmit()
```
Test timed out
```
OK /html/browsers/history/the-history-interface/traverse_the_history_4.html (#21383)
- PASS [expected FAIL] subtest: Multiple history traversals, last would be aborted
TIMEOUT [expected OK] /html/interaction/focus/the-autofocus-attribute/document-with-fragment-top.html (#28259)
- TIMEOUT [expected FAIL] subtest: Autofocus elements 8000 in top-level browsing context's documents with "top" fragments should work.
```
Test timed out
```
TIMEOUT [expected OK] /html/interaction/focus/the-autofocus-attribute/update-the-rendering.html (#24145)
- TIMEOUT [expected FAIL] subtest: "Flush autofocus candidates" should be happen before a scroll event and animation frame callbacks
```
Test timed out
```

OK /html/semantics/embedded-content/the-iframe-element/iframe-loading-lazy-nav-location-replace.html (#32604)

FAIL [expected PASS] subtest: Navigating iframe loading='lazy' before it is loaded: location.replace

uncaught exception: Error: assert_equals: expected "http://web-platform.test:8000/html/semantics/embedded-content/the-iframe-element/support/blank.htm?nav" but got "http://web-platform.test:8000/html/semantics/embedded-content/the-iframe-element/support/blank.htm?src"

OK [expected CRASH] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html (#24057)

Stable unexpected results that are known to be intermittent (27)

FAIL [expected PASS] /_mozilla/css/stacked_layers.html (#15988)
FAIL [expected PASS] /_mozilla/mozilla/sslfail.html (#10760)
TIMEOUT [expected OK] /_mozilla/mozilla/window_resize_event.html (#36741)
- TIMEOUT [expected PASS] subtest: Popup onresize event fires after resizeTo
```
Test timed out
```
OK /css/css-cascade/layer-cssom-order-reverse.html (#36094)
- PASS [expected FAIL] subtest: Delete layer invalidates @font-face
PASS [expected FAIL] /css/css-fonts/downloadable-font-scoped-to-document.html (#38691)
TIMEOUT [expected FAIL] /dom/xslt/large-cdata.html (#38029)
OK /html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/iframe-src-aboutblank-navigate-immediately.html (#29048)
- FAIL [expected PASS] subtest: Navigating to a different document with location.href
```
assert_equals: expected "http://web-platform.test:8000/common/blank.html?1" but got "about:blank"
```
- FAIL [expected PASS] subtest: Navigating to a different document with location.assign
```
assert_equals: expected "http://web-platform.test:8000/common/blank.html?1" but got "about:blank"
```
- FAIL [expected PASS] subtest: Navigating to a different document with form submission
```
assert_equals: expected "http://web-platform.test:8000/common/blank.html?1=" but got "about:blank"
```
OK /html/browsers/history/the-history-interface/traverse_the_history_5.html (#21383)
- FAIL [expected PASS] subtest: Multiple history traversals, last would be aborted
```
assert_array_equals: Pages opened during history navigation expected property 1 to be 5 but got 3 (expected array [6, 5] got [6, 3])
```
OK /html/browsers/windows/browsing-context-names/duplicate-name-order.html (#34623)
- PASS [expected FAIL] subtest: Duplicate name lookup order
OK /html/browsers/windows/embedded-opener-remove-frame.html (#23867)
- PASS [expected FAIL] subtest: opener of discarded auxiliary browsing context
PASS [expected FAIL] /html/canvas/element/manual/drawing-text-to-the-canvas/canvas.2d.disconnected-font-size-math.html (#30063)
OK [expected TIMEOUT] /html/interaction/focus/the-autofocus-attribute/document-with-fragment-empty.html (#28259)
- FAIL [expected TIMEOUT] subtest: Autofocus elements in top-level browsing context's documents with empty fragments should work.
```
assert_not_equals: got disallowed value Element node &lt;body&gt;&lt;/body&gt;
```
TIMEOUT /html/interaction/focus/the-autofocus-attribute/supported-elements.html (#24145)
- TIMEOUT [expected FAIL] subtest: Element with tabindex should support autofocus
```
Test timed out
```
- NOTRUN [expected PASS] subtest: Non-HTMLElement should not support autofocus
OK [expected TIMEOUT] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-1.html (#22647)
- FAIL [expected TIMEOUT] subtest: Check that popups from a sandboxed iframe escape the sandbox if allow-popups-to-escape-sandbox is used
```
assert_equals: It came from a sandboxed iframe expected "null" but got "http://web-platform.test:8000"
```
OK [expected CRASH] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-2.html (#22667)
- FAIL [expected TIMEOUT] subtest: Check that popups from a sandboxed iframe escape the sandbox if allow-popups-to-escape-sandbox is used
```
assert_equals: It came from a sandboxed iframe expected "null" but got "http://web-platform.test:8000"
```
CRASH [expected OK] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-1.html (#24066)
CRASH [expected OK] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-2.html (#22154)
OK [expected TIMEOUT] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3.html (#24066)
OK [expected CRASH] /html/semantics/forms/the-fieldset-element/disabled-003.html (#31730)
OK /html/semantics/scripting-1/the-script-element/execution-timing/077.html (#22139)
- PASS [expected FAIL] subtest: adding several types of scripts through the DOM and removing some of them confuses scheduler
OK /navigation-timing/test-navigation-type-reload.html (#33334)
- PASS [expected FAIL] subtest: Reload domContentLoadedEventEnd > Original domContentLoadedEventEnd
- PASS [expected FAIL] subtest: Reload domContentLoadedEventStart > Original domContentLoadedEventStart
- PASS [expected FAIL] subtest: Reload domInteractive > Original domInteractive
- PASS [expected FAIL] subtest: Reload fetchStart > Original fetchStart

TIMEOUT [expected OK] /preload/preload-error.sub.html (#37177)

FAIL [expected PASS] subtest: 404 (style): main

assert_greater_than: http://web-platform.test:8000/preload/resources/dummy.css?pipe=status%28404%29&amp;label=style should be loaded expected a number greater than 0 but got 0

FAIL [expected PASS] subtest: CORS (xhr): main

assert_greater_than: http://not-web-platform.test:8000/preload/resources/dummy.xml?pipe=header%28Access-Control-Allow-Origin%2C*%29&amp;label=xhr should be loaded expected a number greater than 0 but got 0

OK [expected CRASH] /trusted-types/trusted-types-navigation.html?06-10 (#37920)
TIMEOUT [expected OK] /trusted-types/trusted-types-navigation.html?26-30 (#38807)
- TIMEOUT [expected FAIL] subtest: Navigate a frame via form-submission with javascript:-urls w/ default policy in enforcing mode.
```
Test timed out
```
OK [expected CRASH] /trusted-types/trusted-types-navigation.html?31-35 (#38034)
- FAIL [expected TIMEOUT] subtest: Navigate a frame via form-submission with javascript:-urls w/ default policy in report-only mode.
```
promise_test: Unhandled rejection with value: "Unexpected message received: {\"type\":\"DOMContentLoaded\",\"uri\":\"http://web-platform.test:8000/trusted-types/support/navigation-support.html?form-submission=1&amp;defaultpolicy=replace&amp;frame=1&amp;navigationattempted=1&amp;continue=1\"}"
```
- FAIL [expected NOTRUN] subtest: Navigate a window via form-submission with javascript:-urls w/ a default policy throwing an exception in enforcing mode.
```
promise_test: Unhandled rejection with value: "Unexpected message received: \"No securitypolicyviolation reported!\""
```
- FAIL [expected NOTRUN] subtest: Navigate a window via form-submission with javascript:-urls w/ a default policy throwing an exception in report-only mode.
```
promise_test: Unhandled rejection with value: "Unexpected message received: \"No securitypolicyviolation reported!\""
```
- FAIL [expected NOTRUN] subtest: Navigate a window via form-submission with javascript:-urls w/ a default policy making the URL invalid in enforcing mode.
```
promise_test: Unhandled rejection with value: "Unexpected message received: \"No securitypolicyviolation reported!\""
```
TIMEOUT [expected OK] /webstorage/localstorage-about-blank-3P-iframe-opens-3P-window.partitioned.html (#29053)
- TIMEOUT [expected PASS] subtest: StorageKey: test 3P about:blank window opened from a 3P iframe
```
Test timed out
```
ERROR [expected OK] /webxr/render_state_update.https.html (#27535)

github-actions · 2025-08-27T08:03:40Z

✨ Try run (#17259973335) succeeded.

jdm

This is great. Thanks!

rodio added 5 commits August 26, 2025 14:43

use UUIDs for database paths

a5de76a

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

replace SanitizedName with str

3005c8c

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

remove SanitizedName from tests

70224e8

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

add test for injection

e79de38

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

test creating a store with an empty name

a15d4dc

Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>

TimvdLippe added the T-linux-wpt Do a try run of the WPT label Aug 27, 2025

github-actions bot removed the T-linux-wpt Do a try run of the WPT label Aug 27, 2025

jdm approved these changes Aug 27, 2025

View reviewed changes

jdm added this pull request to the merge queue Aug 27, 2025

Merged via the queue into servo:main with commit 0089e65 Aug 27, 2025
57 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

indexeddb: Use UUIDs instead of sanitization of object store names #38944

indexeddb: Use UUIDs instead of sanitization of object store names #38944

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

indexeddb: Use UUIDs instead of sanitization of object store names #38944

indexeddb: Use UUIDs instead of sanitization of object store names #38944

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!