From 83c19dd04c3cda3c411f0dbec205d2a00f4fb9fe Mon Sep 17 00:00:00 2001
From: cybai <cyb.ai.815@gmail.com>
Date: Mon, 27 Feb 2023 19:26:14 +0900
Subject: [PATCH 1/2] Ignore set_scheme when input contains trailing/leading C0
 controls

---
 url/src/lib.rs    |  6 ++++++
 url/tests/unit.rs | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/url/src/lib.rs b/url/src/lib.rs
index 0be004e6f..ec29c3141 100644
--- a/url/src/lib.rs
+++ b/url/src/lib.rs
@@ -2313,6 +2313,12 @@ impl Url {
     /// ```
     #[allow(clippy::result_unit_err, clippy::suspicious_operation_groupings)]
     pub fn set_scheme(&mut self, scheme: &str) -> Result<(), ()> {
+        // If the given scheme contains leading or trailing C0 controls,
+        // we'll ignore the set_scheme operation.
+        if scheme.trim_matches(|ch| ch <= ' ').len() != scheme.len() {
+            return Ok(());
+        }
+
         let mut parser = Parser::for_setter(String::new());
         let remaining = parser.parse_scheme(parser::Input::new(scheme))?;
         let new_scheme_type = SchemeType::from(&parser.serialization);
diff --git a/url/tests/unit.rs b/url/tests/unit.rs
index d27016b37..aaece9192 100644
--- a/url/tests/unit.rs
+++ b/url/tests/unit.rs
@@ -147,6 +147,17 @@ fn new_path_windows_fun() {
     }
 }
 
+#[test]
+fn set_scheme_with_leading_or_trailing_c0_controls_should_result_in_noop() {
+    let mut url: Url = "http://test".parse().unwrap();
+
+    let controls = ["\u{0000}", "\u{000C}", "\u{000E}", "\u{0020}"];
+    for control in controls.iter() {
+        assert!(url.set_scheme(&format!("{}https", control)).is_ok());
+        assert!(url.set_scheme(&format!("https{}", control)).is_ok());
+    }
+}
+
 #[test]
 fn new_directory_paths() {
     if cfg!(unix) {

From 9c16caa4842eeba999cc18fdeb49b0ad2301d83b Mon Sep 17 00:00:00 2001
From: cybai <cyb.ai.815@gmail.com>
Date: Wed, 1 Mar 2023 14:17:05 +0900
Subject: [PATCH 2/2] Import related wpt setters test

---
 url/tests/setters_tests.json | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/url/tests/setters_tests.json b/url/tests/setters_tests.json
index 4280032a2..2bdaaebb0 100644
--- a/url/tests/setters_tests.json
+++ b/url/tests/setters_tests.json
@@ -270,6 +270,39 @@
                 "protocol": "https:",
                 "port": ""
             }
+        },
+        {
+            "comment": "Non-tab/newline C0 controls result in no-op",
+            "href": "http://test/",
+            "new_value": "https\u0000",
+            "expected": {
+                "href": "http://test/",
+                "protocol": "http:"
+            }
+        },
+        {
+            "href": "http://test/",
+            "new_value": "https\u000C",
+            "expected": {
+                "href": "http://test/",
+                "protocol": "http:"
+            }
+        },
+        {
+            "href": "http://test/",
+            "new_value": "https\u000E",
+            "expected": {
+                "href": "http://test/",
+                "protocol": "http:"
+            }
+        },
+        {
+            "href": "http://test/",
+            "new_value": "https\u0020",
+            "expected": {
+                "href": "http://test/",
+                "protocol": "http:"
+            }
         }
     ],
     "username": [