[whatwg] Specs for window.atob() and window.btoa() from Boris Zbarsky on 2011-01-07 (public-whatwg-archive@w3.org from January 2011)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 07 Jan 2011 00:01:34 -0500
Message-ID: <4D269E2E.8050708@mit.edu>

On 1/6/11 3:25 PM, Aryeh Gregor wrote:
> Browsers disagreed about how to handle input to atob() that can't be
> produced by btoa().  Firefox mostly throws exceptions, WebKit is
> slightly more lenient, and Opera doesn't throw exceptions at all.
> gsnedders told me Opera's behavior caused site compat problems, so I
> went with Firefox's behavior, or about as close to Firefox's behavior
> as I could determine without reading the source code.

For what it's worth, Firefox's behavior for atob (based on reading the 
source code, sorta) is the following (ignoring various exceptions on 
allocation failures and the like):

1)  If the input string contains any 16-bit units whose value is greater 
than 0xff, throw INVALID_CHARACTER_ERR.

2)  If the input string's length is greater than 0xFFFFFFFF / 3, throw a 
generic failure code (because otherwise a 32-bit computation of the 
output string length will overflow; this could probably be changed to 
use 64-bit arithmetic).

3)  If the length of the source string is 0 mod 4 and the string ends in 
either "=" or "==" then chop off the trailing equals signs from the 
string.  If after this step the length is 1 mod 4, throw 
INVALID_CHARACTER_ERR.

4)  If the string contains any characters other than those in 
[A-Za-z0-9+/] then throw INVALID_CHARACTER_ERR.

Step 2 is certainly missing from your spec (and as I said, may not be 
desirable); I haven't verified whether your regexp ends up enforcing 
exactly 3+4 above.

> As far as I can tell by writing tests, there are only two cases where
> Firefox's atob() doesn't throw an exception on input that can't have
> come from btoa().  First, if there are trailing bits after decoding
> that aren't all 0, Firefox discards them.  So for instance, atob("YQ")
> and atob("YR") both return "a".  Second, it doesn't require trailing =
> signs, so atob("YQ") works although btoa("a") is actually "YQ==".

Based on code inspection, that sounds right in terms of what the Firefox 
behavior is.

Note that it's not that uncommon to use atob on things that came from 
other base64-producing tools, not just from btoa.  Not sure whether that 
matters here.

-Boris

Received on Thursday, 6 January 2011 21:01:34 UTC