From 01194053b73b3ef7e14cff1834f70073d53417d1 Mon Sep 17 00:00:00 2001 From: Kenneth Myhra Date: Wed, 13 Apr 2022 22:05:36 +0200 Subject: [PATCH] LibWeb: XHR set_request_header() validate header name and value --- .../Libraries/LibWeb/XHR/XMLHttpRequest.cpp | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp index 5f5638f7dc..8717250117 100644 --- a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp +++ b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp @@ -394,6 +394,13 @@ static bool is_method(String const& method) return regex.has_match(method); } +// https://fetch.spec.whatwg.org/#header-name +static bool is_header_name(String const& header_name) +{ + Regex regex { R"~~~(^[A-Za-z0-9!#$%&'*+-.^_`|~]+$)~~~" }; + return regex.has_match(header_name); +} + // https://fetch.spec.whatwg.org/#concept-method-normalize static String normalize_method(String const& method) { @@ -409,6 +416,16 @@ static String normalize_header_value(String const& header_value) return header_value.trim(StringView { http_whitespace_bytes }); } +// https://fetch.spec.whatwg.org/#header-value +static bool is_header_value(String const& header_value) +{ + for (auto const& character : header_value.view()) { + if (character == '\0' || character == '\n' || character == '\r') + return false; + } + return true; +} + // https://xhr.spec.whatwg.org/#dom-xmlhttprequest-setrequestheader DOM::ExceptionOr XMLHttpRequest::set_request_header(String const& name, String const& value) { @@ -423,8 +440,11 @@ DOM::ExceptionOr XMLHttpRequest::set_request_header(String const& name, St // 3. Normalize value. auto normalized_value = normalize_header_value(value); - // FIXME: 4. If name is not a header name or value is not a header value, - // then throw a "SyntaxError" DOMException. + // 4. If name is not a header name or value is not a header value, then throw a "SyntaxError" DOMException. + if (!is_header_name(name)) + return DOM::SyntaxError::create("Header name contains invalid characters."); + if (!is_header_value(value)) + return DOM::SyntaxError::create("Header value contains invalid characters."); // 5. If name is a forbidden header name, then return. if (is_forbidden_header_name(name))