RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 03:37:34 +00:00
Code Issues Activity Actions

LibWeb: Use a more restrictive regex for method token production

Browse source 
This changes the regular expression for is_method() to a more
restrictive pattern.
This commit is contained in:
Kenneth Myhra 2022-04-13 21:44:16 +02:00 committed by Linus Groh
parent 053bcd4859
commit fccea8888e
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
View file

@ -390,8 +390,8 @@ static bool is_forbidden_method(String const& method)
// https://fetch.spec.whatwg.org/#concept-method
static bool is_method(String const& method)
{
Regex<ECMA262Parser> regex { R"~~~(^.*["(),\/:;<=>?@\\[\]{}]+.*$)~~~" };
return !regex.has_match(method);
Regex<ECMA262Parser> regex { R"~~~(^[A-Za-z0-9!#$%&'*+-.^_`|~]+$)~~~" };
return regex.has_match(method);
}
// https://fetch.spec.whatwg.org/#concept-method-normalize