OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
100 unsigned start = pos; | 100 unsigned start = pos; |
101 unsigned len = str.length(); | 101 unsigned len = str.length(); |
102 while (pos < len) { | 102 while (pos < len) { |
103 if (str[pos] == ' ' || str[pos] == '\t' || str[pos] == ';') | 103 if (str[pos] == ' ' || str[pos] == '\t' || str[pos] == ';') |
104 break; | 104 break; |
105 ++pos; | 105 ++pos; |
106 } | 106 } |
107 return pos != start; | 107 return pos != start; |
108 } | 108 } |
109 | 109 |
110 bool isValidHTTPHeaderValue(const String& name) | 110 // See RFC 7230, Section 3.2.3. |
111 bool isValidHTTPHeaderValue(const String& value) | |
111 { | 112 { |
112 // FIXME: This should really match name against | 113 UChar c = value[0]; |
tkent
2015/03/19 23:04:08
Looks this has an out-of-bound access issue
nit:
shiva.jm
2015/03/20 06:23:52
These looks ok, if we just have value.length(), it
| |
113 // field-value in section 4.2 of RFC 2616. | 114 if (c == ' ' || c == '\t') |
115 return false; | |
114 | 116 |
115 return name.containsOnlyLatin1() && !name.contains('\r') && !name.contains(' \n') && !name.contains(static_cast<UChar>('\0')); | 117 c = value[value.length() - 1]; |
tkent
2015/03/19 23:04:08
c -> char lastCharacter
| |
118 if (c == ' ' || c == '\t') | |
119 return false; | |
120 | |
121 for (unsigned i = 0; i < value.length(); ++i) { | |
122 c = value[i]; | |
123 if (c == 0x7F || c > 0xFF || (c < 0x20 && c != '\t')) | |
124 return false; | |
tkent
2015/03/19 23:04:08
wrong indentation
shiva.jm
2015/03/20 06:23:52
Done.
| |
125 } | |
126 | |
127 return true; | |
116 } | 128 } |
117 | 129 |
118 // See RFC 2616, Section 2.2. | 130 // See RFC 7230, Section 3.2.6. |
119 bool isValidHTTPToken(const String& characters) | 131 bool isValidHTTPToken(const String& value) |
120 { | 132 { |
121 if (characters.isEmpty()) | 133 if (value.isEmpty()) |
122 return false; | 134 return false; |
123 for (unsigned i = 0; i < characters.length(); ++i) { | 135 for (unsigned i = 0; i < value.length(); ++i) { |
124 UChar c = characters[i]; | 136 UChar c = value[i]; |
125 if (c <= 0x20 || c >= 0x7F | 137 if (c <= 0x20 || c >= 0x7F |
126 || c == '(' || c == ')' || c == '<' || c == '>' || c == '@' | 138 || c == '(' || c == ')' || c == '<' || c == '>' || c == '@' |
127 || c == ',' || c == ';' || c == ':' || c == '\\' || c == '"' | 139 || c == ',' || c == ';' || c == ':' || c == '\\' || c == '"' |
128 || c == '/' || c == '[' || c == ']' || c == '?' || c == '=' | 140 || c == '/' || c == '[' || c == ']' || c == '?' || c == '=' |
129 || c == '{' || c == '}') | 141 || c == '{' || c == '}') |
130 return false; | 142 return false; |
131 } | 143 } |
132 return true; | 144 return true; |
133 } | 145 } |
134 | 146 |
(...skipping 723 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
858 | 870 |
859 void parseCommaDelimitedHeader(const String& headerValue, CommaDelimitedHeaderSe t& headerSet) | 871 void parseCommaDelimitedHeader(const String& headerValue, CommaDelimitedHeaderSe t& headerSet) |
860 { | 872 { |
861 Vector<String> results; | 873 Vector<String> results; |
862 headerValue.split(",", results); | 874 headerValue.split(",", results); |
863 for (auto& value : results) | 875 for (auto& value : results) |
864 headerSet.add(value.stripWhiteSpace(isWhitespace)); | 876 headerSet.add(value.stripWhiteSpace(isWhitespace)); |
865 } | 877 } |
866 | 878 |
867 } | 879 } |
OLD | NEW |