Make XMLHttpRequest.open() throw for invalid URLs

third_party/WebKit/LayoutTests/fast/xmlhttprequest/invalid-method.html

Index: third_party/WebKit/LayoutTests/fast/xmlhttprequest/invalid-method.html
diff --git a/third_party/WebKit/LayoutTests/fast/xmlhttprequest/invalid-method.html b/third_party/WebKit/LayoutTests/fast/xmlhttprequest/invalid-method.html
new file mode 100644
index 0000000000000000000000000000000000000000..885a533433859374dea178c84ef8531d527e0d14
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/xmlhttprequest/invalid-method.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<script>
+test(() => {
+  const NON_TOKEN_METHODS = [
+    '',
+    'test\r\nfoobar',
+    ' ',
+    'A A',
+    '"',
+    '(',
+    ')',
+    ',',
+    '/',
+    ':',
+    ';',
+    '<',
+    '=',
+    '>',
+    '?',
+    '@',
+    '[',
+    '\\',
+    ']',
+    '{',
+    '}'
+  ];
+
+  for (let method of NON_TOKEN_METHODS) {
+    const xhr = new XMLHttpRequest();
+    assert_throws('SyntaxError', () => {
+      xhr.open(method, '/');
+    }, 'open() should throw for a SyntaxError for method "' + method +
+        '" which does not conform to the token ABNF');
+  }
+}, 'Method strings that are not token');
+
+test(() => {
+  const FORBIDDEN_METHODS = [
+    'CONNECT',
+    'connect',
+    'Connect',
+    'TRACE',
+    'TRACK'
+  ];
+
+  for (let method of FORBIDDEN_METHODS) {
+    const xhr = new XMLHttpRequest();
+    assert_throws('SecurityError', () => {
+      xhr.open(method, '/');
+    }, 'open() should throw a SecurityError for a forbidden method "' + method + '"');
+  }
+}, 'Forbidden methods');
+</script>