Validate headers when added to HttpHeaders.

sdk/lib/io/http_headers.dart

Index: sdk/lib/io/http_headers.dart
diff --git a/sdk/lib/io/http_headers.dart b/sdk/lib/io/http_headers.dart
index 5e94813f8a44f7d4857cec592341f135dbcf5a89..ba889fff0e7197e88633d418a809964613759d92 100644
--- a/sdk/lib/io/http_headers.dart
+++ b/sdk/lib/io/http_headers.dart
@@ -42,27 +42,28 @@ class _HttpHeaders implements HttpHeaders {
 
   void add(String name, value) {
     _checkMutable();
-    _addAll(name.toLowerCase(), value);
+    _addAll(_validateField(name), value);
   }
 
   void _addAll(String name, value) {

[Søren Gjesse, 2014/07/04 09:24:54]

Add

assert(name == _validateField(name));

here as well.

[Anders Johnsen, 2014/07/04 11:03:49]

Done.

     if (value is List) {

[Søren Gjesse, 2014/07/04 09:24:54]

Btw. shouldn't this be just Iterable?

[Anders Johnsen, 2014/07/04 11:03:49]

Yeah.

-      value.forEach((v) => _add(name, v));
+      value.forEach((v) => _add(name, _validateValue(v)));
     } else {
-      _add(name, value);
+      _add(name, _validateValue(value));
     }
   }
 
   void set(String name, Object value) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
     _headers.remove(name);
     _addAll(name, value);
   }
 
   void remove(String name, Object value) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
+    value = _validateValue(value);
     List<String> values = _headers[name];
     if (values != null) {
       int index = values.indexOf(value);
@@ -75,7 +76,7 @@ class _HttpHeaders implements HttpHeaders {
 
   void removeAll(String name) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
     _headers.remove(name);
   }
 
@@ -250,7 +251,7 @@ class _HttpHeaders implements HttpHeaders {
 
   // [name] must be a lower-case version of the name.
   void _add(String name, value) {
-    assert(name == name.toLowerCase());
+    assert(name == _validateField(name));
     // Use the length as index on what method to call. This is notable
     // faster than computing hash and looking up in a hash-map.
     switch (name.length) {
@@ -399,13 +400,15 @@ class _HttpHeaders implements HttpHeaders {
     }
     if (value is DateTime) {
       values.add(HttpDate.format(value));
+    } else if (value is String) {
+      values.add(value);
     } else {
-      values.add(value.toString());
+      values.add(_validateValue(value.toString()));
     }
   }
 
   void _set(String name, String value) {
-    assert(name == name.toLowerCase());
+    assert(name == _validateField(name));
     List<String> values = new List<String>();
     _headers[name] = values;
     values.add(value);
@@ -562,6 +565,27 @@ class _HttpHeaders implements HttpHeaders {
     }
     return cookies;
   }
+
+  static String _validateField(String field) {
+    for (var i = 0; i < field.length; i++) {
+      if (!_HttpParser._isTokenChar(field.codeUnitAt(i))) {
+        throw new FormatException(
+            "Invalid HTTP header field: ${JSON.encode(field)}");

[Søren Gjesse, 2014/07/04 09:24:54]

Lets be precise: field -> field name

[Anders Johnsen, 2014/07/04 11:03:49]

Done.

+      }
+    }
+    return field.toLowerCase();
+  }
+
+  static _validateValue(value) {
+    if (value is! String) return value;
+    for (var i = 0; i < value.length; i++) {
+      if (!_HttpParser._isValueChar(value.codeUnitAt(i))) {
+        throw new FormatException(
+            "Invalid HTTP header value: ${JSON.encode(value)}");

[Søren Gjesse, 2014/07/04 09:24:54]

value -> field value

[Anders Johnsen, 2014/07/04 11:03:50]

Done.

+      }
+    }
+    return value;
+  }
 }