Validate headers when added to HttpHeaders.

sdk/lib/io/http_headers.dart

Index: sdk/lib/io/http_headers.dart
diff --git a/sdk/lib/io/http_headers.dart b/sdk/lib/io/http_headers.dart
index 5e94813f8a44f7d4857cec592341f135dbcf5a89..f621fff07fa1fc8e4246393737fc110480e49b4d 100644
--- a/sdk/lib/io/http_headers.dart
+++ b/sdk/lib/io/http_headers.dart
@@ -42,27 +42,31 @@ class _HttpHeaders implements HttpHeaders {
 
   void add(String name, value) {
     _checkMutable();
-    _addAll(name.toLowerCase(), value);
+    _addAll(_validateField(name), value);
   }
 
   void _addAll(String name, value) {
-    if (value is List) {
-      value.forEach((v) => _add(name, v));
+    assert(name == _validateField(name));
+    if (value is Iterable) {
+      for (var v in value) {
+        _add(name, _validateValue(v));
+      }
     } else {
-      _add(name, value);
+      _add(name, _validateValue(value));
     }
   }
 
   void set(String name, Object value) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
     _headers.remove(name);
     _addAll(name, value);
   }
 
   void remove(String name, Object value) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
+    value = _validateValue(value);
     List<String> values = _headers[name];
     if (values != null) {
       int index = values.indexOf(value);
@@ -75,7 +79,7 @@ class _HttpHeaders implements HttpHeaders {
 
   void removeAll(String name) {
     _checkMutable();
-    name = name.toLowerCase();
+    name = _validateField(name);
     _headers.remove(name);
   }
 
@@ -250,7 +254,7 @@ class _HttpHeaders implements HttpHeaders {
 
   // [name] must be a lower-case version of the name.
   void _add(String name, value) {
-    assert(name == name.toLowerCase());
+    assert(name == _validateField(name));
     // Use the length as index on what method to call. This is notable
     // faster than computing hash and looking up in a hash-map.
     switch (name.length) {
@@ -399,13 +403,15 @@ class _HttpHeaders implements HttpHeaders {
     }
     if (value is DateTime) {
       values.add(HttpDate.format(value));
+    } else if (value is String) {
+      values.add(value);
     } else {
-      values.add(value.toString());
+      values.add(_validateValue(value.toString()));
     }
   }
 
   void _set(String name, String value) {
-    assert(name == name.toLowerCase());
+    assert(name == _validateField(name));
     List<String> values = new List<String>();
     _headers[name] = values;
     values.add(value);
@@ -562,6 +568,27 @@ class _HttpHeaders implements HttpHeaders {
     }
     return cookies;
   }
+
+  static String _validateField(String field) {
+    for (var i = 0; i < field.length; i++) {
+      if (!_HttpParser._isTokenChar(field.codeUnitAt(i))) {
+        throw new FormatException(
+            "Invalid HTTP header field name: ${JSON.encode(field)}");
+      }
+    }
+    return field.toLowerCase();
+  }
+
+  static _validateValue(value) {
+    if (value is! String) return value;
+    for (var i = 0; i < value.length; i++) {
+      if (!_HttpParser._isValueChar(value.codeUnitAt(i))) {
+        throw new FormatException(
+            "Invalid HTTP header field value: ${JSON.encode(value)}");
+      }
+    }
+    return value;
+  }
 }