Changeset 11910 in project


Ignore:
Timestamp:
09/06/08 16:36:45 (13 years ago)
Author:
sjamaan
Message:

Add error message in case of token with embedded newline

Location:
release/4/intarweb/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • release/4/intarweb/trunk/header-parsers.scm

    r11909 r11910  
    321321                                 (char-set-adjoin must-be-quoted-chars #\, #\; #\=)
    322322                                 char-set:blank))
     323         (error-chars (char-set #\newline))
    323324         (smap (map (lambda (c)
    324325                      (cons (string c)
     
    326327                    (char-set->list must-be-quoted-chars))))
    327328   (lambda (token)
    328      (if (string-any trigger-quoting-chars token)
    329          (string-append "\"" (string-translate* token smap) "\"")
    330          token))))
     329     (cond
     330      ((string-any error-chars token)
     331       (signal-http-condition "Unencoded newline in header contents! Please encode the newline in a way appropriate for this header"
     332                              'unencoded-header 'value token))
     333      ((string-any trigger-quoting-chars token)
     334       (string-append "\"" (string-translate* token smap) "\""))
     335      (else token)))))
    331336
    332337;; There's no need to make a specific header unparser for every header type.
  • release/4/intarweb/trunk/intarweb.scm

    r11908 r11910  
    6464   get-quality get-value get-params get-param
    6565   natnum-parser symbol-parser-ci symbol-parser
    66    default-header-unparser
     66   unparse-token default-header-unparser
    6767   )
    6868
  • release/4/intarweb/trunk/tests/run.scm

    r11909 r11910  
    302302          "Foo: \"bar \\\" qux\", mooh\r\n"
    303303          (test-unparse-headers `((foo "bar \" qux" "mooh"))))
    304     (test "Escaping control characters and CRLF"
     304    (test "Escaping control characters"
    305305          "Foo: \"bar\\\r\\\x01qux\"\r\n"
    306306          (test-unparse-headers `((foo "bar\r\x01qux"))))
     307    ;; Unfortunately, there are no or very few HTTP implementations
     308    ;; which understand that newlines can be escaped with a backslash
     309    ;; in a quoted string. That's why we don't allow it.
     310    ;; The user is expected to escape the newlines according to the type
     311    ;; of header (URLencoding, removing the newlines from cookies, etc)
     312    (test-error* "Embedded newlines throw an error"
     313                 (http unencoded-header)
     314                 (test-unparse-headers `((foo "bar\n\x01qux"))))
    307315    (test "Alist"
    308316          "Foo: bar=qux, mooh=mumble\r\n"
Note: See TracChangeset for help on using the changeset viewer.