1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-25 00:29:09 -05:00

fix(ext/fetch): fix illegal header regex (#16236)

This PR fixes invalid header parsing which is flaky because `g` flag is
being used in the regex, which keeps track of `lastIndex`

```javascript
try {
  new Headers([["x", "\u0000x"]]);  // error
} catch(e) {}
new Headers([["x", "\u0000x"]]); // no error
```

This issue affects `Response` & `Request` constructors as well
This commit is contained in:
Marcos Casagrande 2022-10-10 18:06:50 +02:00 committed by GitHub
parent 70ad6717df
commit 0cd05d7377
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 2 deletions

View file

@ -1,5 +1,5 @@
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
import { assert, assertEquals } from "./test_util.ts"; import { assert, assertEquals, assertThrows } from "./test_util.ts";
const { const {
inspectArgs, inspectArgs,
// @ts-expect-error TypeScript (as of 3.7) does not support indexing namespaces by symbol // @ts-expect-error TypeScript (as of 3.7) does not support indexing namespaces by symbol
@ -386,3 +386,16 @@ Deno.test(function customInspectReturnsCorrectHeadersFormat() {
`Headers { "content-length": "1337", "content-type": "application/json" }`, `Headers { "content-length": "1337", "content-type": "application/json" }`,
); );
}); });
Deno.test(function invalidHeadersFlaky() {
assertThrows(
() => new Headers([["x", "\u0000x"]]),
TypeError,
"Header value is not valid.",
);
assertThrows(
() => new Headers([["x", "\u0000x"]]),
TypeError,
"Header value is not valid.",
);
});

View file

@ -88,7 +88,7 @@
// Regex matching illegal chars in a header value // Regex matching illegal chars in a header value
// deno-lint-ignore no-control-regex // deno-lint-ignore no-control-regex
const ILLEGAL_VALUE_CHARS = /[\x00\x0A\x0D]/g; const ILLEGAL_VALUE_CHARS = /[\x00\x0A\x0D]/;
/** /**
* https://fetch.spec.whatwg.org/#concept-headers-append * https://fetch.spec.whatwg.org/#concept-headers-append