1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-26 16:09:27 -05:00

feat(std/http): Validate cookie path value (#8457)

This commit is contained in:
Yasser A.Idrissi 2020-11-22 15:34:31 +01:00 committed by GitHub
parent 14877f7fe2
commit 2c00f6c548
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 0 deletions

View file

@ -70,6 +70,7 @@ function toString(cookie: Cookie): string {
out.push(`SameSite=${cookie.sameSite}`);
}
if (cookie.path) {
validatePath(cookie.path);
out.push(`Path=${cookie.path}`);
}
if (cookie.expires) {
@ -92,6 +93,27 @@ function validateCookieName(name: string | undefined | null): void {
}
}
/**
* Validate Path Value.
* @see https://tools.ietf.org/html/rfc6265#section-4.1.2.4
* @param path Path value.
*/
function validatePath(path: string | null): void {
if (path == null) {
return;
}
for (let i = 0; i < path.length; i++) {
const c = path.charAt(i);
if (
c < String.fromCharCode(0x20) || c > String.fromCharCode(0x7E) || c == ";"
) {
throw new Error(
path + ": Invalid cookie path char '" + c + "'",
);
}
}
}
/**
* Parse the cookies of the Server Request
* @param req An object which has a `headers` property

View file

@ -65,6 +65,29 @@ Deno.test({
},
});
Deno.test({
name: "Cookie Path Validation",
fn(): void {
const res: Response = {};
const path = "/;domain=sub.domain.com";
res.headers = new Headers();
assertThrows(
(): void => {
setCookie(res, {
name: "Space",
value: "Cat",
httpOnly: true,
secure: true,
path,
maxAge: 3,
});
},
Error,
path + ": Invalid cookie path char ';'",
);
},
});
Deno.test({
name: "Cookie Delete",
fn(): void {