mirror of
https://github.com/denoland/deno.git
synced 2024-11-22 15:06:54 -05:00
feat(std/http): Check if cookie property is valid (#7189)
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
This commit is contained in:
Yasser A.Idrissi
GitHub
parent
4e99d8fb6f
commit
f7afe2b78f
2 changed files with 49 additions and 1 deletions
|
|
@ -32,11 +32,14 @@ export interface Cookie {
|
|||
|
||||
export type SameSite = "Strict" | "Lax" | "None";
|
||||
|
||||
const FIELD_CONTENT_REGEXP = /^(?=[\x20-\x7E]*$)[^()@<>,;:\\"\[\]?={}\s]+$/;
|
||||
|
||||
function toString(cookie: Cookie): string {
|
||||
if (!cookie.name) {
|
||||
return "";
|
||||
}
|
||||
const out: string[] = [];
|
||||
validateCookieName(cookie.name);
|
||||
out.push(`${cookie.name}=${cookie.value}`);
|
||||
|
||||
// Fallback for invalid Set-Cookie
|
||||
|
|
@ -79,6 +82,17 @@ function toString(cookie: Cookie): string {
|
|||
return out.join("; ");
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate Cookie property.
|
||||
* @param key Name of the cookie.
|
||||
* @param value Value of the cookie.
|
||||
*/
|
||||
function validateCookieName(value: string | undefined | null): void {
|
||||
if (value && !FIELD_CONTENT_REGEXP.test(value)) {
|
||||
throw new TypeError(`Invalid cookie name: "${value}".`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse the cookies of the Server Request
|
||||
* @param req An object which has a `headers` property
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
// Copyright 2018-2020 the Deno authors. All rights reserved. MIT license.
|
||||
import { Response, ServerRequest } from "./server.ts";
|
||||
import { deleteCookie, getCookies, setCookie } from "./cookie.ts";
|
||||
import { assert, assertEquals } from "../testing/asserts.ts";
|
||||
import { assert, assertEquals, assertThrows } from "../testing/asserts.ts";
|
||||
|
||||
Deno.test({
|
||||
name: "Cookie parser",
|
||||
|
|
@ -31,6 +31,40 @@ Deno.test({
|
|||
},
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: "Cookie Name Validation",
|
||||
fn(): void {
|
||||
const res: Response = {};
|
||||
const tokens = [
|
||||
'"id"',
|
||||
"id\t",
|
||||
"i\td",
|
||||
"i d",
|
||||
"i;d",
|
||||
"{id}",
|
||||
"[id]",
|
||||
'"',
|
||||
"id\u0091",
|
||||
];
|
||||
res.headers = new Headers();
|
||||
tokens.forEach((name) => {
|
||||
assertThrows(
|
||||
(): void => {
|
||||
setCookie(res, {
|
||||
name,
|
||||
value: "Cat",
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
maxAge: 3,
|
||||
});
|
||||
},
|
||||
Error,
|
||||
'Invalid cookie name: "' + name + '".',
|
||||
);
|
||||
});
|
||||
},
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: "Cookie Delete",
|
||||
fn(): void {
|
||||
|
|
|
|||
Loading…
Reference in a new issue