Auto merge of #6694 - jdm:websocketprotocol, r=Ms2ger

Reject websocket protocol requests that don't match https://tools.iet…

…f.org/html/rfc6455#section-4.1 .

<!-- Reviewable:start -->
[<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/6694)
<!-- Reviewable:end -->

3 files changed, 31 insertions, 4 deletions

diff --git a/components/script/dom/webidls/WebSocket.webidl b/components/script/dom/webidls/WebSocket.webidl
index 3fd2fcd403d..b29cf6ba4ed 100644
--- a/components/script/dom/webidls/WebSocket.webidl
+++ b/components/script/dom/webidls/WebSocket.webidl
@@ -4,7 +4,7 @@
 
 enum BinaryType { "blob", "arraybuffer" };
 
-[Constructor(DOMString url)]
+[Constructor(DOMString url, optional /*(*/DOMString /*or DOMString[])*/ protocols)]
 interface WebSocket : EventTarget {
     readonly attribute DOMString url;
     //ready state
diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs
index bd90a36680a..6b97352f65b 100644
--- a/components/script/dom/websocket.rs
+++ b/components/script/dom/websocket.rs
@@ -96,11 +96,34 @@ impl WebSocket {
 
     }
 
-    pub fn new(global: GlobalRef, url: DOMString) -> Fallible<Root<WebSocket>> {
+    pub fn new(global: GlobalRef,
+               url: DOMString,
+               protocols: Option<DOMString>)
+               -> Fallible<Root<WebSocket>> {
         // Step 1.
         let parsed_url = try!(Url::parse(&url).map_err(|_| Error::Syntax));
         let url = try!(parse_url(&parsed_url).map_err(|_| Error::Syntax));
 
+        // Step 4.
+        let protocols = protocols.as_slice();
+
+        // Step 5.
+        for (i, protocol) in protocols.iter().enumerate() {
+            // https://tools.ietf.org/html/rfc6455#section-4.1
+            // Handshake requirements, step 10
+            if protocol.is_empty() {
+                return Err(Syntax);
+            }
+
+            if protocols[i+1..].iter().any(|p| p == protocol) {
+                return Err(Syntax);
+            }
+
+            if protocol.chars().any(|c| c < '\u{0021}' || c > '\u{007E}') {
+                return Err(Syntax);
+            }
+        }
+
         /*TODO: This constructor is only a prototype, it does not accomplish the specs
           defined here:
           http://html.spec.whatwg.org
@@ -150,8 +173,11 @@ impl WebSocket {
         Ok(ws)
     }
 
-    pub fn Constructor(global: GlobalRef, url: DOMString) -> Fallible<Root<WebSocket>> {
-        WebSocket::new(global, url)
+    pub fn Constructor(global: GlobalRef,
+                       url: DOMString,
+                       protocols: Option<DOMString>)
+                       -> Fallible<Root<WebSocket>> {
+        WebSocket::new(global, url, protocols)
     }
 }
 
diff --git a/components/script/lib.rs b/components/script/lib.rs
index c57c0de7998..2712aaca88e 100644
--- a/components/script/lib.rs
+++ b/components/script/lib.rs
@@ -4,6 +4,7 @@
 
 #![feature(append)]
 #![feature(arc_unique)]
+#![feature(as_slice)]
 #![feature(as_unsafe_cell)]
 #![feature(borrow_state)]
 #![feature(box_raw)]