From d385cb701b852684ea3ecfda104ac3711669a651 Mon Sep 17 00:00:00 2001 From: Josh Matthews Date: Tue, 21 Jul 2015 20:11:57 -0400 Subject: Reject websocket protocol requests that don't match https://tools.ietf.org/html/rfc6455#section-4.1 . --- components/script/dom/websocket.rs | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) (limited to 'components/script/dom/websocket.rs') diff --git a/components/script/dom/websocket.rs b/components/script/dom/websocket.rs index bd90a36680a..6b97352f65b 100644 --- a/components/script/dom/websocket.rs +++ b/components/script/dom/websocket.rs @@ -96,11 +96,34 @@ impl WebSocket { } - pub fn new(global: GlobalRef, url: DOMString) -> Fallible> { + pub fn new(global: GlobalRef, + url: DOMString, + protocols: Option) + -> Fallible> { // Step 1. let parsed_url = try!(Url::parse(&url).map_err(|_| Error::Syntax)); let url = try!(parse_url(&parsed_url).map_err(|_| Error::Syntax)); + // Step 4. + let protocols = protocols.as_slice(); + + // Step 5. + for (i, protocol) in protocols.iter().enumerate() { + // https://tools.ietf.org/html/rfc6455#section-4.1 + // Handshake requirements, step 10 + if protocol.is_empty() { + return Err(Syntax); + } + + if protocols[i+1..].iter().any(|p| p == protocol) { + return Err(Syntax); + } + + if protocol.chars().any(|c| c < '\u{0021}' || c > '\u{007E}') { + return Err(Syntax); + } + } + /*TODO: This constructor is only a prototype, it does not accomplish the specs defined here: http://html.spec.whatwg.org @@ -150,8 +173,11 @@ impl WebSocket { Ok(ws) } - pub fn Constructor(global: GlobalRef, url: DOMString) -> Fallible> { - WebSocket::new(global, url) + pub fn Constructor(global: GlobalRef, + url: DOMString, + protocols: Option) + -> Fallible> { + WebSocket::new(global, url, protocols) } } -- cgit v1.2.3