tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

setrequestheader-bogus-name.htm (2600B)

      1 <!doctype html>
      2 <html>
      3  <head>
      4    <title>XMLHttpRequest: setRequestHeader() name argument checks</title>
      5    <meta charset="utf-8">
      6    <script src="/resources/testharness.js"></script>
      7    <script src="/resources/testharnessreport.js"></script>
      8    <link rel="help" href="https://xhr.spec.whatwg.org/#the-setrequestheader()-method" data-tested-assertations="/following::ol/li[3]" />
      9  </head>
     10  <body>
     11    <div id="log"></div>
     12 <!--
     13       CHAR           = <any US-ASCII character (octets 0 - 127)>
     14       CTL            = <any US-ASCII control character
     15                        (octets 0 - 31) and DEL (127)>
     16       SP             = <US-ASCII SP, space (32)>
     17       HT             = <US-ASCII HT, horizontal-tab (9)>
     18       token          = 1*<any CHAR except CTLs or separators>
     19       separators     = "(" | ")" | "<" | ">" | "@"
     20                      | "," | ";" | ":" | "\" | <">
     21                      | "/" | "[" | "]" | "?" | "="
     22                      | "{" | "}" | SP | HT
     23       field-name     = token
     24 -->
     25    <script>
     26      function try_name(name) {
     27        test(function() {
     28          var client = new XMLHttpRequest()
     29          client.open("GET", "...")
     30          assert_throws_dom("SyntaxError", function() { client.setRequestHeader(name, 'x-value') })
     31        }, "setRequestHeader should throw with header name " + format_value(invalid_headers[i]) + ".")
     32      }
     33      function try_byte_string(name) {
     34        test(function() {
     35          var client = new XMLHttpRequest()
     36          client.open("GET", "...")
     37          assert_throws_js(TypeError, function() { client.setRequestHeader(name, 'x-value') })
     38        }, "setRequestHeader should throw with header name " + format_value(invalid_byte_strings[i]) + ".")
     39      }
     40      var invalid_headers = ["(", ")", "<", ">", "@", ",", ";", ":", "\\",
     41                             "\"", "/", "[", "]", "?", "=", "{", "}", " ",
     42                             /* HT already tested in the loop below */
     43                             "\u007f", "", "t\rt", "t\nt", "t: t", "t:t",
     44                             "t<t", "t t", " tt", ":tt", "\ttt", "\vtt", "t\0t",
     45                             "t\"t", "t,t", "t;t", "()[]{}", "a?B", "a=B"]
     46      var invalid_byte_strings = ["テスト", "X-テスト"]
     47      for (var i = 0; i < 32; ++i) {
     48        invalid_headers.push(String.fromCharCode(i))
     49      }
     50      for (var i = 0; i < invalid_headers.length; ++i) {
     51        try_name(invalid_headers[i])
     52      }
     53      for (var i = 0; i < invalid_byte_strings.length; ++i) {
     54        try_byte_string(invalid_byte_strings[i])
     55      }
     56 
     57    </script>
     58  </body>
     59 </html>