diff options
author | Benno Fünfstück <benno.fuenfstueck@gmail.com> | 2017-10-16 15:36:32 +0200 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2017-12-12 12:30:12 -0200 |
commit | b961d9fd83c963657c2305ed13ff447573eac852 (patch) | |
tree | 2bc5cb7212f20bd15a41d5638aa366fa47781321 /test/parallel/test-http-client-invalid-path.js | |
parent | ac25cee2e22ac4c64e4a92b33fe3784648b97072 (diff) | |
download | android-node-v8-b961d9fd83c963657c2305ed13ff447573eac852.tar.gz android-node-v8-b961d9fd83c963657c2305ed13ff447573eac852.tar.bz2 android-node-v8-b961d9fd83c963657c2305ed13ff447573eac852.zip |
http: disallow two-byte characters in URL path
This commit changes node's handling of two-byte characters in
the path component of an http URL. Previously, node would just
strip the higher byte when generating the request. So this code:
```
http.request({host: "example.com", port: "80", "/N"})
```
would request `http://example.com/.`
(`.` is the character for the byte `0x2e`).
This is not useful and can in some cases lead to filter evasion.
With this change, the code generates `ERR_UNESCAPED_CHARACTERS`,
just like space and control characters already did.
PR-URL: https://github.com/nodejs/node/pull/16237
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Diffstat (limited to 'test/parallel/test-http-client-invalid-path.js')
-rw-r--r-- | test/parallel/test-http-client-invalid-path.js | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/parallel/test-http-client-invalid-path.js b/test/parallel/test-http-client-invalid-path.js new file mode 100644 index 0000000000..c042d61eda --- /dev/null +++ b/test/parallel/test-http-client-invalid-path.js @@ -0,0 +1,12 @@ +'use strict'; +const common = require('../common'); +const http = require('http'); + +common.expectsError(() => { + http.request({ + path: '/thisisinvalid\uffe2' + }).end(); +}, { + code: 'ERR_UNESCAPED_CHARACTERS', + type: TypeError +}); |