Commit 699d285b authored by Harris Hancock's avatar Harris Hancock

Fix hostname validation bug in relative URL parser

The relative URL parser allowed certain hosts which the absolute parser correctly weeded out. This change copies two lines from the absolute parser over to the relative parser.
parent 542e75c2
...@@ -371,5 +371,10 @@ KJ_TEST("parse relative URL") { ...@@ -371,5 +371,10 @@ KJ_TEST("parse relative URL") {
"https://capnproto.org/http%3A/grault"); "https://capnproto.org/http%3A/grault");
} }
KJ_TEST("parse relative URL failure") {
auto base = Url::parse("https://example.com/");
KJ_EXPECT(base.tryParseRelative("https://[not a host]") == nullptr);
}
} // namespace } // namespace
} // namespace kj } // namespace kj
...@@ -279,6 +279,8 @@ Maybe<Url> Url::tryParseRelative(StringPtr text) const { ...@@ -279,6 +279,8 @@ Maybe<Url> Url::tryParseRelative(StringPtr text) const {
} }
result.host = percentDecode(authority, err); result.host = percentDecode(authority, err);
if (!HOST_CHARS.containsAll(result.host)) return nullptr;
toLower(result.host);
} else { } else {
// copy authority // copy authority
result.host = kj::str(this->host); result.host = kj::str(this->host);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment