Google Git
Sign in
dart / sdk / a9ad427ea22ad81c9a06c4c35c04c1ab029c08df^! / .
commita9ad427ea22ad81c9a06c4c35c04c1ab029c08df[log] [tgz]
authorWilliam Hesse <whesse@google.com>Fri Aug 10 16:14:15 2018 +0000
committercommit-bot@chromium.org <commit-bot@chromium.org>Fri Aug 10 16:14:15 2018 +0000
tree7bf987e21be8c95a4ef2e35297978c9107447ec8
parentac973e5ba79963023c2bee09b130484827a2da59 [diff]
Validate cookie values wrapped in double-quotes

Servers sometimes send headers with cookie values that are encapsulated in double-quotes. Dart should validate values surrounded with double-quotes instead of throwing a FormatException.

This addresses Issue #33327 directly. I applied the solution to this problem that was [solved in Go's code base](https://github.com/golang/go/blob/master/src/net/http/cookie.go#L369).

Closes #33765
https://github.com/dart-lang/sdk/pull/33765

GitOrigin-RevId: 99672dd07d1f938b1bae063f2e9d99d4c141f684
Change-Id: Ie95a064611b1aa15aea93f5c8d801ecfc7d996c4
Reviewed-on: https://dart-review.googlesource.com/63920
Reviewed-by: Zach Anderson <zra@google.com>
Commit-Queue: Zach Anderson <zra@google.com>

diff --git a/sdk/lib/_http/http_headers.dart b/sdk/lib/_http/http_headers.dart
index bb607ba..ea5eaff 100644
--- a/sdk/lib/_http/http_headers.dart
+++ b/sdk/lib/_http/http_headers.dart

@@ -957,7 +957,7 @@
   }
 
   void _validate() {
-    const SEPERATORS = const [
+    const separators = const [
       "(",
       ")",
       "<",
@@ -980,11 +980,15 @@
       int codeUnit = name.codeUnits[i];
       if (codeUnit <= 32 ||
           codeUnit >= 127 ||
-          SEPERATORS.indexOf(name[i]) >= 0) {
+          separators.indexOf(name[i]) >= 0) {
         throw new FormatException(
             "Invalid character in cookie name, code unit: '$codeUnit'");
       }
     }
+
+    if (value[0] == '"' && value[value.length - 1] == '"') {
+      value = value.substring(1, value.length - 1);
+    }
     for (int i = 0; i < value.length; i++) {
       int codeUnit = value.codeUnits[i];
       if (!(codeUnit == 0x21 ||

diff --git a/tests/standalone_2/io/http_cookie_test.dart b/tests/standalone_2/io/http_cookie_test.dart
index 27ae218..50cad66 100644
--- a/tests/standalone_2/io/http_cookie_test.dart
+++ b/tests/standalone_2/io/http_cookie_test.dart

@@ -58,6 +58,16 @@
   });
 }
 
+void testValidateCookieWithDoubleQuotes() {
+  try {
+    Cookie cookie = Cookie('key', '"double-quoted-value"');
+  } catch (e) {
+    Expect.fail("Unexpected error $e.\n"
+        "Unable to parse cookie with value in double-quote characters.");
+  }
+}
+
 void main() {
   testCookies();
+  testValidateCookieWithDoubleQuotes();
 }