Validate cookie values wrapped in double-quotes
Servers sometimes send headers with cookie values that are encapsulated in double-quotes. Dart should validate values surrounded with double-quotes instead of throwing a FormatException.
This addresses Issue #33327 directly. I applied the solution to this problem that was [solved in Go's code base](https://github.com/golang/go/blob/master/src/net/http/cookie.go#L369).
Closes #33765
https://github.com/dart-lang/sdk/pull/33765
GitOrigin-RevId: 99672dd07d1f938b1bae063f2e9d99d4c141f684
Change-Id: Ie95a064611b1aa15aea93f5c8d801ecfc7d996c4
Reviewed-on: https://dart-review.googlesource.com/63920
Reviewed-by: Zach Anderson <zra@google.com>
Commit-Queue: Zach Anderson <zra@google.com>
diff --git a/sdk/lib/_http/http_headers.dart b/sdk/lib/_http/http_headers.dart
index bb607ba..ea5eaff 100644
--- a/sdk/lib/_http/http_headers.dart
+++ b/sdk/lib/_http/http_headers.dart
@@ -957,7 +957,7 @@
}
void _validate() {
- const SEPERATORS = const [
+ const separators = const [
"(",
")",
"<",
@@ -980,11 +980,15 @@
int codeUnit = name.codeUnits[i];
if (codeUnit <= 32 ||
codeUnit >= 127 ||
- SEPERATORS.indexOf(name[i]) >= 0) {
+ separators.indexOf(name[i]) >= 0) {
throw new FormatException(
"Invalid character in cookie name, code unit: '$codeUnit'");
}
}
+
+ if (value[0] == '"' && value[value.length - 1] == '"') {
+ value = value.substring(1, value.length - 1);
+ }
for (int i = 0; i < value.length; i++) {
int codeUnit = value.codeUnits[i];
if (!(codeUnit == 0x21 ||
diff --git a/tests/standalone_2/io/http_cookie_test.dart b/tests/standalone_2/io/http_cookie_test.dart
index 27ae218..50cad66 100644
--- a/tests/standalone_2/io/http_cookie_test.dart
+++ b/tests/standalone_2/io/http_cookie_test.dart
@@ -58,6 +58,16 @@
});
}
+void testValidateCookieWithDoubleQuotes() {
+ try {
+ Cookie cookie = Cookie('key', '"double-quoted-value"');
+ } catch (e) {
+ Expect.fail("Unexpected error $e.\n"
+ "Unable to parse cookie with value in double-quote characters.");
+ }
+}
+
void main() {
testCookies();
+ testValidateCookieWithDoubleQuotes();
}