Auto merge of #6694 - jdm:websocketprotocol, r=Ms2ger

Reject websocket protocol requests that don't match https://tools.iet… …f.org/html/rfc6455#section-4.1 .  [<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/6694)
2025-08-04 05:00:08 +01:00 · 2015-07-22 09:44:34 -06:00 · 2015-07-22 09:44:34 -06:00 · 6b4f1a42f0
commit 6b4f1a42f0
parent 8a6681ba70 d385cb701b
8 changed files with 31 additions and 509 deletions
--- a/components/script/dom/webidls/WebSocket.webidl
+++ b/components/script/dom/webidls/WebSocket.webidl
@ -4,7 +4,7 @@

 enum BinaryType { "blob", "arraybuffer" };

-[Constructor(DOMString url)]
+[Constructor(DOMString url, optional /*(*/DOMString /*or DOMString[])*/ protocols)]
 interface WebSocket : EventTarget {
    readonly attribute DOMString url;
    //ready state
--- a/components/script/dom/websocket.rs
+++ b/components/script/dom/websocket.rs
@ -96,11 +96,34 @@ impl WebSocket {

    }

-    pub fn new(global: GlobalRef, url: DOMString) -> Fallible<Root<WebSocket>> {
+    pub fn new(global: GlobalRef,
+               url: DOMString,
+               protocols: Option<DOMString>)
+               -> Fallible<Root<WebSocket>> {
        // Step 1.
        let parsed_url = try!(Url::parse(&url).map_err(|_| Error::Syntax));
        let url = try!(parse_url(&parsed_url).map_err(|_| Error::Syntax));

+        // Step 4.
+        let protocols = protocols.as_slice();
+
+        // Step 5.
+        for (i, protocol) in protocols.iter().enumerate() {
+            // https://tools.ietf.org/html/rfc6455#section-4.1
+            // Handshake requirements, step 10
+            if protocol.is_empty() {
+                return Err(Syntax);
+            }
+
+            if protocols[i+1..].iter().any(|p| p == protocol) {
+                return Err(Syntax);
+            }
+
+            if protocol.chars().any(|c| c < '\u{0021}' || c > '\u{007E}') {
+                return Err(Syntax);
+            }
+        }
+
        /*TODO: This constructor is only a prototype, it does not accomplish the specs
          defined here:
          http://html.spec.whatwg.org
@ -150,8 +173,11 @@ impl WebSocket {
        Ok(ws)
    }

-    pub fn Constructor(global: GlobalRef, url: DOMString) -> Fallible<Root<WebSocket>> {
-        WebSocket::new(global, url)
+    pub fn Constructor(global: GlobalRef,
+                       url: DOMString,
+                       protocols: Option<DOMString>)
+                       -> Fallible<Root<WebSocket>> {
+        WebSocket::new(global, url, protocols)
    }
 }

--- a/components/script/lib.rs
+++ b/components/script/lib.rs
@ -4,6 +4,7 @@

 #![feature(append)]
 #![feature(arc_unique)]
+#![feature(as_slice)]
 #![feature(as_unsafe_cell)]
 #![feature(borrow_state)]
 #![feature(box_raw)]