Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

bump to 2.3.1 and fix & handling in mochiweb_html

  • Loading branch information...
commit d163f12caa60f6bf61a8b3392091dc3c2781c53e 1 parent af4cb95
@etrepum etrepum authored
Showing with 29 additions and 11 deletions.
  1. +1 −0  CHANGES.md
  2. +1 −1  src/mochiweb.app.src
  3. +27 −10 src/mochiweb_html.erl
View
1  CHANGES.md
@@ -1,5 +1,6 @@
Version 2.3.1 released XXXX-XX-XX
+* Fix mochiweb_html handling of invalid charref sequences (unescaped &) (#69).
* Add a manual garbage collection between requests to avoid worst case behavior
on keep-alive sockets.
View
2  src/mochiweb.app.src
@@ -1,7 +1,7 @@
%% This is generated from src/mochiweb.app.src
{application, mochiweb,
[{description, "MochiMedia Web Server"},
- {vsn, "2.3.0"},
+ {vsn, "2.3.1"},
{modules, []},
{registered, []},
{env, []},
View
37 src/mochiweb_html.erl
@@ -603,30 +603,29 @@ find_gt(Bin, S=#decoder{offset=O}, HasSlash) ->
end.
tokenize_charref(Bin, S=#decoder{offset=O}) ->
- tokenize_charref(Bin, S, O).
+ try
+ tokenize_charref(Bin, S, O)
+ catch
+ throw:invalid_charref ->
+ {{data, <<"&">>, false}, S}
+ end.
tokenize_charref(Bin, S=#decoder{offset=O}, Start) ->
case Bin of
<<_:O/binary>> ->
- <<_:Start/binary, Raw/binary>> = Bin,
- {{data, Raw, false}, S};
+ throw(invalid_charref);
<<_:O/binary, C, _/binary>> when ?IS_WHITESPACE(C)
orelse C =:= ?SQUOTE
orelse C =:= ?QUOTE
orelse C =:= $/
orelse C =:= $> ->
- Len = O - Start,
- <<_:Start/binary, Raw:Len/binary, _/binary>> = Bin,
- {{data, Raw, false}, S};
+ throw(invalid_charref);
<<_:O/binary, $;, _/binary>> ->
Len = O - Start,
<<_:Start/binary, Raw:Len/binary, _/binary>> = Bin,
Data = case mochiweb_charref:charref(Raw) of
undefined ->
- Start1 = Start - 1,
- Len1 = Len + 2,
- <<_:Start1/binary, R:Len1/binary, _/binary>> = Bin,
- R;
+ throw(invalid_charref);
Unichar when is_integer(Unichar) ->
mochiutf8:codepoint_to_bytes(Unichar);
Unichars when is_list(Unichars) ->
@@ -1263,4 +1262,22 @@ parse_funny_singletons_test() ->
mochiweb_html:parse(D0)),
ok.
+parse_amp_test_() ->
+ [?_assertEqual(
+ {<<"html">>,[],
+ [{<<"body">>,[{<<"onload">>,<<"javascript:A('1&2')">>}],[]}]},
+ mochiweb_html:parse("<html><body onload=\"javascript:A('1&2')\"></body></html>")),
+ ?_assertEqual(
+ {<<"html">>,[],
+ [{<<"body">>,[{<<"onload">>,<<"javascript:A('1& 2')">>}],[]}]},
+ mochiweb_html:parse("<html><body onload=\"javascript:A('1& 2')\"></body></html>")),
+ ?_assertEqual(
+ {<<"html">>,[],
+ [{<<"body">>,[],[<<"& ">>]}]},
+ mochiweb_html:parse("<html><body>& </body></html>")),
+ ?_assertEqual(
+ {<<"html">>,[],
+ [{<<"body">>,[],[<<"&">>]}]},
+ mochiweb_html:parse("<html><body>&</body></html>"))].
+
-endif.
Please sign in to comment.
Something went wrong with that request. Please try again.