Skip to content
This repository
Browse code

bump to 2.3.1 and fix & handling in mochiweb_html

  • Loading branch information...
commit d163f12caa60f6bf61a8b3392091dc3c2781c53e 1 parent af4cb95
Bob Ippolito etrepum authored

Showing 3 changed files with 29 additions and 11 deletions. Show diff stats Hide diff stats

  1. +1 0  CHANGES.md
  2. +1 1  src/mochiweb.app.src
  3. +27 10 src/mochiweb_html.erl
1  CHANGES.md
Source Rendered
... ... @@ -1,5 +1,6 @@
1 1 Version 2.3.1 released XXXX-XX-XX
2 2
  3 +* Fix mochiweb_html handling of invalid charref sequences (unescaped &) (#69).
3 4 * Add a manual garbage collection between requests to avoid worst case behavior
4 5 on keep-alive sockets.
5 6
2  src/mochiweb.app.src
... ... @@ -1,7 +1,7 @@
1 1 %% This is generated from src/mochiweb.app.src
2 2 {application, mochiweb,
3 3 [{description, "MochiMedia Web Server"},
4   - {vsn, "2.3.0"},
  4 + {vsn, "2.3.1"},
5 5 {modules, []},
6 6 {registered, []},
7 7 {env, []},
37 src/mochiweb_html.erl
@@ -603,30 +603,29 @@ find_gt(Bin, S=#decoder{offset=O}, HasSlash) ->
603 603 end.
604 604
605 605 tokenize_charref(Bin, S=#decoder{offset=O}) ->
606   - tokenize_charref(Bin, S, O).
  606 + try
  607 + tokenize_charref(Bin, S, O)
  608 + catch
  609 + throw:invalid_charref ->
  610 + {{data, <<"&">>, false}, S}
  611 + end.
607 612
608 613 tokenize_charref(Bin, S=#decoder{offset=O}, Start) ->
609 614 case Bin of
610 615 <<_:O/binary>> ->
611   - <<_:Start/binary, Raw/binary>> = Bin,
612   - {{data, Raw, false}, S};
  616 + throw(invalid_charref);
613 617 <<_:O/binary, C, _/binary>> when ?IS_WHITESPACE(C)
614 618 orelse C =:= ?SQUOTE
615 619 orelse C =:= ?QUOTE
616 620 orelse C =:= $/
617 621 orelse C =:= $> ->
618   - Len = O - Start,
619   - <<_:Start/binary, Raw:Len/binary, _/binary>> = Bin,
620   - {{data, Raw, false}, S};
  622 + throw(invalid_charref);
621 623 <<_:O/binary, $;, _/binary>> ->
622 624 Len = O - Start,
623 625 <<_:Start/binary, Raw:Len/binary, _/binary>> = Bin,
624 626 Data = case mochiweb_charref:charref(Raw) of
625 627 undefined ->
626   - Start1 = Start - 1,
627   - Len1 = Len + 2,
628   - <<_:Start1/binary, R:Len1/binary, _/binary>> = Bin,
629   - R;
  628 + throw(invalid_charref);
630 629 Unichar when is_integer(Unichar) ->
631 630 mochiutf8:codepoint_to_bytes(Unichar);
632 631 Unichars when is_list(Unichars) ->
@@ -1263,4 +1262,22 @@ parse_funny_singletons_test() ->
1263 1262 mochiweb_html:parse(D0)),
1264 1263 ok.
1265 1264
  1265 +parse_amp_test_() ->
  1266 + [?_assertEqual(
  1267 + {<<"html">>,[],
  1268 + [{<<"body">>,[{<<"onload">>,<<"javascript:A('1&2')">>}],[]}]},
  1269 + mochiweb_html:parse("<html><body onload=\"javascript:A('1&2')\"></body></html>")),
  1270 + ?_assertEqual(
  1271 + {<<"html">>,[],
  1272 + [{<<"body">>,[{<<"onload">>,<<"javascript:A('1& 2')">>}],[]}]},
  1273 + mochiweb_html:parse("<html><body onload=\"javascript:A('1& 2')\"></body></html>")),
  1274 + ?_assertEqual(
  1275 + {<<"html">>,[],
  1276 + [{<<"body">>,[],[<<"& ">>]}]},
  1277 + mochiweb_html:parse("<html><body>& </body></html>")),
  1278 + ?_assertEqual(
  1279 + {<<"html">>,[],
  1280 + [{<<"body">>,[],[<<"&">>]}]},
  1281 + mochiweb_html:parse("<html><body>&</body></html>"))].
  1282 +
1266 1283 -endif.

0 comments on commit d163f12

Please sign in to comment.
Something went wrong with that request. Please try again.