Skip to content
This repository was archived by the owner on Apr 10, 2025. It is now read-only.

Commit 08cbf90

Browse files
jeffkaufmanjeffkaufman
committed
convert-meta-tags: don't allow newlines when converting meta tags.
This change makes ResponseHeaders::MergeContentType reject values containing unprintable characters. Fixes #1083 This is Otto's work from #1196
1 parent b0ed9e4 commit 08cbf90

File tree

3 files changed

+23
-0
lines changed

3 files changed

+23
-0
lines changed

net/instaweb/rewriter/meta_tag_filter_test.cc

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,21 @@ TEST_F(MetaTagFilterTest, TestTags) {
6767
<< *values[0];
6868
}
6969

70+
const char kMetaTagDocInvalidAttribute[] =
71+
"<html><head>"
72+
"<meta http-equiv=\"Content-Type\" content=\"text/html;"
73+
" charset=U\r\nTF-8\">"
74+
"</head><body></body></html>";
75+
76+
TEST_F(MetaTagFilterTest, TestRejectInvalidAttribute) {
77+
headers()->RemoveAll(HttpAttributes::kContentType);
78+
ValidateNoChanges("convert_tags_invalid_attribute",
79+
kMetaTagDocInvalidAttribute);
80+
ConstStringStarVector values;
81+
EXPECT_FALSE(headers()->Lookup(HttpAttributes::kContentType, &values));
82+
ASSERT_EQ(0, values.size());
83+
}
84+
7085
const char kMetaTagDoubleDoc[] =
7186
"<html><head>"
7287
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">"

pagespeed/kernel/http/response_headers.cc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -321,6 +321,12 @@ bool ResponseHeaders::CombineContentTypes(const StringPiece& orig,
321321
}
322322

323323
bool ResponseHeaders::MergeContentType(const StringPiece& content_type) {
324+
for (size_t i = 0; i < content_type.size(); i++) {
325+
if (!IsNonControlAscii(content_type[i])) {
326+
return false;
327+
}
328+
}
329+
324330
bool ret = false;
325331
ConstStringStarVector old_values;
326332
Lookup(HttpAttributes::kContentType, &old_values);

pagespeed/kernel/http/response_headers.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,8 @@ class ResponseHeaders : public Headers<HttpResponseHeaders> {
7575

7676
// Merge the new content_type with what is already in the headers.
7777
// Returns true if the existing content-type header was changed.
78+
// If the new content_type contains non-printable characters, the
79+
// change will be rejected silently (and false will be returned).
7880
bool MergeContentType(const StringPiece& content_type);
7981

8082
// Merge headers. Replaces all headers specified both here and in

0 commit comments

Comments
 (0)