Add sanitize host name

whitequark · Dec 22, 2016 · 9644371 · 9644371
1 parent 2220dc2
commit 9644371
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/lib/rack/utf8_sanitizer.rb b/lib/rack/utf8_sanitizer.rb
@@ -27,6 +27,7 @@ def call(env)
         HTTP_REFERER
         ORIGINAL_FULLPATH
         ORIGINAL_SCRIPT_NAME
+        SERVER_NAME
     ).map(&:freeze).freeze
 
     SANITIZABLE_CONTENT_TYPES = %w(

diff --git a/test/test_utf8_sanitizer.rb b/test/test_utf8_sanitizer.rb
@@ -28,6 +28,17 @@
     end
   end
 
+  describe "with invalid host input" do
+    it "sanitizes host entity (SERVER_NAME)" do
+      host   = "host\xD0".force_encoding('UTF-8')
+      env    = @app.({ "SERVER_NAME" => host })
+      result = env["SERVER_NAME"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+    end
+  end
+
   describe "with invalid UTF-8 input" do
     before do
       @plain_input = "foo\xe0".force_encoding('UTF-8')