Ejemplo n.º 1
0
        /// <summary>
        /// Throws on invalid header name chars.
        /// </summary>
        private static string CheckBadHeaderNameChars(string name)
        {
            Debug.Assert(!string.IsNullOrEmpty(name));

            // First, check for absence of separators and spaces.
            if (HttpValidationHelpers.IsInvalidMethodOrHeaderString(name))
            {
                throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidHeaderChars, nameof(name)), nameof(name));
            }

            // Second, check for non CTL ASCII-7 characters (32-126).
            if (ContainsNonAsciiChars(name))
            {
                throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidNonAsciiChars, nameof(name)), nameof(name));
            }

            return(name);
        }
Ejemplo n.º 2
0
        // CheckBadChars - throws on invalid chars to be not found in header name/value
        internal static string CheckBadChars(string name, bool isHeaderValue)
        {
            if (name == null || name.Length == 0)
            {
                // empty name is invalid
                if (!isHeaderValue)
                {
                    throw name == null ? new ArgumentNullException("name") :
                          new ArgumentException(SR.Format(SR.net_emptystringcall, "name"), "name");
                }
                // empty value is OK
                return(string.Empty);
            }

            if (isHeaderValue)
            {
                // VALUE check
                // Trim spaces from both ends
                name = name.Trim(s_httpTrimCharacters);

                // First, check for correctly formed multi-line value
                // Second, check for absence of CTL characters
                int crlf = 0;
                for (int i = 0; i < name.Length; ++i)
                {
                    char c = (char)(0x000000ff & (uint)name[i]);
                    switch (crlf)
                    {
                    case 0:
                        if (c == '\r')
                        {
                            crlf = 1;
                        }
                        else if (c == '\n')
                        {
                            // Technically this is bad HTTP, but we want to be permissive in what we accept.
                            // It is important to note that it would be a breaking change to reject this.
                            crlf = 2;
                        }
                        else if (c == 127 || (c < ' ' && c != '\t'))
                        {
                            throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidControlChars, "value"));
                        }
                        break;

                    case 1:
                        if (c == '\n')
                        {
                            crlf = 2;
                            break;
                        }
                        throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidCRLFChars, "value"));

                    case 2:
                        if (c == ' ' || c == '\t')
                        {
                            crlf = 0;
                            break;
                        }
                        throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidCRLFChars, "value"));
                    }
                }
                if (crlf != 0)
                {
                    throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidCRLFChars, "value"));
                }
            }
            else
            {
                // NAME check
                // First, check for absence of separators and spaces
                if (HttpValidationHelpers.IsInvalidMethodOrHeaderString(name))
                {
                    throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidHeaderChars, "name"));
                }

                // Second, check for non CTL ASCII-7 characters (32-126)
                if (ContainsNonAsciiChars(name))
                {
                    throw new ArgumentException(SR.Format(SR.net_WebHeaderInvalidNonAsciiChars, "name"));
                }
            }
            return(name);
        }