diff options
Diffstat (limited to 'std/http/cookie.ts')
| -rw-r--r-- | std/http/cookie.ts | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/std/http/cookie.ts b/std/http/cookie.ts index 75d70f74e..f8025d328 100644 --- a/std/http/cookie.ts +++ b/std/http/cookie.ts @@ -32,11 +32,14 @@ export interface Cookie { export type SameSite = "Strict" | "Lax" | "None"; +const FIELD_CONTENT_REGEXP = /^(?=[\x20-\x7E]*$)[^()@<>,;:\\"\[\]?={}\s]+$/; + function toString(cookie: Cookie): string { if (!cookie.name) { return ""; } const out: string[] = []; + validateCookieName(cookie.name); out.push(`${cookie.name}=${cookie.value}`); // Fallback for invalid Set-Cookie @@ -80,6 +83,17 @@ function toString(cookie: Cookie): string { } /** + * Validate Cookie property. + * @param key Name of the cookie. + * @param value Value of the cookie. + */ +function validateCookieName(value: string | undefined | null): void { + if (value && !FIELD_CONTENT_REGEXP.test(value)) { + throw new TypeError(`Invalid cookie name: "${value}".`); + } +} + +/** * Parse the cookies of the Server Request * @param req An object which has a `headers` property */ |