aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00
Code

[xhr] check allowed methods for open.

Browse Source 
Allowed are only GET, POST or HEAD
This commit is contained in:
Witold Filipczyk 2022-09-21 19:40:48 +02:00
parent e564289348
commit de82ea339c
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/ecmascript/spidermonkey/xhr.cpp
View File

@ -105,6 +105,7 @@ struct xhr {
char *statusText; char *statusText;
char *upload; char *upload;
bool withCredentials; bool withCredentials;
int method;
int readyState; int readyState;
int status; int status;
int timeout; int timeout;
@ -276,6 +277,28 @@ xhr_open(JSContext *ctx, unsigned int argc, JS::Value *rval)
if (!xhr) { if (!xhr) {
return false; return false;
} }
char *method = jsval_to_string(ctx, args[0]);
if (!method) {
return false;
}
const char *allowed[] = { "", "GET", "HEAD", "POST", NULL };
bool method_ok = false;
for (int i = 1; allowed[i]; i++) {
if (!strcasecmp(allowed[i], method)) {
method_ok = true;
xhr->method = i;
break;
}
}
mem_free(method);
if (!method_ok) {
return false;
}
mem_free_set(&xhr->responseURL, jsval_to_string(ctx, args[1])); mem_free_set(&xhr->responseURL, jsval_to_string(ctx, args[1]));
args.rval().setUndefined(); args.rval().setUndefined();