Skip to content

Commit ffdb710

Browse files
SRHerzogSRHerzog
committed
http: fix validation of "Link" header
Updated regex for "Link" header validation to better match the specification in RFC 8288 section 3. Does not check for valid URI format but handles the rest of the header more permissively than before. Alternative to another outstanding PR that disables validation entirely. Fixes: #46453 Refs: https://www.rfc-editor.org/rfc/rfc8288.html#section-3 Refs: #46464
1 parent 8e42d8c commit ffdb710

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

lib/internal/validators.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -459,7 +459,7 @@ function validateUnion(value, name, union) {
459459
}
460460
}
461461

462-
const linkValueRegExp = /^(?:<[^>]*>;)\s*(?:rel=(")?[^;"]*\1;?)\s*(?:(?:as|anchor|title|crossorigin|disabled|fetchpriority|rel|referrerpolicy)=(")?[^;"]*\2)?$/;
462+
const linkValueRegExp = /^(?:<[^>]*>)(?:\s*;\s*[^;"]+(?:=(")?[^;"]*\1)?)*$/;
463463

464464
/**
465465
* @param {any} value
@@ -473,7 +473,7 @@ function validateLinkHeaderFormat(value, name) {
473473
throw new ERR_INVALID_ARG_VALUE(
474474
name,
475475
value,
476-
'must be an array or string of format "</styles.css>; rel=preload; as=style"'
476+
'must be an array or string of format \'</styles.css>; rel=preload; as="style"\''
477477
);
478478
}
479479
}

0 commit comments

Comments
 (0)