diff options
| -rw-r--r-- | src/corelib/tools/qoffsetstringarray_p.h | 9 | ||||
| -rw-r--r-- | src/network/access/qnetworkreplywasmimpl.cpp | 24 | ||||
| -rw-r--r-- | tests/auto/corelib/tools/qoffsetstringarray/tst_qoffsetstringarray.cpp | 11 |
3 files changed, 32 insertions, 12 deletions
diff --git a/src/corelib/tools/qoffsetstringarray_p.h b/src/corelib/tools/qoffsetstringarray_p.h index 2a0e6de55b..3272e4dce9 100644 --- a/src/corelib/tools/qoffsetstringarray_p.h +++ b/src/corelib/tools/qoffsetstringarray_p.h @@ -63,6 +63,15 @@ public: constexpr int count() const { return int(m_offsets.size()) - 1; } + bool contains(QByteArrayView needle, Qt::CaseSensitivity cs = Qt::CaseSensitive) const noexcept + { + for (qsizetype i = 0; i < count(); ++i) { + if (viewAt(i).compare(needle, cs) == 0) + return true; + } + return false; + } + private: StaticString m_string; OffsetList m_offsets; diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp index a10d2f843a..b7fec9345a 100644 --- a/src/network/access/qnetworkreplywasmimpl.cpp +++ b/src/network/access/qnetworkreplywasmimpl.cpp @@ -9,6 +9,7 @@ #include <QtCore/qcoreapplication.h> #include <QtCore/qfileinfo.h> #include <QtCore/qthread.h> +#include <QtCore/private/qoffsetstringarray_p.h> #include <QtCore/private/qtools_p.h> #include <private/qnetworkaccessmanager_p.h> @@ -18,8 +19,12 @@ #include <emscripten/fetch.h> QT_BEGIN_NAMESPACE + +using namespace Qt::StringLiterals; + namespace { -constexpr const char *BannedHeaders[] = { + +static constexpr auto BannedHeaders = qOffsetStringArray( "accept-charset", "accept-encoding", "access-control-request-headers", @@ -39,19 +44,14 @@ constexpr const char *BannedHeaders[] = { "trailer", "transfer-encoding", "upgrade", - "via", -}; + "via" +); -bool isUnsafeHeader(QLatin1StringView header) +bool isUnsafeHeader(QLatin1StringView header) noexcept { - return header.startsWith(QStringLiteral("proxy-"), Qt::CaseInsensitive) - || header.startsWith(QStringLiteral("sec-"), Qt::CaseInsensitive) - || std::any_of(std::begin(BannedHeaders), std::end(BannedHeaders), - [&header](const char *bannedHeader) { - return 0 - == header.compare(QLatin1StringView(bannedHeader), - Qt::CaseInsensitive); - }); + return header.startsWith("proxy-"_L1, Qt::CaseInsensitive) + || header.startsWith("sec-"_L1, Qt::CaseInsensitive) + || BannedHeaders.contains(header, Qt::CaseInsensitive); } } // namespace diff --git a/tests/auto/corelib/tools/qoffsetstringarray/tst_qoffsetstringarray.cpp b/tests/auto/corelib/tools/qoffsetstringarray/tst_qoffsetstringarray.cpp index 16c687bf89..669f14cc92 100644 --- a/tests/auto/corelib/tools/qoffsetstringarray/tst_qoffsetstringarray.cpp +++ b/tests/auto/corelib/tools/qoffsetstringarray/tst_qoffsetstringarray.cpp @@ -13,6 +13,7 @@ class tst_QOffsetStringArray : public QObject private slots: void init(); void access(); + void contains(); }; @@ -89,6 +90,16 @@ void tst_QOffsetStringArray::access() QCOMPARE(messages[6], ""); } +void tst_QOffsetStringArray::contains() +{ + QVERIFY(!messages.contains("")); + QVERIFY( messages.contains("level - 0")); + std::string l2 = "level - 2"; // make sure we don't compare pointer values + QVERIFY( messages.contains(l2)); + QByteArray L4 = "Level - 4"; + QVERIFY( messages.contains(L4, Qt::CaseInsensitive)); + QVERIFY(!messages.contains(L4, Qt::CaseSensitive)); +} QTEST_APPLESS_MAIN(tst_QOffsetStringArray) #include "tst_qoffsetstringarray.moc" |