mirror/browser
1
0
Fork 0
mirror of https://github.com/lightpanda-io/browser.git synced 2026-06-11 09:35:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

URL.zig: fix NUL/CR/LF/TAB character injection through authority

Browse Source
This commit is contained in:
Halil Durak
2026-05-19 11:39:52 +03:00
parent fd0831fe93
commit 6bc4ebdfed
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/browser/URL.zig
View File

@@ -883,8 +883,9 @@ fn parseAuthority(raw: []const u8) ?AuthorityInfo {
const scheme_end = std.mem.indexOf(u8, raw, "://") orelse return null;
const authority_start = scheme_end + 3;
// Find end of authority FIRST (start of path/query/fragment or end of string)
const authority_end = if (std.mem.indexOfAny(u8, raw[authority_start..], "/?#")) |end|
// Find end of authority FIRST (start of path/query/fragment,
// a NUL/CR/LF/TAB, or end of string).
const authority_end = if (std.mem.indexOfAny(u8, raw[authority_start..], "/?#\x00\r\n\t")) |end|
authority_start + end
else
raw.len;