Skip to content

Commit

Permalink
fix: check the content-type of invalid formData (#2541)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tsctx
tsctx committed Dec 25, 2023
1 parent 751abbc commit b942a70
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 5 deletions.
10 changes: 6 additions & 4 deletions lib/fetch/body.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const { FormData } = require('./formdata')
const { kState } = require('./symbols')
const { webidl } = require('./webidl')
const { Blob, File: NativeFile } = require('buffer')
const { kBodyUsed } = require('../core/symbols')
const { kBodyUsed, kHeadersList } = require('../core/symbols')
const assert = require('assert')
const { isErrored } = require('../core/util')
const { isUint8Array, isArrayBuffer } = require('util/types')
Expand Down Expand Up @@ -369,10 +369,12 @@ function bodyMixinMethods (instance) {

throwIfAborted(this[kState])

const contentType = this.headers.get('Content-Type')
const contentType = this.headers[kHeadersList].get('content-type', true)

const mimeType = contentType !== null ? parseMIMEType(contentType) : 'failure'

// If mimeType’s essence is "multipart/form-data", then:
if (/multipart\/form-data/.test(contentType)) {
if (mimeType !== 'failure' && mimeType.essence === 'multipart/form-data') {
const headers = {}
for (const [key, value] of this.headers) headers[key] = value

Expand Down Expand Up @@ -430,7 +432,7 @@ function bodyMixinMethods (instance) {
await busboyResolve

return responseFormData
} else if (/application\/x-www-form-urlencoded/.test(contentType)) {
} else if (mimeType !== 'failure' && mimeType.essence === 'application/x-www-form-urlencoded') {
// Otherwise, if mimeType’s essence is "application/x-www-form-urlencoded", then:

// 1. Let entries be the result of parsing bytes.
Expand Down
35 changes: 34 additions & 1 deletion test/fetch/response.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@

const { test } = require('tap')
const {
Response
Response,
FormData
} = require('../../')
const {
Blob: ThirdPartyBlob,
Expand Down Expand Up @@ -254,3 +255,35 @@ test('Issue#2465', async (t) => {
const response = new Response(new SharedArrayBuffer(0))
t.equal(await response.text(), '[object SharedArrayBuffer]')
})

test('Check the Content-Type of invalid formData', (t) => {
t.plan(4)

t.test('_application/x-www-form-urlencoded', async (t) => {
t.plan(1)
const response = new Response('x=y', { headers: { 'content-type': '_application/x-www-form-urlencoded' } })
await t.rejects(response.formData(), TypeError)
})

t.test('_multipart/form-data', async (t) => {
t.plan(1)
const formData = new FormData()
formData.append('x', 'y')
const response = new Response(formData, { headers: { 'content-type': '_multipart/form-data' } })
await t.rejects(response.formData(), TypeError)
})

t.test('application/x-www-form-urlencoded_', async (t) => {
t.plan(1)
const response = new Response('x=y', { headers: { 'content-type': 'application/x-www-form-urlencoded_' } })
await t.rejects(response.formData(), TypeError)
})

t.test('multipart/form-data_', async (t) => {
t.plan(1)
const formData = new FormData()
formData.append('x', 'y')
const response = new Response(formData, { headers: { 'content-type': 'multipart/form-data_' } })
await t.rejects(response.formData(), TypeError)
})
})

0 comments on commit b942a70

Please sign in to comment.