LibWeb: Use a more restrictive regex for method token production

This changes the regular expression for is_method() to a more restrictive pattern.
Author: https://github.com/kennethmyhra Commit: https://github.com/SerenityOS/serenity/commit/fccea8888e Pull-request: https://github.com/SerenityOS/serenity/pull/13520 Reviewed-by: https://github.com/alimpfard Reviewed-by: https://github.com/linusg ✅
2022-04-13 21:44:16 +02:00 · 2022-04-13 21:44:16 +02:00 · fccea8888e · 2024-07-17 20:22:04 +09:00
commit fccea8888e
parent 053bcd4859
1 changed files with 2 additions and 2 deletions
--- a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
+++ b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
@ -390,8 +390,8 @@ static bool is_forbidden_method(String const& method)
 // https://fetch.spec.whatwg.org/#concept-method
 static bool is_method(String const& method)
 {
-    Regex<ECMA262Parser> regex { R"~~~(^.*["(),\/:;<=>?@\\[\]{}]+.*$)~~~" };
-    return !regex.has_match(method);
+    Regex<ECMA262Parser> regex { R"~~~(^[A-Za-z0-9!#$%&'*+-.^_`|~]+$)~~~" };
+    return regex.has_match(method);
 }

 // https://fetch.spec.whatwg.org/#concept-method-normalize