Add check for allowed header in setRequestHeader

driverdan · driverdan · commit 50d219ba333b · 2012-04-05T11:07:29.000-05:00
diff --git a/lib/XMLHttpRequest.js b/lib/XMLHttpRequest.js
@@ -169,6 +169,9 @@ exports.XMLHttpRequest = function() {
     if (this.readyState != this.OPENED) {
       throw "INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN";
     }
+    if (!isAllowedHttpHeader(header)) {
+      throw "SYNTAX_ERR: This header is not allowed";
+    }
     if (sendFlag) {
       throw "INVALID_STATE_ERR: send flag is true";
     }

Original file line number	Diff line number	Diff line change
`@@ -169,6 +169,9 @@ exports.XMLHttpRequest = function() {`
`169`	`169`	`if (this.readyState != this.OPENED) {`
`170`	`170`	`throw "INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN";`
`171`	`171`	`}`
	`172`	`+ if (!isAllowedHttpHeader(header)) {`
	`173`	`+ throw "SYNTAX_ERR: This header is not allowed";`
	`174`	`+ }`
`172`	`175`	`if (sendFlag) {`
`173`	`176`	`throw "INVALID_STATE_ERR: send flag is true";`
`174`	`177`	`}`