mirror
/
websocket
mirror of https://github.com/gorilla/websocket.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

Reject URIs containing user information 

WebSocket URIs do not contain user information per section 3 of RFC
6455.

Fixes #65
This commit is contained in:
Gary Burd 2015-05-15 09:26:38 -07:00
parent 6fd0f867fe
commit 1551221275
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
client.go
View File

@ -130,6 +130,11 @@ func parseURL(s string) (*url.URL, error) {
u.Opaque = s[i:]
}
if strings.Contains(u.Host, "@") {
// WebSocket URIs do not contain user information.
return nil, errMalformedURL
}
return &u, nil
}

1
client_test.go
View File

@ -20,6 +20,7 @@ var parseURLTests = []struct {
{"wss://example.com/", &url.URL{Scheme: "wss", Host: "example.com", Opaque: "/"}},
{"wss://example.com/a/b", &url.URL{Scheme: "wss", Host: "example.com", Opaque: "/a/b"}},
{"ss://example.com/a/b", nil},
{"ws://webmaster@example.com/", nil},
}
func TestParseURL(t *testing.T) {