File: README.http_parser.md

package info (click to toggle)
libwebsockets 4.3.5-3
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 31,404 kB
  • sloc: ansic: 194,409; javascript: 1,550; sh: 1,387; cpp: 505; java: 461; perl: 405; xml: 118; makefile: 76; awk: 5
file content (33 lines) | stat: -rw-r--r-- 935 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# Notes on http parser corner cases

## Dealing with %00

%00 is considered illegal in

 - the path part of the URL.  A lot of user code handles it as a NUL terminated string,
   even though the header get apis are based around length.  So it is disallowed to
   avoid ambiguity.

 - the name part of a urlarg, like ?name=value

%00 is valid in

 - the value part of a urlarg, like ?name=value

When the parser sees %00 where it is not allowed, it simply drops the connection.

## Note on proper urlarg handling

urlargs are allowed to contain non-NUL terminated binary.  So it is important to
use the length-based urlarg apis

 - `lws_hdr_copy_fragment()`
 - `lws_get_urlarg_by_name_safe()`

The non-length based urlarg api

 - `lws_get_urlarg_by_name()`

...is soft-deprecated, it's still allowed but it will be fooled by the first %00
seen in the argument into truncating the argument.  Use `lws_get_urlarg_by_name_safe()`
instead.