// Copyright 2016 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.package httpgutsimport ()var isTokenTable = [256]bool{'!': true,'#': true,'$': true,'%': true,'&': true,'\'': true,'*': true,'+': true,'-': true,'.': true,'0': true,'1': true,'2': true,'3': true,'4': true,'5': true,'6': true,'7': true,'8': true,'9': true,'A': true,'B': true,'C': true,'D': true,'E': true,'F': true,'G': true,'H': true,'I': true,'J': true,'K': true,'L': true,'M': true,'N': true,'O': true,'P': true,'Q': true,'R': true,'S': true,'T': true,'U': true,'W': true,'V': true,'X': true,'Y': true,'Z': true,'^': true,'_': true,'`': true,'a': true,'b': true,'c': true,'d': true,'e': true,'f': true,'g': true,'h': true,'i': true,'j': true,'k': true,'l': true,'m': true,'n': true,'o': true,'p': true,'q': true,'r': true,'s': true,'t': true,'u': true,'v': true,'w': true,'x': true,'y': true,'z': true,'|': true,'~': true,}func ( rune) bool {return < utf8.RuneSelf && isTokenTable[byte()]}// HeaderValuesContainsToken reports whether any string in values// contains the provided token, ASCII case-insensitively.func ( []string, string) bool {for , := range {ifheaderValueContainsToken(, ) {returntrue } }returnfalse}// isOWS reports whether b is an optional whitespace byte, as defined// by RFC 7230 section 3.2.3.func isOWS( byte) bool { return == ' ' || == '\t' }// trimOWS returns x with all optional whitespace removes from the// beginning and end.func trimOWS( string) string {// TODO: consider using strings.Trim(x, " \t") instead, // if and when it's fast enough. See issue 10292. // But this ASCII-only code will probably always beat UTF-8 // aware code.forlen() > 0 && isOWS([0]) { = [1:] }forlen() > 0 && isOWS([len()-1]) { = [:len()-1] }return}// headerValueContainsToken reports whether v (assumed to be a// 0#element, in the ABNF extension described in RFC 7230 section 7)// contains token amongst its comma-separated tokens, ASCII// case-insensitively.func headerValueContainsToken( string, string) bool {for := strings.IndexByte(, ','); != -1; = strings.IndexByte(, ',') {iftokenEqual(trimOWS([:]), ) {returntrue } = [+1:] }returntokenEqual(trimOWS(), )}// lowerASCII returns the ASCII lowercase version of b.func lowerASCII( byte) byte {if'A' <= && <= 'Z' {return + ('a' - 'A') }return}// tokenEqual reports whether t1 and t2 are equal, ASCII case-insensitively.func tokenEqual(, string) bool {iflen() != len() {returnfalse }for , := range {if >= utf8.RuneSelf {// No UTF-8 or non-ASCII allowed in tokens.returnfalse }iflowerASCII(byte()) != lowerASCII([]) {returnfalse } }returntrue}// isLWS reports whether b is linear white space, according// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2//// LWS = [CRLF] 1*( SP | HT )func isLWS( byte) bool { return == ' ' || == '\t' }// isCTL reports whether b is a control byte, according// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2//// CTL = <any US-ASCII control character// (octets 0 - 31) and DEL (127)>func isCTL( byte) bool {const = 0x7f// a CTLreturn < ' ' || == }// ValidHeaderFieldName reports whether v is a valid HTTP/1.x header name.// HTTP/2 imposes the additional restriction that uppercase ASCII// letters are not allowed.//// RFC 7230 says://// header-field = field-name ":" OWS field-value OWS// field-name = token// token = 1*tchar// tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /// "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHAfunc ( string) bool {iflen() == 0 {returnfalse }for := 0; < len(); ++ {if !isTokenTable[[]] {returnfalse } }returntrue}// ValidHostHeader reports whether h is a valid host header.func ( string) bool {// The latest spec is actually this: // // http://tools.ietf.org/html/rfc7230#section-5.4 // Host = uri-host [ ":" port ] // // Where uri-host is: // http://tools.ietf.org/html/rfc3986#section-3.2.2 // // But we're going to be much more lenient for now and just // search for any byte that's not a valid byte in any of those // expressions.for := 0; < len(); ++ {if !validHostByte[[]] {returnfalse } }returntrue}// See the validHostHeader comment.var validHostByte = [256]bool{'0': true, '1': true, '2': true, '3': true, '4': true, '5': true, '6': true, '7': true,'8': true, '9': true,'a': true, 'b': true, 'c': true, 'd': true, 'e': true, 'f': true, 'g': true, 'h': true,'i': true, 'j': true, 'k': true, 'l': true, 'm': true, 'n': true, 'o': true, 'p': true,'q': true, 'r': true, 's': true, 't': true, 'u': true, 'v': true, 'w': true, 'x': true,'y': true, 'z': true,'A': true, 'B': true, 'C': true, 'D': true, 'E': true, 'F': true, 'G': true, 'H': true,'I': true, 'J': true, 'K': true, 'L': true, 'M': true, 'N': true, 'O': true, 'P': true,'Q': true, 'R': true, 'S': true, 'T': true, 'U': true, 'V': true, 'W': true, 'X': true,'Y': true, 'Z': true,'!': true, // sub-delims'$': true, // sub-delims'%': true, // pct-encoded (and used in IPv6 zones)'&': true, // sub-delims'(': true, // sub-delims')': true, // sub-delims'*': true, // sub-delims'+': true, // sub-delims',': true, // sub-delims'-': true, // unreserved'.': true, // unreserved':': true, // IPv6address + Host expression's optional port';': true, // sub-delims'=': true, // sub-delims'[': true,'\'': true, // sub-delims']': true,'_': true, // unreserved'~': true, // unreserved}// ValidHeaderFieldValue reports whether v is a valid "field-value" according to// http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 ://// message-header = field-name ":" [ field-value ]// field-value = *( field-content | LWS )// field-content = <the OCTETs making up the field-value// and consisting of either *TEXT or combinations// of token, separators, and quoted-string>//// http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 ://// TEXT = <any OCTET except CTLs,// but including LWS>// LWS = [CRLF] 1*( SP | HT )// CTL = <any US-ASCII control character// (octets 0 - 31) and DEL (127)>//// RFC 7230 says://// field-value = *( field-content / obs-fold )// obj-fold = N/A to http2, and deprecated// field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]// field-vchar = VCHAR / obs-text// obs-text = %x80-FF// VCHAR = "any visible [USASCII] character"//// http2 further says: "Similarly, HTTP/2 allows header field values// that are not valid. While most of the values that can be encoded// will not alter header field parsing, carriage return (CR, ASCII// 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII// 0x0) might be exploited by an attacker if they are translated// verbatim. Any request or response that contains a character not// permitted in a header field value MUST be treated as malformed// (Section 8.1.2.6). Valid characters are defined by the// field-content ABNF rule in Section 3.2 of [RFC7230]."//// This function does not (yet?) properly handle the rejection of// strings that begin or end with SP or HTAB.func ( string) bool {for := 0; < len(); ++ { := []ifisCTL() && !isLWS() {returnfalse } }returntrue}func isASCII( string) bool {for := 0; < len(); ++ {if [] >= utf8.RuneSelf {returnfalse } }returntrue}// PunycodeHostPort returns the IDNA Punycode version// of the provided "host" or "host:port" string.func ( string) (string, error) {ifisASCII() {return , nil } , , := net.SplitHostPort()if != nil {// The input 'v' argument was just a "host" argument, // without a port. This error should not be returned // to the caller. = = "" } , = idna.ToASCII()if != nil {// Non-UTF-8? Not representable in Punycode, in any // case.return"", }if == "" {return , nil }returnnet.JoinHostPort(, ), nil}
The pages are generated with Goldsv0.7.0-preview. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.
