Allows [] and {} in request paths.
Protected by existing per-project override control `disallow_paths_with_invalid_chars`.
PiperOrigin-RevId: 672691001
diff --git a/quiche/balsa/header_properties.h b/quiche/balsa/header_properties.h
index 7bee5f7..4dd00e3 100644
--- a/quiche/balsa/header_properties.h
+++ b/quiche/balsa/header_properties.h
@@ -49,10 +49,12 @@
0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x7F};
// The set of characters allowed in the Path and Query components of a URI, as
-// described in RFC 3986 Sections 3.3 and 3.4.
+// described in RFC 3986 Sections 3.3 and 3.4. Also includes the following
+// characters, which are not actually valid, but are seen in request paths on
+// the internet and unlikely to cause problems: []{}
inline constexpr char kValidPathCharList[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~%!$&'()*"
- "+,;=:@/?";
+ "+,;=:@/?[]{}";
// Returns true if the given `c` is invalid in a header field name. The first
// version is spec compliant, the second one incorrectly allows '"'.
diff --git a/quiche/balsa/header_properties_test.cc b/quiche/balsa/header_properties_test.cc
index 253c97c..41083d3 100644
--- a/quiche/balsa/header_properties_test.cc
+++ b/quiche/balsa/header_properties_test.cc
@@ -106,10 +106,12 @@
EXPECT_FALSE(HasInvalidPathChar("invalid_path/but/valid/chars"));
EXPECT_FALSE(HasInvalidPathChar("/path/with?query;fragment"));
EXPECT_FALSE(HasInvalidPathChar("/path2.fun/my_site-root/!&$=,+*()/wow"));
+ // Surprise! [] and {} are seen in requests on the internet.
+ EXPECT_FALSE(HasInvalidPathChar("/square[brackets]surprisingly/allowed"));
+ EXPECT_FALSE(HasInvalidPathChar("/curly{braces}surprisingly/allowed"));
EXPECT_TRUE(HasInvalidPathChar("/path with spaces"));
EXPECT_TRUE(HasInvalidPathChar("/path\rwith\tother\nwhitespace"));
- EXPECT_TRUE(HasInvalidPathChar("/square[brackets]not/allowed"));
EXPECT_TRUE(HasInvalidPathChar("/backtick`"));
EXPECT_TRUE(HasInvalidPathChar("/angle<brackets>also/bad"));
}
