aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/test/httpd_basic_SUITE.erl
AgeCommit message (Collapse)Author
2017-11-15inets: Fix http content injection bug in httpcPéter Dimitrov
- uri_string module used for parsing URIs. - Removed url_encode option as only valid URIs shall be handled by the http client. - The client rejects URIs that are not compliant with RFC 3986. Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
2017-06-14Update copyright yearHans Nilsson
2017-05-02Added test in httpd_basic_SUTE to validate the correct handling of non-DST datesMartin Cox
in the httpd_util:rfc1123_date/1 function.
2016-05-23inets: Use test_server app tests and remove legacy test_server codeIngela Anderton Andin
FTP tests needed some refactoring as some tests where lost to the ftp_suite_lib module that was not run.
2016-03-15update copyright-yearHenrik Nord
2015-06-18Change license text to APLv2Bruce Yinhe
2014-06-26inets: Add reload testsIngela Anderton Andin
2014-05-23inets: httpd - Behave well on not so long but wrong request linesIngela Anderton Andin
2014-05-23inets: httpd - Reject incorrect large request lines earlyIngela Anderton Andin
2014-03-18inets: Make test suites independent of each otherIngela Anderton Andin
2013-09-30inets: added testcase for keep_alive_timeoutFredrik Gustafsson
2013-09-19Add test for httpd config option 'script_timeout'Johannes Weißl
The option got ignored before 720721e.
2013-09-02Test nocache option of mod_cgi and mod_esiJohannes Weißl
Tests that the nocache options work and can be used independently from each other. This was broken before c8ef69c. Conflicts: lib/inets/test/httpd_basic_SUITE.erl
2013-08-21inets: added simple testcase for option erl_script_nocacheFredrik Gustafsson
2012-11-15Increased waiting time to check if socket is downFredrik Gustafsson
2012-11-14Fine adjustments of slowdos algFredrik Gustafsson
2012-11-12Changes to slowdos testcaseFredrik Gustafsson
2012-11-09Doc for test case slowdoseFredrik Gustafsson
2012-11-09Added testcases för minimum_bytes_per_second optionFredrik Gustafsson
2012-02-10[inets] Skip test case on windows (long path's)Micael Karlberg
On windows we have a problem opening files when the path's are long (error reason eio).
2012-02-09[inets] Minor improvement to escaped_url_in_error_bodyMicael Karlberg
2012-02-03[inets] Added verbosity printout to improve error detectionMicael Karlberg
Added verbosity printouts to detect error reason for file access error on windows.
2011-11-09More merge cleanup.Micael Karlberg
2011-11-09Initial merge from r13 topic branch. With minimal cleanup.Micael Karlberg
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655 Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_uri.erl lib/inets/src/http_lib/http_util.erl lib/inets/src/http_server/httpd_file.erl lib/inets/src/http_server/httpd_request.erl lib/inets/src/http_server/httpd_request_handler.erl lib/inets/src/http_server/httpd_util.erl lib/inets/src/inets_app/inets.appup.src lib/inets/test/httpc_SUITE.erl lib/inets/test/httpd_SUITE.erl lib/inets/test/httpd_basic_SUITE.erl lib/inets/test/httpd_test_lib.erl lib/inets/vsn.mk
2011-10-25The XSS prevention methods used was confused if theMicael Karlberg
URL was encoded (hex-encoded). OTP-9655
2011-09-15Updated http-server to make sure URLs in error-messagesMicael Karlberg
are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application. OTP-8940 [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. Michael Santos OTP-9124
2011-03-17Merge branch 'dev' into bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124Micael Karlberg
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-11[httpd] Prevent XSS in error pages.Micael Karlberg
Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters.
2011-02-22inets: prevent XSS in error pagesMichael Santos
Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. The reserved character set should be safe for displaying data within the body of HTML pages as outlined here: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet Previously, weird URLs were URI encoded in the error page. This worked quite well but the URL would be displayed in the HTML in percent encoded format. There was also a check for URIs that were already escaped (by the browser) that would fail if the browser sent an URI containing a "%", e.g.: w3m "http://localhost:8080/<b>foo</b>?%" Also encode the HTTP method and version, since it's possible they may be manipulated: <b>FOO</b> /index.html HTTP/1.0 GET /index.html <b>foo</b>/1.0 Encode the static messages to prevent characters from being interpreted as HTML such as "heavy load (>~w processes)".
2011-02-17Rename Suite Callback to Common Test HookLukas Larsson
2011-02-17Fix formatting for inetsLukas Larsson
2011-02-17Add ts_install_scb to suite/0Lukas Larsson
2011-02-17Update inets tests to conform with common_test standardLukas Larsson
2010-11-29URL-encoding - add support in client and more usage in server. AlsoIngela Anderton Andin
added missing include directory.
2010-01-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.