From 3b28f0d9bbc9e5745fb95e48e6daf9179461116b Mon Sep 17 00:00:00 2001
From: Kirilll Zaborsky <qrilka@gmail.com>
Date: Thu, 24 Sep 2015 15:19:52 +0300
Subject: inets: scheme validation fun for http_uri

http_uri:parse_scheme function should allow checking
scheme of URIs otherwise it could be easily abused to
reach limit number of atoms in the VM
---
 lib/inets/doc/src/http_uri.xml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'lib/inets/doc')

diff --git a/lib/inets/doc/src/http_uri.xml b/lib/inets/doc/src/http_uri.xml
index 47c40da96a..64e6c7a6cc 100644
--- a/lib/inets/doc/src/http_uri.xml
+++ b/lib/inets/doc/src/http_uri.xml
@@ -117,7 +117,8 @@
         <v>Options = [Option]</v> 
         <v>Option = {ipv6_host_with_brackets, boolean()} | 
                     {scheme_defaults, scheme_defaults()} |
-                    {fragment, boolean()}]</v>
+                    {fragment, boolean()} |
+                    {schema_validation_fun, fun()}]</v>
         <v>Result = {Scheme, UserInfo, Host, Port, Path, Query} |
                     {Scheme, UserInfo, Host, Port, Path, Query, Fragment}</v>
 	<v>UserInfo = user_info()</v>
@@ -141,6 +142,16 @@
         <p>If the fragment option is <c>true</c>, the URI fragment is returned as
           part of the parsing result, otherwise it is ignored.</p>
 
+        <p>Scheme validation fun is to be defined as follows:
+
+	    <code>
+fun(SchemeStr :: string()) ->
+	valid |	{error, Reason :: term()}.
+	    </code>
+
+        It is called before scheme string gets converted into scheme atom and
+        thus possible atom leak could be prevented</p>
+
         <marker id="encode"></marker>
       </desc>
     </func>
-- 
cgit v1.2.3