feat: add replace invalid http header character

README.md

@@ -192,6 +192,9 @@ utils.split('foo,bar,,,', ','); // ['foo', 'bar']
 
 // replace string work with special chars which `String.prototype.replace` can't handle
 utils.replace('<body> hi', '<body>', '$& body'); // '$& body hi'
+
+// replace http header invalid characters
+utils.replaceInvalidHttpHeaderChar('abc你好11'); // {invalid: true, val: 'abc  11'}
 ```
 
 ### Try

benchmark/string.js

@@ -0,0 +1,115 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+const utility = require('../');
+
+const Benchmark = require('benchmark');
+const suite = new Benchmark.Suite();
+let str1_10 = [];
+let str2_10 = [];
+let str3_10 = [];
+
+for (let i = 0; i < 10; i++) {
+  str1_10.push(String.fromCharCode(i + 32));
+  str2_10.push(String.fromCharCode(i + 32));
+  str3_10.push(String.fromCharCode(i + 32));
+}
+
+str1_10.splice(1, 1, '中文');
+str2_10.splice(3, 1, '中文');
+str3_10.splice(5, 1, '中文');
+
+str1_10 = str1_10.join('');
+str2_10 = str2_10.join('');
+str3_10 = str3_10.join('');
+
+let str1_1000 = [];
+let str2_1000 = [];
+let str3_1000 = [];
+for (let i = 0; i < 1000; i++) {
+  str1_1000.push(String.fromCharCode(i % 80 + 32));
+  str2_1000.push(String.fromCharCode(i % 80 + 32));
+  str3_1000.push(String.fromCharCode(i % 80 + 32));
+}
+
+str1_1000.splice(10, 1, '中文');
+str2_1000.splice(100, 1, '中文');
+str3_1000.splice(800, 1, '中文');
+
+str1_1000 = str1_1000.join('');
+str2_1000 = str2_1000.join('');
+str3_1000 = str3_1000.join('');
+
+// console.info('===>', utility.replaceInvalidHttpHeaderChar(str1_10));
+// console.info('===>', utility.replaceInvalidHttpHeaderChar(str1_1000));
+
+const headers= {};
+const headers_invalid = {};
+
+headers['Host'] = 'my.foo.com';
+headers['Connection'] = 'keep-alive';
+headers['Accept'] = 'text/html, */*; q=0.01';
+headers['X-Requested-With'] = 'XMLHttpRequest';
+headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36';
+headers['Referer'] = 'https://my.alipay.com/portal/i.htm';
+headers['Accept-Encoding'] = 'gzip, deflate, sdch, br';
+headers['Accept-Language'] = 'zh-CN,zh;q=0.8,en;q=0.6';
+headers['Cookie'] = 'cna=Aq7qEKDcuSsCASp4SdAqdtIE; LOCALE=zh_CN; ZAUTH_REST_LOGIN_INFO=1111111111111111111111111122222222222222222222222222223333333333333aaaaaaaaaaaaaaaaaaaaaddddddddddddddddddbbbbbbbbbbbbbbbbb333333333333bbbbbbbbbbbbbbbbbbbbbbbbbddddddddddddddddddddbbbbbbbbbbbbbbbbbbbb333333333333333333333333333bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb3333kkkkkkkkkkkkkzzzzzzzzzzzzzdddddddddddddddddddddddddkkkkkkkkkkkkkkkkkkkk3333333333333333333kkkkkkkkkkkkkkkkkkkkkkk; ABCDEFGAAAUTHJSESSIONID=DDFSFSFSFSFEESFSDFSDFSFyD1zyhINADBCDDDDBB; mobileSendTime=-1; credibleMobileSendTime=-1; ctuMobileSendTime=-1; riskMobileBankSendTime=-1; riskMobileAccoutSendTime=-1; riskMobileCreditSendTime=-1; riskCredibleMobileSendTime=-1; riskOriginalAccountMobileSendTime=-1; aeofen=kA6t-uV3HlfVbpLt; LoginForm=testabc_login_auth; bjklmnd="K1iSL1mlXoWjQ8nVYGjtRnfEXYkS/VRtvnHvn5jXMRU1IkwUm44hgEQa"; CLUB_ALIPAY_COM=11238849458323234950303; iw.userid="K23iML1mlBoDjE8nVEGEtBg=="; tt_apache_tracktmp="uid=11238849458323234950303"; session.cookieNameId=ABCDEFGAAAUTHJSESSIONID; CHAIR_SESS=K12iO619fABDFHGGKHKDIDO_wEsrVBE-ddeftrE3hh_R1mMywjYorRhLQ823aOAvkxKVL_vlB56DDPElcBYwsduFu2sDEFLX9zyHyeIzsBidDcBSLB_Cdj62Yyh5passfedpzI2hUSTRsylVTCc5n2deddf==; ABCDEFGAAAUTHJSESSIONID.sig=3Gr3S-Hwd6-YWX56jsdfswDEGEEGzBHlNHnlsUlaC_CaNU; ABCDEFGAAAUTHJSESSIONID=RZ04Xc6XMGCQHGA5stpwlJougOFFeAauthBD00AD22; bone=VZ11A; spanner=49GKop+ywXeMAfFDEeVDDshSF/xD/mjdv';
+
+Object.keys(headers).forEach(key => {
+  headers_invalid[key] = headers[key] + '中文';
+});
+
+Object.keys(headers_invalid).forEach(key => {
+  console.info(utility.replaceInvalidHttpHeaderChar(headers_invalid[key]));
+});
+
+suite
+.add('utility.replaceInvalidHttpHeaderChar(str1_10)', () => {
+  utility.replaceInvalidHttpHeaderChar(str1_10);
+})
+.add('utility.replaceInvalidHttpHeaderChar(str2_10)', () => {
+  utility.replaceInvalidHttpHeaderChar(str2_10);
+})
+.add('utility.replaceInvalidHttpHeaderChar(str3_10)', () => {
+  utility.replaceInvalidHttpHeaderChar(str3_10);
+})
+.add('utility.replaceInvalidHttpHeaderChar(str1_1000)', () => {
+  utility.replaceInvalidHttpHeaderChar(str1_1000);
+})
+.add('utility.replaceInvalidHttpHeaderChar(str2_1000)', () => {
+  utility.replaceInvalidHttpHeaderChar(str2_1000);
+})
+.add('utility.replaceInvalidHttpHeaderChar(str3_1000)', () => {
+  utility.replaceInvalidHttpHeaderChar(str3_1000);
+}).
+add('utility.relaceInvalidHttpHeaderChar(real_headers)', () => {
+  Object.keys(headers).forEach(key => {
+    utility.replaceInvalidHttpHeaderChar(headers[key]);
+  });
+}).
+add('utility.relaceInvalidHttpHeaderChar(real_headers_invalid)', () => {
+  Object.keys(headers_invalid).forEach(key => {
+    utility.replaceInvalidHttpHeaderChar(headers_invalid[key]);
+  });
+})
+// add listeners
+.on('cycle', event => {
+  console.log(String(event.target));
+})
+.on('complete', () => {
+  console.log('done');
+})
+.run({ async: false });
+// $ node benchmark/string.js
+// utility.replaceInvalidHttpHeaderChar(str1_10) x 1,310,312 ops/sec ±1.03% (87 runs sampled)
+// utility.replaceInvalidHttpHeaderChar(str2_10) x 1,309,274 ops/sec ±1.35% (86 runs sampled)
+// utility.replaceInvalidHttpHeaderChar(str3_10) x 1,332,818 ops/sec ±1.22% (88 runs sampled)
+// utility.replaceInvalidHttpHeaderChar(str1_1000) x 29,391 ops/sec ±1.41% (90 runs sampled)
+// utility.replaceInvalidHttpHeaderChar(str2_1000) x 27,842 ops/sec ±1.29% (83 runs sampled)
+// utility.replaceInvalidHttpHeaderChar(str3_1000) x 26,905 ops/sec ±1.63% (85 runs sampled)
+// utility.relaceInvalidHttpHeaderChar(real_headers) x 85,277 ops/sec ±1.34% (83 runs sampled)
+// utility.relaceInvalidHttpHeaderChar(real_headers_invalid) x 16,691 ops/sec ±1.14% (88 runs sampled)

lib/string.js

@@ -37,7 +37,6 @@ exports.split = function split(str, sep) {
   }
   return needs;
 };
-
 // always optimized
 exports.splitAlwaysOptimized = function splitAlwaysOptimized() {
   var str = '';
@@ -76,3 +75,71 @@ exports.replace = function replace(str, substr, newSubstr) {
   }
   return str.replace(substr, replaceFunction);
 };
+
+// original source https://github.com/nodejs/node/blob/v7.5.0/lib/_http_common.js#L300
+/**
+ * True if val contains an invalid field-vchar
+ *  field-value    = *( field-content / obs-fold )
+ *  field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ *  field-vchar    = VCHAR / obs-text
+ *
+ * checkInvalidHeaderChar() is currently designed to be inlinable by v8,
+ * so take care when making changes to the implementation so that the source
+ * code size does not exceed v8's default max_inlined_source_size setting.
+ **/
+var validHdrChars = [
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, // 0 - 15
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 32 - 47
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 48 - 63
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 80 - 95
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, // 112 - 127
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 128 ...
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  // ... 255
+];
+
+/**
+ * Replace invalid http header characters with spaces
+ *
+ * @param  {String} val
+ * @param  {String} replacement
+ * @return {Object}
+ */
+exports.replaceInvalidHttpHeaderChar = function replaceInvalidHttpHeaderChar(val, replacement) {
+  replacement = replacement || ' ';
+  var invalid = false;
+
+  if (!val || typeof val !== 'string') {
+    return {
+      val: val,
+      invalid: invalid,
+    };
+  }
+
+  var chars;
+  for (var i = 0; i < val.length; ++i) {
+    if (!validHdrChars[val.charCodeAt(i)]) {
+      // 延迟产生这个数组, 只有找到非法字符的时候, 才创建.
+      chars = chars || val.split('');
+      chars[i] = replacement;
+    }
+  }
+
+  if (chars) {
+    val = chars.join('');
+    invalid = true;
+  }
+
+  return {
+    val: val,
+    invalid: invalid,
+  };
+};

test/string.test.js

@@ -64,3 +64,36 @@ test('replace() should support regex', t => {
 
   t.is(utils.replace('{ <body> }', /<body>/, 'this is body $& $` $\' $$'), '{ this is body $& $` $\' $$ }');
 });
+
+test('replaceInvalidHttpHeaderChar() should replace invalid char', t => {
+  var s0 = '';
+  var s1 = '123';
+  var s2 = 'abc';
+  var s3 = '!@#$%^&*()_+-=\|';
+  var s4 = '你1好0';
+  var s5 = '1你1好0';
+  var s6 = '11你1好0';
+  var s7 = '111你1好0';
+  var s8 = '1111你1好0';
+
+  t.is(utils.replaceInvalidHttpHeaderChar(s0).val, s0);
+  t.is(utils.replaceInvalidHttpHeaderChar(s0).invalid, false);
+  t.is(utils.replaceInvalidHttpHeaderChar(s1).val, s1);
+  t.is(utils.replaceInvalidHttpHeaderChar(s1).invalid, false);
+  t.is(utils.replaceInvalidHttpHeaderChar(s2).val, s2);
+  t.is(utils.replaceInvalidHttpHeaderChar(s2).invalid, false);
+  t.is(utils.replaceInvalidHttpHeaderChar(s3).val, s3);
+  t.is(utils.replaceInvalidHttpHeaderChar(s3).invalid, false);
+  t.is(utils.replaceInvalidHttpHeaderChar(s4).val, ' 1 0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s4).invalid, true);
+  t.is(utils.replaceInvalidHttpHeaderChar(s5).val, '1 1 0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s5).invalid, true);
+  t.is(utils.replaceInvalidHttpHeaderChar(s6).val, '11 1 0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s6).invalid, true);
+  t.is(utils.replaceInvalidHttpHeaderChar(s7).val, '111 1 0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s7).invalid, true);
+  t.is(utils.replaceInvalidHttpHeaderChar(s8).val, '1111 1 0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s8).invalid, true);
+  t.is(utils.replaceInvalidHttpHeaderChar(s8, '-').val, '1111-1-0');
+  t.is(utils.replaceInvalidHttpHeaderChar(s8, '-').invalid, true);
+});