Skip to content

Commit 2b7628f

Browse files
Reject newline characters in internal URL path inputs
Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>
1 parent 35dba33 commit 2b7628f

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

hyperbrowser/client/base.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,8 @@ def _build_url(self, path: str) -> str:
8080
raise HyperbrowserError("path must not be empty")
8181
if "\\" in stripped_path:
8282
raise HyperbrowserError("path must not contain backslashes")
83+
if "\n" in stripped_path or "\r" in stripped_path:
84+
raise HyperbrowserError("path must not contain newline characters")
8385
parsed_path = urlparse(stripped_path)
8486
if parsed_path.scheme:
8587
raise HyperbrowserError("path must be a relative API path")

tests/test_url_building.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,10 @@ def test_client_build_url_rejects_empty_or_non_string_paths():
9191
HyperbrowserError, match="path must not contain backslashes"
9292
):
9393
client._build_url(r"\\session")
94+
with pytest.raises(
95+
HyperbrowserError, match="path must not contain newline characters"
96+
):
97+
client._build_url("/session\nnext")
9498
with pytest.raises(HyperbrowserError, match="path must be a relative API path"):
9599
client._build_url("https://api.hyperbrowser.ai/session")
96100
with pytest.raises(HyperbrowserError, match="path must be a relative API path"):

0 commit comments

Comments
 (0)