+// Tests that invalid header names and values are rejected.
+IN_PROC_BROWSER_TEST_F(DownloadExtensionTest,
+ DownloadExtensionTest_Download_InvalidHeaders) {
+ LoadExtension("downloads_split");
+ ASSERT_TRUE(StartEmbeddedTestServer());
+ ASSERT_TRUE(test_server()->Start());
+ GoOnTheRecord();
+ std::string download_url = test_server()->GetURL("slow?0").spec();
+ EXPECT_STREQ(errors::kInvalidHeaderName,
+ RunFunctionAndReturnError(new DownloadsDownloadFunction(),
+ base::StringPrintf(
+ "[{\"url\": \"%s\","
+ " \"filename\": \"unsafe-header-crlf.txt\","
+ " \"headers\": [{"
+ " \"name\": \"Header\\r\\nSec-Spoof: Hey\\r\\nX-Split:X\","
+ " \"value\": \"unsafe\"}]}]",
+ download_url.c_str())).c_str());
+
+ EXPECT_STREQ(errors::kInvalidHeaderValue,
+ RunFunctionAndReturnError(new DownloadsDownloadFunction(),
+ base::StringPrintf(
+ "[{\"url\": \"%s\","
+ " \"filename\": \"unsafe-header-crlf.txt\","
+ " \"headers\": [{"
+ " \"name\": \"Invalid-value\","
+ " \"value\": \"hey\\r\\nSec-Spoof: Hey\"}]}]",
+ download_url.c_str())).c_str());
+}
+