From fccea8888e6d221916ace039fdc6af9604257046 Mon Sep 17 00:00:00 2001
From: Kenneth Myhra <kennethmyhra@gmail.com>
Date: Wed, 13 Apr 2022 21:44:16 +0200
Subject: [PATCH] LibWeb: Use a more restrictive regex for method token
 production

This changes the regular expression for is_method() to a more
restrictive pattern.
---
 Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
index 2c8e783de2cb78..314f12e2ff6590 100644
--- a/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
+++ b/Userland/Libraries/LibWeb/XHR/XMLHttpRequest.cpp
@@ -390,8 +390,8 @@ static bool is_forbidden_method(String const& method)
 // https://fetch.spec.whatwg.org/#concept-method
 static bool is_method(String const& method)
 {
-    Regex<ECMA262Parser> regex { R"~~~(^.*["(),\/:;<=>?@\\[\]{}]+.*$)~~~" };
-    return !regex.has_match(method);
+    Regex<ECMA262Parser> regex { R"~~~(^[A-Za-z0-9!#$%&'*+-.^_`|~]+$)~~~" };
+    return regex.has_match(method);
 }
 
 // https://fetch.spec.whatwg.org/#concept-method-normalize