bun.sh/test/js/web at 172bd045d8b2c5fecec866eb401e2749208b93b4 - bun.sh - SEPPJM.COM Git Server

mirrors/bun.sh

mirror of https://github.com/oven-sh/bun synced 2026-02-18 06:41:50 +00:00

Files

History

Claude Bot ca6b28b2ac fix(websocket): validate Sec-WebSocket-Accept header per RFC 6455

The WebSocket upgrade client checked that the Sec-WebSocket-Accept
header was present but never validated its value against the expected
SHA-1 hash of the client's Sec-WebSocket-Key concatenated with the
RFC 6455 magic GUID. This allowed a MitM attacker to fake a WebSocket
handshake with any arbitrary accept value.

Store the expected accept value (computed during request construction)
on the client struct and validate it against the server's response
during the upgrade handshake.

Co-Authored-By: Claude <noreply@anthropic.com>

2026-02-12 04:49:38 +00:00

..

Rewrite AbortSignal.timeout (#21695 )

2025-08-08 23:07:19 -07:00

broadcastchannel

Add BroadcastChannel.prototype[util.inspect.custom] (#19269 )

2025-04-25 18:25:22 -07:00

fix(console): implement %j format specifier for JSON output (#25195 )

2025-11-28 22:57:55 -08:00

Remove @known-failing-on-windows for tests which are no longer failing on windows

2024-01-24 21:03:32 -08:00

fix writing UTF-16 with a trailing unpaired surrogate to process.stdout/stderr (#23444 )

2025-10-10 03:48:04 -07:00

fix(fetch): preserve header case when sending HTTP requests (#26425 )

2026-01-26 11:15:33 -08:00

fix(web): make URLSearchParams.prototype.size configurable (#25762 )

2026-01-02 04:57:48 -08:00

fix: Response.clone() no longer locks body when body was accessed before clone (#25484 )

2025-12-15 18:46:02 -08:00

add brotli and zstd to CompressionStream and DecompressionStream types (#25374 )

2025-12-09 17:56:55 -08:00

deflake setTimeout.test.js (#19636 )

2025-05-14 18:49:11 -07:00

run prettier and add back format action (#13722 )

2024-09-03 21:32:52 -07:00

feat(url): implement URLPattern API (#25168 )

2025-11-28 00:04:30 -08:00

Upgrade SIMDUTF, 8x faster atob (#11085 )

2024-05-15 03:42:36 -07:00

fix(websocket): validate Sec-WebSocket-Accept header per RFC 6455

2026-02-12 04:49:38 +00:00

Add string fast path for postMessage and structuredClone (#21926 )

2025-08-20 00:25:00 -07:00

atomics.test.ts

docs: document Atomics global support (#21625 )

2025-08-05 11:48:38 -07:00

confirm-fixture.js

Fixes #5985 (#5986 )

2023-09-24 03:16:51 -07:00

explicit-resource-management.test.ts

Update prettier (#8198 )

2024-01-15 23:47:13 -08:00

nationalized.test.ts

run prettier and add back format action (#13722 )

2024-09-03 21:32:52 -07:00

structured-clone-blob-file.test.ts

Fix structuredClone pointer advancement and File name preservation for Blob/File objects (#22282 )

2025-08-31 13:52:43 -07:00

structured-clone-fastpath.test.ts

perf(structuredClone): add fast path for arrays containing simple objects (#26818 )

2026-02-09 21:54:41 -08:00

web-globals.test.js

Use ReadableStream.prototype.* in tests instead of new Response(...).* (#20937 )

2025-07-14 00:47:53 -07:00