lib/em-websocket/handler76.rb in em-websocket-0.1.2 vs lib/em-websocket/handler76.rb in em-websocket-0.1.3

@@ -47,10 +47,13 @@
       def extract_nums(string)
         string.scan(/[0-9]/).join.to_i
       end
 
       def count_spaces(string)
-        string.scan(/ /).size
+        spaces = string.scan(/ /).size
+        # As per 5.2.5, abort the connection if spaces are zero.
+        raise HandshakeError, "Websocket Key1 or Key2 does not contain spaces - this is a symptom of a cross-protocol attack" if spaces == 0
+        return spaces
       end
 
       def validate_protocol!(protocol)
         raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty?
         # TODO: Validate characters