2 files changed, 24 insertions, 1 deletions

diff --git a/plugins/mozjs.c b/plugins/mozjs.c
index 9d1ad6f..af91fea 100644
--- a/plugins/mozjs.c
+++ b/plugins/mozjs.c
@@ -122,9 +122,20 @@ static JSBool dnsresolve(JSContext *ctx, uintN argc, jsval *vp)
 	char address[NI_MAXHOST];
 	jsval *argv = JS_ARGV(ctx, vp);
 	char *host = JS_EncodeString(ctx, JS_ValueToString(ctx, argv[0]));
+	char **split_res;
 
 	DBG("host %s", host);
 
+	/* Q&D test on host to know if it is a proper hostname */
+	split_res = g_strsplit_set(host, ":%?!,;@\\'*|<>{}[]()+=$&~# \"", -1);
+	if (split_res) {
+		int length = g_strv_length(split_res);
+		g_strfreev(split_res);
+
+		if (length > 1)
+			goto out;
+	}
+
 	JS_SET_RVAL(ctx, vp, JSVAL_NULL);
 
 	if (resolve(host, address, sizeof(address)) < 0)
diff --git a/plugins/v8.cc b/plugins/v8.cc
index cc38189..6cb28ca 100644
--- a/plugins/v8.cc
+++ b/plugins/v8.cc
@@ -123,13 +123,25 @@ static v8::Handle<v8::Value> dnsresolve(const v8::Arguments& args)
 {
 	char address[NI_MAXHOST];
 	v8::String::Utf8Value host(args[0]);
+	char **split_res;
 
 	if (args.Length() != 1)
 		return v8::ThrowException(v8::String::New("Bad parameters"));
 
-		
 	DBG("host %s", *host);
 
+	/* Q&D test on host to know if it is a proper hostname */
+	split_res = g_strsplit_set(*host, ":%?!,;@\\'*|<>{}[]()+=$&~# \"", -1);
+	if (split_res) {
+		int length = g_strv_length(split_res);
+		g_strfreev(split_res);
+
+		if (length > 1) {
+			v8::ThrowException(
+				v8::String::New("Failed to resolve"));
+		}
+	}
+
 	if (resolve(*host, address, sizeof(address)) < 0)
 		return v8::ThrowException(v8::String::New("Failed to resolve"));