#515 Make forgiving vs strict cookie parsers.

Tratcher · Tratcher · commit f8a1bf18d98e · 2016-02-03T11:03:16.000-08:00
diff --git a/src/Microsoft.Net.Http.Headers/CookieHeaderParser.cs b/src/Microsoft.Net.Http.Headers/CookieHeaderParser.cs
@@ -7,11 +7,6 @@ namespace Microsoft.Net.Http.Headers
 {
     internal class CookieHeaderParser : HttpHeaderParser<CookieHeaderValue>
     {
-        // The Cache-Control header is special: It is a header supporting a list of values, but we represent the list
-        // as _one_ instance of CacheControlHeaderValue. I.e we set 'SupportsMultipleValues' to 'true' since it is
-        // OK to have multiple Cache-Control headers in a request/response message. However, after parsing all
-        // Cache-Control headers, only one instance of CacheControlHeaderValue is created (if all headers contain valid
-        // values, otherwise we may have multiple strings containing the invalid values).
         internal CookieHeaderParser(bool supportsMultipleValues)
             : base(supportsMultipleValues)
         {
@@ -49,14 +44,11 @@ public sealed override bool TryParseValue(string value, ref int index, out Cooki
             }
 
             CookieHeaderValue result = null;
-            int length = CookieHeaderValue.GetCookieLength(value, current, out result);
-
-            if (length == 0)
+            if (!CookieHeaderValue.TryGetCookieLength(value, ref current, out result))
             {
                 return false;
             }
 
-            current = current + length;
             current = GetNextNonEmptyOrWhitespaceIndex(value, current, SupportsMultipleValues, out separatorFound);
 
             // If we support multiple values and we've not reached the end of the string, then we must have a separator.
@@ -91,6 +83,7 @@ private static int GetNextNonEmptyOrWhitespaceIndex(string input, int startIndex
 
             if (skipEmptyValues)
             {
+                // Most headers only split on ',', but cookies primarily split on ';'
                 while ((current < input.Length) && ((input[current] == ',') || (input[current] == ';')))
                 {
                     current++; // skip delimiter.
diff --git a/src/Microsoft.Net.Http.Headers/CookieHeaderValue.cs b/src/Microsoft.Net.Http.Headers/CookieHeaderValue.cs
@@ -107,22 +107,31 @@ public static IList<CookieHeaderValue> ParseList(IList<string> inputs)
             return MultipleValueParser.ParseValues(inputs);
         }
 
+        public static IList<CookieHeaderValue> ParseStrictList(IList<string> inputs)
+        {
+            return MultipleValueParser.ParseStrictValues(inputs);
+        }
+
         public static bool TryParseList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)
         {
             return MultipleValueParser.TryParseValues(inputs, out parsedValues);
         }
 
+        public static bool TryParseStrictList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)
+        {
+            return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);
+        }
+
         // name=value; name="value"
-        internal static int GetCookieLength(string input, int startIndex, out CookieHeaderValue parsedValue)
+        internal static bool TryGetCookieLength(string input, ref int offset, out CookieHeaderValue parsedValue)
         {
-            Contract.Requires(startIndex >= 0);
-            var offset = startIndex;
+            Contract.Requires(offset >= 0);
 
             parsedValue = null;
 
             if (string.IsNullOrEmpty(input) || (offset >= input.Length))
             {
-                return 0;
+                return false;
             }
 
             var result = new CookieHeaderValue();
@@ -135,44 +144,41 @@ internal static int GetCookieLength(string input, int startIndex, out CookieHead
             var itemLength = HttpRuleParser.GetTokenLength(input, offset);
             if (itemLength == 0)
             {
-                return 0;
+                return false;
             }
             result._name = input.Substring(offset, itemLength);
             offset += itemLength;
 
             // = (no spaces)
             if (!ReadEqualsSign(input, ref offset))
             {
-                return 0;
+                return false;
             }
 
-            string value;
             // value or "quoted value"
-            itemLength = GetCookieValueLength(input, offset, out value);
             // The value may be empty
-            result._value = input.Substring(offset, itemLength);
-            offset += itemLength;
+            result._value = GetCookieValue(input, ref offset);
 
             parsedValue = result;
-            return offset - startIndex;
+            return true;
         }
 
         // cookie-value      = *cookie-octet / ( DQUOTE* cookie-octet DQUOTE )
         // cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
         //                     ; US-ASCII characters excluding CTLs, whitespace DQUOTE, comma, semicolon, and backslash
-        internal static int GetCookieValueLength(string input, int startIndex, out string value)
+        internal static string GetCookieValue(string input, ref int offset)
         {
             Contract.Requires(input != null);
-            Contract.Requires(startIndex >= 0);
-            Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - startIndex)));
+            Contract.Requires(offset >= 0);
+            Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - offset)));
+
+            var startIndex = offset;
 
-            value = null;
-            if (startIndex >= input.Length)
+            if (offset >= input.Length)
             {
-                return 0;
+                return string.Empty;
             }
             var inQuotes = false;
-            var offset = startIndex;
 
             if (input[offset] == '"')
             {
@@ -195,19 +201,19 @@ internal static int GetCookieValueLength(string input, int startIndex, out strin
             {
                 if (offset == input.Length || input[offset] != '"')
                 {
-                    return 0; // Missing final quote
+                    // Missing final quote
+                    return string.Empty;
                 }
                 offset++;
             }
 
             int length = offset - startIndex;
-            if (length == 0)
+            if (offset > startIndex)
             {
-                return 0;
+                return input.Substring(startIndex, length);
             }
 
-            value = input.Substring(startIndex, length);
-            return length;
+            return string.Empty;
         }
 
         private static bool ReadEqualsSign(string input, ref int offset)
@@ -252,8 +258,9 @@ internal static void CheckValueFormat(string value, string parameterName)
                 throw new ArgumentNullException(nameof(value));
             }
 
-            string temp;
-            if (GetCookieValueLength(value, 0, out temp) != value.Length)
+            var offset = 0;
+            var result = GetCookieValue(value, ref offset);
+            if (result.Length != value.Length)
             {
                 throw new ArgumentException("Invalid cookie value: " + value, parameterName);
             }
diff --git a/src/Microsoft.Net.Http.Headers/HttpHeaderParser.cs b/src/Microsoft.Net.Http.Headers/HttpHeaderParser.cs
@@ -46,6 +46,16 @@ public T ParseValue(string value, ref int index)
         }
 
         public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValues)
+        {
+            return TryParseValues(values, strict: false, parsedValues: out parsedValues);
+        }
+
+        public virtual bool TryParseStrictValues(IList<string> values, out IList<T> parsedValues)
+        {
+            return TryParseValues(values, strict: true, parsedValues: out parsedValues);
+        }
+
+        protected virtual bool TryParseValues(IList<string> values, bool strict, out IList<T> parsedValues)
         {
             Contract.Assert(_supportsMultipleValues);
             // If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller
@@ -71,10 +81,15 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu
                             results.Add(output);
                         }
                     }
-                    else
+                    else if (strict)
                     {
                         return false;
                     }
+                    else
+                    {
+                        // Skip the invalid values and keep trying.
+                        index++;
+                    }
                 }
             }
             if (results.Count > 0)
@@ -85,7 +100,17 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu
             return false;
         }
 
-        public IList<T> ParseValues(IList<string> values)
+        public virtual IList<T> ParseValues(IList<string> values)
+        {
+            return ParseValues(values, strict: false);
+        }
+
+        public virtual IList<T> ParseStrictValues(IList<string> values)
+        {
+            return ParseValues(values, strict: true);
+        }
+
+        protected virtual IList<T> ParseValues(IList<string> values, bool strict)
         {
             Contract.Assert(_supportsMultipleValues);
             // If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller
@@ -110,10 +135,14 @@ public IList<T> ParseValues(IList<string> values)
                             parsedValues.Add(output);
                         }
                     }
+                    else if (strict)
+                    {
+                        throw new FormatException(string.Format(CultureInfo.InvariantCulture,
+                            "The header contains invalid values at index {0}: '{1}'", index, value));
+                    }
                     else
                     {
-                        throw new FormatException(string.Format(CultureInfo.InvariantCulture, "Invalid values '{0}'.",
-                            value.Substring(index)));
+                        index++;
                     }
                 }
             }
diff --git a/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs b/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs
@@ -195,12 +195,9 @@ private static int GetSetCookieLength(string input, int startIndex, out SetCooki
                 return 0;
             }
 
-            string value;
             // value or "quoted value"
-            itemLength = CookieHeaderValue.GetCookieValueLength(input, offset, out value);
             // The value may be empty
-            result._value = input.Substring(offset, itemLength);
-            offset += itemLength;
+            result._value = CookieHeaderValue.GetCookieValue(input, ref offset);
 
             // *(';' SP cookie-av)
             while (offset < input.Length)
diff --git a/test/Microsoft.Net.Http.Headers.Tests/CookieHeaderValueTest.cs b/test/Microsoft.Net.Http.Headers.Tests/CookieHeaderValueTest.cs
@@ -79,6 +79,7 @@ public static TheoryData<string> InvalidCookieValues
                 };
             }
         }
+
         public static TheoryData<IList<CookieHeaderValue>, string[]> ListOfCookieHeaderDataSet
         {
             get
@@ -110,8 +111,48 @@ public static TheoryData<IList<CookieHeaderValue>, string[]> ListOfCookieHeaderD
                 return dataset;
             }
         }
+        public static TheoryData<IList<CookieHeaderValue>, string[]> ListOfInvalidCookieHeaderDataSet
+        {
+            get
+            {
+                var dataset = new TheoryData<IList<CookieHeaderValue>, string[]>();
+                var header1 = new CookieHeaderValue("name1", "n1=v1&n2=v2&n3=v3");
+                var validString1 = "name1=n1=v1&n2=v2&n3=v3";
+
+                var header2 = new CookieHeaderValue("name2", "value2");
+                var validString2 = "name2=value2";
+
+                var header3 = new CookieHeaderValue("name3", "value3");
+                var validString3 = "name3=value3";
+
+                var invalidString1 = "ipt={\"v\":{\"L\":3},\"pt\":{\"d\":3},\"ct\":{},\"_t\":44,\"_v\":\"2\"}";
+
+                dataset.Add(null, new[] { invalidString1 });
+                dataset.Add(new[] { header1 }.ToList(), new[] { validString1, invalidString1 });
+                dataset.Add(new[] { header1 }.ToList(), new[] { validString1, null, "", " ", ";", " , ", invalidString1 });
+                dataset.Add(new[] { header1 }.ToList(), new[] { invalidString1, null, "", " ", ";", " , ", validString1 });
+                dataset.Add(new[] { header1 }.ToList(), new[] { validString1 + ", " + invalidString1 });
+                dataset.Add(new[] { header2 }.ToList(), new[] { invalidString1 + ", " + validString2 });
+                dataset.Add(new[] { header1 }.ToList(), new[] { invalidString1 + "; " + validString1 });
+                dataset.Add(new[] { header2 }.ToList(), new[] { validString2 + "; " + invalidString1 });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { invalidString1, validString1, validString2, validString3  });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { validString1, invalidString1, validString2, validString3 });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { validString1, validString2, invalidString1, validString3 });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { validString1, validString2, validString3, invalidString1 });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(",", invalidString1, validString1, validString2, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(",", validString1, invalidString1, validString2, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(",", validString1, validString2, invalidString1, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(",", validString1, validString2, validString3, invalidString1) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(";", invalidString1, validString1, validString2, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(";", validString1, invalidString1, validString2, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(";", validString1, validString2, invalidString1, validString3) });
+                dataset.Add(new[] { header1, header2, header3 }.ToList(), new[] { string.Join(";", validString1, validString2, validString3, invalidString1) });
 
-        // TODO: [Fact]
+                return dataset;
+            }
+        }
+
+        [Fact]
         public void CookieHeaderValue_CtorThrowsOnNullName()
         {
             Assert.Throws<ArgumentNullException>(() => new CookieHeaderValue(null, "value"));
@@ -225,5 +266,41 @@ public void CookieHeaderValue_TryParseList_AcceptsValidValues(IList<CookieHeader
 
             Assert.Equal(cookies, results);
         }
+
+        [Theory]
+        [MemberData(nameof(ListOfInvalidCookieHeaderDataSet))]
+        public void CookieHeaderValue_ParseStrictList_ThrowsForAnyInvalidValues(IList<CookieHeaderValue> cookies, string[] input)
+        {
+            Assert.Throws<FormatException>(() => CookieHeaderValue.ParseStrictList(input));
+        }
+
+        [Theory]
+        [MemberData(nameof(ListOfInvalidCookieHeaderDataSet))]
+        public void CookieHeaderValue_TryParseStrictList_FailsForAnyInvalidValues(IList<CookieHeaderValue> cookies, string[] input)
+        {
+            IList<CookieHeaderValue> results;
+            bool result = CookieHeaderValue.TryParseStrictList(input, out results);
+            Assert.False(result);
+            Assert.Null(results);
+        }
+
+        [Theory]
+        [MemberData(nameof(ListOfInvalidCookieHeaderDataSet))]
+        public void CookieHeaderValue_ParseList_ExcludesInvalidValues(IList<CookieHeaderValue> cookies, string[] input)
+        {
+            var results = CookieHeaderValue.ParseList(input);
+            // ParseList aways returns a list, even if empty. TryParseList may return null (via out).
+            Assert.Equal(cookies ?? new List<CookieHeaderValue>(), results);
+        }
+
+        [Theory]
+        [MemberData(nameof(ListOfInvalidCookieHeaderDataSet))]
+        public void CookieHeaderValue_TryParseList_ExcludesInvalidValues(IList<CookieHeaderValue> cookies, string[] input)
+        {
+            IList<CookieHeaderValue> results;
+            bool result = CookieHeaderValue.TryParseList(input, out results);
+            Assert.Equal(cookies, results);
+            Assert.Equal(cookies?.Count > 0, result);
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -7,11 +7,6 @@ namespace Microsoft.Net.Http.Headers`
`7`	`7`	`{`
`8`	`8`	`internal class CookieHeaderParser : HttpHeaderParser<CookieHeaderValue>`
`9`	`9`	`{`
`10`		`- // The Cache-Control header is special: It is a header supporting a list of values, but we represent the list`
`11`		`- // as _one_ instance of CacheControlHeaderValue. I.e we set 'SupportsMultipleValues' to 'true' since it is`
`12`		`- // OK to have multiple Cache-Control headers in a request/response message. However, after parsing all`
`13`		`- // Cache-Control headers, only one instance of CacheControlHeaderValue is created (if all headers contain valid`
`14`		`- // values, otherwise we may have multiple strings containing the invalid values).`
`15`	`10`	`internal CookieHeaderParser(bool supportsMultipleValues)`
`16`	`11`	`: base(supportsMultipleValues)`
`17`	`12`	`{`
`@@ -49,14 +44,11 @@ public sealed override bool TryParseValue(string value, ref int index, out Cooki`
`49`	`44`	`}`
`50`	`45`
`51`	`46`	`CookieHeaderValue result = null;`
`52`		`- int length = CookieHeaderValue.GetCookieLength(value, current, out result);`
`53`		`-`
`54`		`- if (length == 0)`
	`47`	`+ if (!CookieHeaderValue.TryGetCookieLength(value, ref current, out result))`
`55`	`48`	`{`
`56`	`49`	`return false;`
`57`	`50`	`}`
`58`	`51`
`59`		`- current = current + length;`
`60`	`52`	`current = GetNextNonEmptyOrWhitespaceIndex(value, current, SupportsMultipleValues, out separatorFound);`
`61`	`53`
`62`	`54`	`// If we support multiple values and we've not reached the end of the string, then we must have a separator.`
`@@ -91,6 +83,7 @@ private static int GetNextNonEmptyOrWhitespaceIndex(string input, int startIndex`
`91`	`83`
`92`	`84`	`if (skipEmptyValues)`
`93`	`85`	`{`
	`86`	`+ // Most headers only split on ',', but cookies primarily split on ';'`
`94`	`87`	`while ((current < input.Length) && ((input[current] == ',') \|\| (input[current] == ';')))`
`95`	`88`	`{`
`96`	`89`	`current++; // skip delimiter.`
Original file line number	Diff line number	Diff line change
`@@ -107,22 +107,31 @@ public static IList<CookieHeaderValue> ParseList(IList<string> inputs)`
`107`	`107`	`return MultipleValueParser.ParseValues(inputs);`
`108`	`108`	`}`
`109`	`109`
	`110`	`+ public static IList<CookieHeaderValue> ParseStrictList(IList<string> inputs)`
	`111`	`+ {`
	`112`	`+ return MultipleValueParser.ParseStrictValues(inputs);`
	`113`	`+ }`
	`114`	`+`
`110`	`115`	`public static bool TryParseList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)`
`111`	`116`	`{`
`112`	`117`	`return MultipleValueParser.TryParseValues(inputs, out parsedValues);`
`113`	`118`	`}`
`114`	`119`
	`120`	`+ public static bool TryParseStrictList(IList<string> inputs, out IList<CookieHeaderValue> parsedValues)`
	`121`	`+ {`
	`122`	`+ return MultipleValueParser.TryParseStrictValues(inputs, out parsedValues);`
	`123`	`+ }`
	`124`	`+`
`115`	`125`	`// name=value; name="value"`
`116`		`- internal static int GetCookieLength(string input, int startIndex, out CookieHeaderValue parsedValue)`
	`126`	`+ internal static bool TryGetCookieLength(string input, ref int offset, out CookieHeaderValue parsedValue)`
`117`	`127`	`{`
`118`		`- Contract.Requires(startIndex >= 0);`
`119`		`- var offset = startIndex;`
	`128`	`+ Contract.Requires(offset >= 0);`
`120`	`129`
`121`	`130`	`parsedValue = null;`
`122`	`131`
`123`	`132`	`if (string.IsNullOrEmpty(input) \|\| (offset >= input.Length))`
`124`	`133`	`{`
`125`		`- return 0;`
	`134`	`+ return false;`
`126`	`135`	`}`
`127`	`136`
`128`	`137`	`var result = new CookieHeaderValue();`
`@@ -135,44 +144,41 @@ internal static int GetCookieLength(string input, int startIndex, out CookieHead`
`135`	`144`	`var itemLength = HttpRuleParser.GetTokenLength(input, offset);`
`136`	`145`	`if (itemLength == 0)`
`137`	`146`	`{`
`138`		`- return 0;`
	`147`	`+ return false;`
`139`	`148`	`}`
`140`	`149`	`result._name = input.Substring(offset, itemLength);`
`141`	`150`	`offset += itemLength;`
`142`	`151`
`143`	`152`	`// = (no spaces)`
`144`	`153`	`if (!ReadEqualsSign(input, ref offset))`
`145`	`154`	`{`
`146`		`- return 0;`
	`155`	`+ return false;`
`147`	`156`	`}`
`148`	`157`
`149`		`- string value;`
`150`	`158`	`// value or "quoted value"`
`151`		`- itemLength = GetCookieValueLength(input, offset, out value);`
`152`	`159`	`// The value may be empty`
`153`		`- result._value = input.Substring(offset, itemLength);`
`154`		`- offset += itemLength;`
	`160`	`+ result._value = GetCookieValue(input, ref offset);`
`155`	`161`
`156`	`162`	`parsedValue = result;`
`157`		`- return offset - startIndex;`
	`163`	`+ return true;`
`158`	`164`	`}`
`159`	`165`
`160`	`166`	`// cookie-value = cookie-octet / ( DQUOTE cookie-octet DQUOTE )`
`161`	`167`	`// cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E`
`162`	`168`	`// ; US-ASCII characters excluding CTLs, whitespace DQUOTE, comma, semicolon, and backslash`
`163`		`- internal static int GetCookieValueLength(string input, int startIndex, out string value)`
	`169`	`+ internal static string GetCookieValue(string input, ref int offset)`
`164`	`170`	`{`
`165`	`171`	`Contract.Requires(input != null);`
`166`		`- Contract.Requires(startIndex >= 0);`
`167`		`- Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - startIndex)));`
	`172`	`+ Contract.Requires(offset >= 0);`
	`173`	`+ Contract.Ensures((Contract.Result<int>() >= 0) && (Contract.Result<int>() <= (input.Length - offset)));`
	`174`	`+`
	`175`	`+ var startIndex = offset;`
`168`	`176`
`169`		`- value = null;`
`170`		`- if (startIndex >= input.Length)`
	`177`	`+ if (offset >= input.Length)`
`171`	`178`	`{`
`172`		`- return 0;`
	`179`	`+ return string.Empty;`
`173`	`180`	`}`
`174`	`181`	`var inQuotes = false;`
`175`		`- var offset = startIndex;`
`176`	`182`
`177`	`183`	`if (input[offset] == '"')`
`178`	`184`	`{`
`@@ -195,19 +201,19 @@ internal static int GetCookieValueLength(string input, int startIndex, out strin`
`195`	`201`	`{`
`196`	`202`	`if (offset == input.Length \|\| input[offset] != '"')`
`197`	`203`	`{`
`198`		`- return 0; // Missing final quote`
	`204`	`+ // Missing final quote`
	`205`	`+ return string.Empty;`
`199`	`206`	`}`
`200`	`207`	`offset++;`
`201`	`208`	`}`
`202`	`209`
`203`	`210`	`int length = offset - startIndex;`
`204`		`- if (length == 0)`
	`211`	`+ if (offset > startIndex)`
`205`	`212`	`{`
`206`		`- return 0;`
	`213`	`+ return input.Substring(startIndex, length);`
`207`	`214`	`}`
`208`	`215`
`209`		`- value = input.Substring(startIndex, length);`
`210`		`- return length;`
	`216`	`+ return string.Empty;`
`211`	`217`	`}`
`212`	`218`
`213`	`219`	`private static bool ReadEqualsSign(string input, ref int offset)`
`@@ -252,8 +258,9 @@ internal static void CheckValueFormat(string value, string parameterName)`
`252`	`258`	`throw new ArgumentNullException(nameof(value));`
`253`	`259`	`}`
`254`	`260`
`255`		`- string temp;`
`256`		`- if (GetCookieValueLength(value, 0, out temp) != value.Length)`
	`261`	`+ var offset = 0;`
	`262`	`+ var result = GetCookieValue(value, ref offset);`
	`263`	`+ if (result.Length != value.Length)`
`257`	`264`	`{`
`258`	`265`	`throw new ArgumentException("Invalid cookie value: " + value, parameterName);`
`259`	`266`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,16 @@ public T ParseValue(string value, ref int index)`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValues)`
	`49`	`+ {`
	`50`	`+ return TryParseValues(values, strict: false, parsedValues: out parsedValues);`
	`51`	`+ }`
	`52`	`+`
	`53`	`+ public virtual bool TryParseStrictValues(IList<string> values, out IList<T> parsedValues)`
	`54`	`+ {`
	`55`	`+ return TryParseValues(values, strict: true, parsedValues: out parsedValues);`
	`56`	`+ }`
	`57`	`+`
	`58`	`+ protected virtual bool TryParseValues(IList<string> values, bool strict, out IList<T> parsedValues)`
`49`	`59`	`{`
`50`	`60`	`Contract.Assert(_supportsMultipleValues);`
`51`	`61`	`// If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller`
`@@ -71,10 +81,15 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu`
`71`	`81`	`results.Add(output);`
`72`	`82`	`}`
`73`	`83`	`}`
`74`		`- else`
	`84`	`+ else if (strict)`
`75`	`85`	`{`
`76`	`86`	`return false;`
`77`	`87`	`}`
	`88`	`+ else`
	`89`	`+ {`
	`90`	`+ // Skip the invalid values and keep trying.`
	`91`	`+ index++;`
	`92`	`+ }`
`78`	`93`	`}`
`79`	`94`	`}`
`80`	`95`	`if (results.Count > 0)`
`@@ -85,7 +100,17 @@ public virtual bool TryParseValues(IList<string> values, out IList<T> parsedValu`
`85`	`100`	`return false;`
`86`	`101`	`}`
`87`	`102`
`88`		`- public IList<T> ParseValues(IList<string> values)`
	`103`	`+ public virtual IList<T> ParseValues(IList<string> values)`
	`104`	`+ {`
	`105`	`+ return ParseValues(values, strict: false);`
	`106`	`+ }`
	`107`	`+`
	`108`	`+ public virtual IList<T> ParseStrictValues(IList<string> values)`
	`109`	`+ {`
	`110`	`+ return ParseValues(values, strict: true);`
	`111`	`+ }`
	`112`	`+`
	`113`	`+ protected virtual IList<T> ParseValues(IList<string> values, bool strict)`
`89`	`114`	`{`
`90`	`115`	`Contract.Assert(_supportsMultipleValues);`
`91`	`116`	`// If a parser returns an empty list, it means there was no value, but that's valid (e.g. "Accept: "). The caller`
`@@ -110,10 +135,14 @@ public IList<T> ParseValues(IList<string> values)`
`110`	`135`	`parsedValues.Add(output);`
`111`	`136`	`}`
`112`	`137`	`}`
	`138`	`+ else if (strict)`
	`139`	`+ {`
	`140`	`+ throw new FormatException(string.Format(CultureInfo.InvariantCulture,`
	`141`	`+ "The header contains invalid values at index {0}: '{1}'", index, value));`
	`142`	`+ }`
`113`	`143`	`else`
`114`	`144`	`{`
`115`		`- throw new FormatException(string.Format(CultureInfo.InvariantCulture, "Invalid values '{0}'.",`
`116`		`- value.Substring(index)));`
	`145`	`+ index++;`
`117`	`146`	`}`
`118`	`147`	`}`
`119`	`148`	`}`