зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1191423 - Disallow illegal characters in cookies. r=jduell
--HG-- extra : rebase_source : 52148cfd4f095f599ed21c8322215d57b6ec4ae0
This commit is contained in:
Родитель
76e27d8d68
Коммит
e205c39fb7
|
@ -2883,6 +2883,21 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI,
|
|||
return newCookie;
|
||||
}
|
||||
|
||||
// reject cookie if value contains an RFC 6265 disallowed character - see
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1191423
|
||||
// NOTE: this is not the full set of characters disallowed by 6265 - notably
|
||||
// 0x09, 0x20, 0x22, 0x2C, 0x5C, and 0x7F are missing from this list. This is
|
||||
// for parity with Chrome.
|
||||
const char illegalCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
|
||||
0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
|
||||
0x1E, 0x1F, 0x3B };
|
||||
if (cookieAttributes.value.FindCharInSet(illegalCharacters, 0) != -1) {
|
||||
COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid value character");
|
||||
return newCookie;
|
||||
}
|
||||
|
||||
// create a new nsCookie and copy attributes
|
||||
nsRefPtr<nsCookie> cookie =
|
||||
nsCookie::Create(cookieAttributes.name,
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
const GOOD_COOKIE = "GoodCookie=OMNOMNOM";
|
||||
|
||||
function run_test() {
|
||||
var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
|
||||
var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
|
||||
null, null);
|
||||
|
||||
var cookieService = Cc["@mozilla.org/cookieService;1"]
|
||||
.getService(Ci.nsICookieService);
|
||||
cookieService.setCookieString(cookieURI, null, "BadCookie1=\x01", null);
|
||||
cookieService.setCookieString(cookieURI, null, "BadCookie2=\v", null);
|
||||
cookieService.setCookieString(cookieURI, null, GOOD_COOKIE, null);
|
||||
|
||||
var storedCookie = cookieService.getCookieString(cookieURI, null);
|
||||
do_check_eq(storedCookie, GOOD_COOKIE);
|
||||
}
|
|
@ -328,3 +328,4 @@ skip-if = os == "android"
|
|||
[test_dns_disable_ipv6.js]
|
||||
[test_packaged_app_service_paths.js]
|
||||
[test_bug1195415.js]
|
||||
[test_cookie_blacklist.js]
|
||||
|
|
Загрузка…
Ссылка в новой задаче