Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 21:31:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1233784 - Disallow illegal characters in cookie names. r=jduell

Browse Source
This commit is contained in:
Nicholas Hurley 2015-12-17 14:41:38 -08:00
parent c2d5cae269
commit 151ac66626
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
netwerk/cookie/nsCookieService.cpp
View File

@ -3171,7 +3171,13 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI,
return newCookie;
}
if (cookieAttributes.name.Contains('\t')) {
const char illegalNameCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
0x1F, 0x20, 0x00 };
if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) {
COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
return newCookie;
}

1
netwerk/test/unit/test_cookie_blacklist.js
View File

@ -9,6 +9,7 @@ function run_test() {
.getService(Ci.nsICookieService);
cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie1=\x01", null, null);
cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie2=\v", null, null);
cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "Bad\x07Name=illegal", null, null);
cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, GOOD_COOKIE, null, null);
var storedCookie = cookieService.getCookieString(cookieURI, null);