mirror of
https://github.com/RGBCube/serenity
synced 2025-07-28 00:07:35 +00:00
Browser+LibWeb+WebContent: Parse cookies in the OOP tab
To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
This commit is contained in:
Timothy Flynn
Andreas Kling
parent
6e10c2cdb7
commit
2381b19719
19 changed files with 79 additions and 26 deletions
|
|
@ -25,7 +25,10 @@
|
|||
*/
|
||||
|
||||
#include "ParsedCookie.h"
|
||||
#include <AK/StdLibExtras.h>
|
||||
#include <AK/Vector.h>
|
||||
#include <LibIPC/Decoder.h>
|
||||
#include <LibIPC/Encoder.h>
|
||||
#include <ctype.h>
|
||||
|
||||
namespace Web::Cookie {
|
||||
|
|
@ -351,3 +354,39 @@ Optional<Core::DateTime> parse_date_time(StringView date_string)
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
bool IPC::encode(IPC::Encoder& encoder, const Web::Cookie::ParsedCookie& cookie)
|
||||
{
|
||||
encoder << cookie.name;
|
||||
encoder << cookie.value;
|
||||
encoder << cookie.expiry_time_from_expires_attribute;
|
||||
encoder << cookie.expiry_time_from_max_age_attribute;
|
||||
encoder << cookie.domain;
|
||||
encoder << cookie.path;
|
||||
encoder << cookie.secure_attribute_present;
|
||||
encoder << cookie.http_only_attribute_present;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool IPC::decode(IPC::Decoder& decoder, Web::Cookie::ParsedCookie& cookie)
|
||||
{
|
||||
if (!decoder.decode(cookie.name))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.value))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.expiry_time_from_expires_attribute))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.expiry_time_from_max_age_attribute))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.domain))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.path))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.secure_attribute_present))
|
||||
return false;
|
||||
if (!decoder.decode(cookie.http_only_attribute_present))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@
|
|||
#include <AK/Optional.h>
|
||||
#include <AK/String.h>
|
||||
#include <LibCore/DateTime.h>
|
||||
#include <LibIPC/Forward.h>
|
||||
|
||||
namespace Web::Cookie {
|
||||
|
||||
|
|
@ -46,3 +47,10 @@ struct ParsedCookie {
|
|||
Optional<ParsedCookie> parse_cookie(const String& cookie_string);
|
||||
|
||||
}
|
||||
|
||||
namespace IPC {
|
||||
|
||||
bool encode(IPC::Encoder&, const Web::Cookie::ParsedCookie&);
|
||||
bool decode(IPC::Decoder&, Web::Cookie::ParsedCookie&);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
#include <LibWeb/Bindings/MainThreadVM.h>
|
||||
#include <LibWeb/Bindings/WindowObject.h>
|
||||
#include <LibWeb/CSS/StyleResolver.h>
|
||||
#include <LibWeb/Cookie/ParsedCookie.h>
|
||||
#include <LibWeb/DOM/Comment.h>
|
||||
#include <LibWeb/DOM/DOMException.h>
|
||||
#include <LibWeb/DOM/Document.h>
|
||||
|
|
@ -828,10 +829,14 @@ String Document::cookie(Cookie::Source source)
|
|||
return {};
|
||||
}
|
||||
|
||||
void Document::set_cookie(String cookie, Cookie::Source source)
|
||||
void Document::set_cookie(String cookie_string, Cookie::Source source)
|
||||
{
|
||||
auto cookie = Cookie::parse_cookie(cookie_string);
|
||||
if (!cookie.has_value())
|
||||
return;
|
||||
|
||||
if (auto* page = this->page())
|
||||
page->client().page_did_set_cookie(m_url, cookie, source);
|
||||
page->client().page_did_set_cookie(m_url, cookie.value(), source);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -440,7 +440,7 @@ String InProcessWebView::page_did_request_cookie(const URL& url, Cookie::Source
|
|||
return {};
|
||||
}
|
||||
|
||||
void InProcessWebView::page_did_set_cookie(const URL& url, const String& cookie, Cookie::Source source)
|
||||
void InProcessWebView::page_did_set_cookie(const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source)
|
||||
{
|
||||
if (on_set_cookie)
|
||||
on_set_cookie(url, cookie, source);
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ private:
|
|||
virtual bool page_did_request_confirm(const String&) override;
|
||||
virtual String page_did_request_prompt(const String&, const String&) override;
|
||||
virtual String page_did_request_cookie(const URL&, Cookie::Source) override;
|
||||
virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) override;
|
||||
virtual void page_did_set_cookie(const URL&, const Cookie::ParsedCookie&, Cookie::Source) override;
|
||||
|
||||
void layout_and_sync_size();
|
||||
|
||||
|
|
|
|||
|
|
@ -372,7 +372,7 @@ String OutOfProcessWebView::notify_server_did_request_cookie(Badge<WebContentCli
|
|||
return {};
|
||||
}
|
||||
|
||||
void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source)
|
||||
void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source)
|
||||
{
|
||||
if (on_set_cookie)
|
||||
on_set_cookie(url, cookie, source);
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ public:
|
|||
void notify_server_did_js_console_output(const String& method, const String& line);
|
||||
void notify_server_did_change_favicon(const Gfx::Bitmap& favicon);
|
||||
String notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url, Cookie::Source source);
|
||||
void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source);
|
||||
void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source);
|
||||
|
||||
private:
|
||||
OutOfProcessWebView();
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ public:
|
|||
virtual bool page_did_request_confirm(const String&) { return false; }
|
||||
virtual String page_did_request_prompt(const String&, const String&) { return {}; }
|
||||
virtual String page_did_request_cookie(const URL&, Cookie::Source) { return {}; }
|
||||
virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) { }
|
||||
virtual void page_did_set_cookie(const URL&, const Cookie::ParsedCookie&, Cookie::Source) { }
|
||||
|
||||
protected:
|
||||
virtual ~PageClient() = default;
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
#include "WebContentClient.h"
|
||||
#include "OutOfProcessWebView.h"
|
||||
#include <AK/Debug.h>
|
||||
#include <LibWeb/Cookie/ParsedCookie.h>
|
||||
|
||||
namespace Web {
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
|
||||
#include <AK/HashMap.h>
|
||||
#include <LibIPC/ServerConnection.h>
|
||||
#include <LibWeb/Cookie/ParsedCookie.h>
|
||||
#include <WebContent/WebContentClientEndpoint.h>
|
||||
#include <WebContent/WebContentServerEndpoint.h>
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ public:
|
|||
Function<void(const URL&, const String&)> on_get_source;
|
||||
Function<void(const String& method, const String& line)> on_js_console_output;
|
||||
Function<String(const URL& url, Cookie::Source source)> on_get_cookie;
|
||||
Function<void(const URL& url, const String& cookie, Cookie::Source source)> on_set_cookie;
|
||||
Function<void(const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source)> on_set_cookie;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue