RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 23:27:43 +00:00
Code Issues Activity Actions

LibWeb: Impose a sane max cookie size

Browse source 
Drop cookies larger than 4KiB. This value is the RFC's recommendation:
https://tools.ietf.org/html/rfc6265#section-6.1
This commit is contained in:
Timothy Flynn 2021-04-15 08:44:59 -04:00 committed by Andreas Kling
parent da92c0e1ca
commit 67884f6747
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Base/res/html/misc/cookie.html
View file

@ -14,6 +14,8 @@
<label for=invalid3>The cookie expired in the past</label>
<br /><input id=invalid4 type=button onclick="setCookie(this.value)" value="cookie7=value7; expires=Mon, 23 Jan 1989 08:10:36 GMT" />
<label for=invalid4>The cookie expired in the past</label>
<br /><input id=invalid5 type=button onclick="setTooLargeCookie()" value="cookie10=[more than 4096 chars]" />
<label for=invalid5>The cookie is too large</label>
<br />
<h3>Unretrievable cookies (the browser should accept these but not display them):</h3>
@ -31,6 +33,11 @@
document.getElementById('cookies').innerHTML = document.cookie;
}
function setTooLargeCookie() {
const cookie = 'name=' + 'x'.repeat(4 << 10);
setCookie(cookie);
}
document.getElementById('cookies').innerHTML = document.cookie;
</script>
</body>