RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 07:07:34 +00:00
Code Issues Activity Actions

LibWeb: Impose a sane max cookie size

Browse source 
Drop cookies larger than 4KiB. This value is the RFC's recommendation:
https://tools.ietf.org/html/rfc6265#section-6.1
This commit is contained in:
Timothy Flynn 2021-04-15 08:44:59 -04:00 committed by Andreas Kling
parent da92c0e1ca
commit 67884f6747
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Base/res/html/misc/cookie.html
View file

@ -14,6 +14,8 @@
<label for=invalid3>The cookie expired in the past</label> <label for=invalid3>The cookie expired in the past</label>
<br /><input id=invalid4 type=button onclick="setCookie(this.value)" value="cookie7=value7; expires=Mon, 23 Jan 1989 08:10:36 GMT" /> <br /><input id=invalid4 type=button onclick="setCookie(this.value)" value="cookie7=value7; expires=Mon, 23 Jan 1989 08:10:36 GMT" />
<label for=invalid4>The cookie expired in the past</label> <label for=invalid4>The cookie expired in the past</label>
<br /><input id=invalid5 type=button onclick="setTooLargeCookie()" value="cookie10=[more than 4096 chars]" />
<label for=invalid5>The cookie is too large</label>
<br /> <br />
<h3>Unretrievable cookies (the browser should accept these but not display them):</h3> <h3>Unretrievable cookies (the browser should accept these but not display them):</h3>
@ -31,6 +33,11 @@
document.getElementById('cookies').innerHTML = document.cookie; document.getElementById('cookies').innerHTML = document.cookie;
} }
function setTooLargeCookie() {
const cookie = 'name=' + 'x'.repeat(4 << 10);
setCookie(cookie);
}
document.getElementById('cookies').innerHTML = document.cookie; document.getElementById('cookies').innerHTML = document.cookie;
</script> </script>
</body> </body>

6
Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp
View file

@ -30,6 +30,8 @@
namespace Web::Cookie { namespace Web::Cookie {
static constexpr size_t s_max_cookie_size = 4096;
static void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes); static void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes);
static void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value); static void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value);
static void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value); static void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
@ -43,6 +45,10 @@ static Optional<Core::DateTime> parse_date_time(StringView date_string);
Optional<ParsedCookie> parse_cookie(const String& cookie_string) Optional<ParsedCookie> parse_cookie(const String& cookie_string)
{ {
// https://tools.ietf.org/html/rfc6265#section-5.2 // https://tools.ietf.org/html/rfc6265#section-5.2
if (cookie_string.length() > s_max_cookie_size)
return {};
StringView name_value_pair; StringView name_value_pair;
StringView unparsed_attributes; StringView unparsed_attributes;