1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 18:47:34 +00:00

LibWebView: Reject cookies whose domain is on the Public Suffix List

This commit is contained in:
Timothy Flynn 2023-10-20 10:45:30 -04:00 committed by Andreas Kling
parent 9f9e5c0f55
commit a39eebeb74
2 changed files with 15 additions and 1 deletions

View file

@ -19,6 +19,7 @@
#include <LibWeb/Cookie/ParsedCookie.h>
#include <LibWebView/CookieJar.h>
#include <LibWebView/Database.h>
#include <LibWebView/URL.h>
namespace WebView {
@ -316,7 +317,18 @@ void CookieJar::store_cookie(Web::Cookie::ParsedCookie const& parsed_cookie, con
}
// 5. If the user agent is configured to reject "public suffixes" and the domain-attribute is a public suffix:
// FIXME: Support rejection of public suffixes. The full list is here: https://publicsuffix.org/list/public_suffix_list.dat
if (is_public_suffix(cookie.domain)) {
// If the domain-attribute is identical to the canonicalized request-host:
if (cookie.domain == canonicalized_domain) {
// Let the domain-attribute be the empty string.
cookie.domain = DeprecatedString::empty();
}
// Otherwise:
else {
// Ignore the cookie entirely and abort these steps.
return;
}
}
// 6. If the domain-attribute is non-empty:
if (!cookie.domain.is_empty()) {