1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 02:42:32 +00:00
serenity/Base/res/html/misc/cookie.html
Timothy Flynn 67884f6747 LibWeb: Impose a sane max cookie size
Drop cookies larger than 4KiB. This value is the RFC's recommendation:
https://tools.ietf.org/html/rfc6265#section-6.1
2021-04-16 19:19:31 +02:00

43 lines
2.3 KiB
HTML

<body>
<h3>Valid cookies:</h3>
<br /><input type=button onclick="setCookie(this.value)" value="cookie1=value1; max-age=5; path=/res/html" />
<br /><input type=button onclick="setCookie(this.value)" value="cookie2=value2; expires=Sat, 23 Jan 2060 08:10:36 GMT" />
<br /><input type=button onclick="setCookie(this.value)" value="cookie3=value3" />
<br />
<h3>Invalid cookies (the browser should reject these):</h3>
<br /><input id=invalid1 type=button onclick="setCookie(this.value)" value="cookie4=value4; domain=serenityos.org" />
<label for=invalid1>The Domain attribute does not domain-match this page</label>
<br /><input id=invalid2 type=button onclick="setCookie(this.value)" value="cookie5=value5; httponly" />
<label for=invalid2>The cookie is HttpOnly thus cannot be set via JavaScript</label>
<br /><input id=invalid3 type=button onclick="setCookie(this.value)" value="cookie6=value6; max-age=-1" />
<label for=invalid3>The cookie expired in the past</label>
<br /><input id=invalid4 type=button onclick="setCookie(this.value)" value="cookie7=value7; expires=Mon, 23 Jan 1989 08:10:36 GMT" />
<label for=invalid4>The cookie expired in the past</label>
<br /><input id=invalid5 type=button onclick="setTooLargeCookie()" value="cookie10=[more than 4096 chars]" />
<label for=invalid5>The cookie is too large</label>
<br />
<h3>Unretrievable cookies (the browser should accept these but not display them):</h3>
<br /><input id=locked1 type=button onclick="setCookie(this.value)" value="cookie8=value8; path=/not/this/path" />
<label for=locked1>The Path attribute does not path-match this page</label>
<br /><input id=locked2 type=button onclick="setCookie(this.value)" value="cookie9=value9; secure" />
<label for=locked2>The cookie is Secure thus cannot be viewed by a file:// page</label>
<br />
<pre>document.cookie = <span id=cookies></span></pre>
<script>
function setCookie(cookie) {
document.cookie = cookie;
document.getElementById('cookies').innerHTML = document.cookie;
}
function setTooLargeCookie() {
const cookie = 'name=' + 'x'.repeat(4 << 10);
setCookie(cookie);
}
document.getElementById('cookies').innerHTML = document.cookie;
</script>
</body>