Stowage/ladybird
2
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-10-31 13:20:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
ladybird/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp

384 lines
15 KiB
C++
Raw Normal View History

Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
/*
Everywhere: Update copyrights with my new serenityos.org e-mail :^)
2022-01-31 13:07:22 -05:00
* Copyright (c) 2021, Tim Flynn <trflynn89@serenityos.org>
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
*
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 01:24:48 -07:00
* SPDX-License-Identifier: BSD-2-Clause
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
*/
#include "ParsedCookie.h"
LibWeb: Use date constants Make the code DRY (Don't Repeat Yourself) by using the `AK`-provided month name constants instead of copying them.
2022-03-26 16:55:39 -06:00
#include <AK/DateConstants.h>
AK+Everywhere: Stop including Vector.h from StringView.h Preparation for using Error.h from Vector.h. This required moving some things out of line.
2021-11-10 11:05:21 +01:00
#include <AK/Function.h>
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
#include <AK/StdLibExtras.h>
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
#include <AK/Vector.h>
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
#include <LibIPC/Decoder.h>
#include <LibIPC/Encoder.h>
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
#include <ctype.h>
namespace Web::Cookie {
LibWeb: Impose a sane max cookie size Drop cookies larger than 4KiB. This value is the RFC's recommendation: https://tools.ietf.org/html/rfc6265#section-6.1
2021-04-15 08:44:59 -04:00
static constexpr size_t s_max_cookie_size = 4096;
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
static void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes);
static void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value);
static void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static void on_max_age_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static void on_domain_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static void on_path_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
static void on_secure_attribute(ParsedCookie& parsed_cookie);
static void on_http_only_attribute(ParsedCookie& parsed_cookie);
LibWeb: Parse SameSite cookie attribute
2022-10-21 13:00:04 +02:00
static void on_same_site_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
static Optional<Core::DateTime> parse_date_time(StringView date_string);
Everywhere: Run clang-format
2022-04-01 20:58:27 +03:00
Optional<ParsedCookie> parse_cookie(String const& cookie_string)
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
{
// https://tools.ietf.org/html/rfc6265#section-5.2
LibWeb: Impose a sane max cookie size Drop cookies larger than 4KiB. This value is the RFC's recommendation: https://tools.ietf.org/html/rfc6265#section-6.1
2021-04-15 08:44:59 -04:00
if (cookie_string.length() > s_max_cookie_size)
return {};
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
StringView name_value_pair;
StringView unparsed_attributes;
// 1. If the set-cookie-string contains a %x3B (";") character:
if (auto position = cookie_string.find(';'); position.has_value()) {
// The name-value-pair string consists of the characters up to, but not including, the first %x3B (";"), and the unparsed-
// attributes consist of the remainder of the set-cookie-string (including the %x3B (";") in question).
name_value_pair = cookie_string.substring_view(0, position.value());
unparsed_attributes = cookie_string.substring_view(position.value());
} else {
// The name-value-pair string consists of all the characters contained in the set-cookie-string, and the unparsed-
// attributes is the empty string.
name_value_pair = cookie_string;
}
StringView name;
StringView value;
if (auto position = name_value_pair.find('='); position.has_value()) {
// 3. The (possibly empty) name string consists of the characters up to, but not including, the first %x3D ("=") character, and the
// (possibly empty) value string consists of the characters after the first %x3D ("=") character.
name = name_value_pair.substring_view(0, position.value());
if (position.value() < name_value_pair.length() - 1)
value = name_value_pair.substring_view(position.value() + 1);
} else {
// 2. If the name-value-pair string lacks a %x3D ("=") character, ignore the set-cookie-string entirely.
return {};
}
// 4. Remove any leading or trailing WSP characters from the name string and the value string.
name = name.trim_whitespace();
value = value.trim_whitespace();
// 5. If the name string is empty, ignore the set-cookie-string entirely.
if (name.is_empty())
return {};
// 6. The cookie-name is the name string, and the cookie-value is the value string.
ParsedCookie parsed_cookie { name, value };
parse_attributes(parsed_cookie, unparsed_attributes);
return parsed_cookie;
}
void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes)
{
// 1. If the unparsed-attributes string is empty, skip the rest of these steps.
if (unparsed_attributes.is_empty())
return;
// 2. Discard the first character of the unparsed-attributes (which will be a %x3B (";") character).
unparsed_attributes = unparsed_attributes.substring_view(1);
StringView cookie_av;
// 3. If the remaining unparsed-attributes contains a %x3B (";") character:
if (auto position = unparsed_attributes.find(';'); position.has_value()) {
// Consume the characters of the unparsed-attributes up to, but not including, the first %x3B (";") character.
cookie_av = unparsed_attributes.substring_view(0, position.value());
unparsed_attributes = unparsed_attributes.substring_view(position.value());
} else {
// Consume the remainder of the unparsed-attributes.
cookie_av = unparsed_attributes;
unparsed_attributes = {};
}
StringView attribute_name;
StringView attribute_value;
// 4. If the cookie-av string contains a %x3D ("=") character:
if (auto position = cookie_av.find('='); position.has_value()) {
// The (possibly empty) attribute-name string consists of the characters up to, but not including, the first %x3D ("=")
// character, and the (possibly empty) attribute-value string consists of the characters after the first %x3D ("=") character.
attribute_name = cookie_av.substring_view(0, position.value());
if (position.value() < cookie_av.length() - 1)
attribute_value = cookie_av.substring_view(position.value() + 1);
} else {
// The attribute-name string consists of the entire cookie-av string, and the attribute-value string is empty.
attribute_name = cookie_av;
}
// 5. Remove any leading or trailing WSP characters from the attribute-name string and the attribute-value string.
attribute_name = attribute_name.trim_whitespace();
attribute_value = attribute_value.trim_whitespace();
// 6. Process the attribute-name and attribute-value according to the requirements in the following subsections.
// (Notice that attributes with unrecognized attribute-names are ignored.)
process_attribute(parsed_cookie, attribute_name, attribute_value);
// 7. Return to Step 1 of this algorithm.
parse_attributes(parsed_cookie, unparsed_attributes);
}
void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value)
{
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
if (attribute_name.equals_ignoring_case("Expires"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_expires_attribute(parsed_cookie, attribute_value);
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
} else if (attribute_name.equals_ignoring_case("Max-Age"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_max_age_attribute(parsed_cookie, attribute_value);
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
} else if (attribute_name.equals_ignoring_case("Domain"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_domain_attribute(parsed_cookie, attribute_value);
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
} else if (attribute_name.equals_ignoring_case("Path"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_path_attribute(parsed_cookie, attribute_value);
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
} else if (attribute_name.equals_ignoring_case("Secure"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_secure_attribute(parsed_cookie);
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
} else if (attribute_name.equals_ignoring_case("HttpOnly"sv)) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
on_http_only_attribute(parsed_cookie);
LibWeb: Parse SameSite cookie attribute
2022-10-21 13:00:04 +02:00
} else if (attribute_name.equals_ignoring_case("SameSite"sv)) {
on_same_site_attribute(parsed_cookie, attribute_value);
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
}
}
void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.1
if (auto expiry_time = parse_date_time(attribute_value); expiry_time.has_value())
parsed_cookie.expiry_time_from_expires_attribute = move(*expiry_time);
}
void on_max_age_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.2
// If the first character of the attribute-value is not a DIGIT or a "-" character, ignore the cookie-av.
if (attribute_value.is_empty() || (!isdigit(attribute_value[0]) && (attribute_value[0] != '-')))
return;
// Let delta-seconds be the attribute-value converted to an integer.
if (auto delta_seconds = attribute_value.to_int(); delta_seconds.has_value()) {
if (*delta_seconds <= 0) {
// If delta-seconds is less than or equal to zero (0), let expiry-time be the earliest representable date and time.
parsed_cookie.expiry_time_from_max_age_attribute = Core::DateTime::from_timestamp(0);
} else {
// Otherwise, let the expiry-time be the current date and time plus delta-seconds seconds.
time_t now = Core::DateTime::now().timestamp();
parsed_cookie.expiry_time_from_max_age_attribute = Core::DateTime::from_timestamp(now + *delta_seconds);
}
}
}
void on_domain_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.3
// If the attribute-value is empty, the behavior is undefined. However, the user agent SHOULD ignore the cookie-av entirely.
if (attribute_value.is_empty())
return;
StringView cookie_domain;
// If the first character of the attribute-value string is %x2E ("."):
if (attribute_value[0] == '.') {
// Let cookie-domain be the attribute-value without the leading %x2E (".") character.
cookie_domain = attribute_value.substring_view(1);
} else {
// Let cookie-domain be the entire attribute-value.
cookie_domain = attribute_value;
}
// Convert the cookie-domain to lower case.
parsed_cookie.domain = String(cookie_domain).to_lowercase();
}
void on_path_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.4
// If the attribute-value is empty or if the first character of the attribute-value is not %x2F ("/"):
if (attribute_value.is_empty() || attribute_value[0] != '/')
// Let cookie-path be the default-path.
return;
// Let cookie-path be the attribute-value
parsed_cookie.path = attribute_value;
}
void on_secure_attribute(ParsedCookie& parsed_cookie)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.5
parsed_cookie.secure_attribute_present = true;
}
void on_http_only_attribute(ParsedCookie& parsed_cookie)
{
// https://tools.ietf.org/html/rfc6265#section-5.2.6
parsed_cookie.http_only_attribute_present = true;
}
LibWeb: Parse SameSite cookie attribute
2022-10-21 13:00:04 +02:00
// https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-samesite-attribute-2
void on_same_site_attribute(ParsedCookie& parsed_cookie, StringView attribute_value)
{
// 1. Let enforcement be "Default"
// Note: Set as default value in ParsedCookie.h
// 2. If cookie-av's attribute-value is a case-insensitive match for "None", set enforcement to "None".
if (attribute_value.equals_ignoring_case("None"sv))
parsed_cookie.same_site_attribute = SameSite::None;
// 3. If cookie-av's attribute-value is a case-insensitive match for "Strict", set enforcement to "Strict".
else if (attribute_value.equals_ignoring_case("Strict"sv))
parsed_cookie.same_site_attribute = SameSite::Strict;
// 4. If cookie-av's attribute-value is a case-insensitive match for "Lax", set enforcement to "Lax".
else if (attribute_value.equals_ignoring_case("Lax"sv))
parsed_cookie.same_site_attribute = SameSite::Lax;
}
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
Optional<Core::DateTime> parse_date_time(StringView date_string)
{
// https://tools.ietf.org/html/rfc6265#section-5.1.1
unsigned hour = 0;
unsigned minute = 0;
unsigned second = 0;
unsigned day_of_month = 0;
unsigned month = 0;
unsigned year = 0;
auto to_uint = [](StringView token, unsigned& result) {
Everywhere: Make use of container version of all_of Problem: - New `all_of` implementation takes the entire container so the user does not need to pass explicit begin/end iterators. This is unused except is in tests. Solution: - Make use of the new and more user-friendly version where possible.
2021-07-25 15:05:48 -06:00
if (!all_of(token, isdigit))
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
return false;
if (auto converted = token.to_uint(); converted.has_value()) {
result = *converted;
return true;
}
return false;
};
auto parse_time = [&](StringView token) {
Vector<StringView> parts = token.split_view(':');
if (parts.size() != 3)
return false;
for (const auto& part : parts) {
if (part.is_empty() || part.length() > 2)
return false;
}
return to_uint(parts[0], hour) && to_uint(parts[1], minute) && to_uint(parts[2], second);
};
auto parse_day_of_month = [&](StringView token) {
if (token.is_empty() || token.length() > 2)
return false;
return to_uint(token, day_of_month);
};
auto parse_month = [&](StringView token) {
for (unsigned i = 0; i < 12; ++i) {
LibWeb: Use date constants Make the code DRY (Don't Repeat Yourself) by using the `AK`-provided month name constants instead of copying them.
2022-03-26 16:55:39 -06:00
if (token.equals_ignoring_case(short_month_names[i])) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
month = i + 1;
return true;
}
}
return false;
};
auto parse_year = [&](StringView token) {
if (token.length() != 2 && token.length() != 4)
return false;
return to_uint(token, year);
};
AK+Everywhere: Stop including Vector.h from StringView.h Preparation for using Error.h from Vector.h. This required moving some things out of line.
2021-11-10 11:05:21 +01:00
Function<bool(char)> is_delimiter = [](char ch) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
return ch == 0x09 || (ch >= 0x20 && ch <= 0x2f) || (ch >= 0x3b && ch <= 0x40) || (ch >= 0x5b && ch <= 0x60) || (ch >= 0x7b && ch <= 0x7e);
};
// 1. Using the grammar below, divide the cookie-date into date-tokens.
AK+Everywhere: Stop including Vector.h from StringView.h Preparation for using Error.h from Vector.h. This required moving some things out of line.
2021-11-10 11:05:21 +01:00
Vector<StringView> date_tokens = date_string.split_view_if(is_delimiter);
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
// 2. Process each date-token sequentially in the order the date-tokens appear in the cookie-date.
bool found_time = false;
bool found_day_of_month = false;
bool found_month = false;
bool found_year = false;
Everywhere: Run clang-format
2022-04-01 20:58:27 +03:00
for (auto const& date_token : date_tokens) {
Browser+LibWeb: Move cookie parser into LibWeb This moves the cookie parsing steps out of CookieJar into their own file inside LibWeb. It makes sense for the cookie structures to be in LibWeb for a couple reasons: 1. There are some steps in the spec that will need to partially happen from LibWeb, such as the HttpOnly attribute. 2. Parsing the cookie string will be safer if it happens in the OOP tab rather than the main Browser process. Then if the parser blows up due to a malformed cookie, only that tab will be affected. 3. Cookies in general are a Web concept not specific to a browser.
2021-04-13 16:47:05 -04:00
if (!found_time && parse_time(date_token)) {
found_time = true;
} else if (!found_day_of_month && parse_day_of_month(date_token)) {
found_day_of_month = true;
} else if (!found_month && parse_month(date_token)) {
found_month = true;
} else if (!found_year && parse_year(date_token)) {
found_year = true;
}
}
// 3. If the year-value is greater than or equal to 70 and less than or equal to 99, increment the year-value by 1900.
if (year >= 70 && year <= 99)
year += 1900;
// 4. If the year-value is greater than or equal to 0 and less than or equal to 69, increment the year-value by 2000.
if (year <= 69)
year += 2000;
// 5. Abort these steps and fail to parse the cookie-date if:
if (!found_time || !found_day_of_month || !found_month || !found_year)
return {};
if (day_of_month < 1 || day_of_month > 31)
return {};
if (year < 1601)
return {};
if (hour > 23)
return {};
if (minute > 59)
return {};
if (second > 59)
return {};
// FIXME: Fail on dates that do not exist.
return Core::DateTime::create(year, month, day_of_month, hour, minute, second);
}
}
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
Userland: Remove a few gratuitous IPC namespace qualifiers Spotted this while trying to search for specific IPC encode/decode implementations. Now they are all the same, so searching is easier.
2022-04-03 15:44:25 +03:00
bool IPC::encode(Encoder& encoder, Web::Cookie::ParsedCookie const& cookie)
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
{
encoder << cookie.name;
encoder << cookie.value;
encoder << cookie.expiry_time_from_expires_attribute;
encoder << cookie.expiry_time_from_max_age_attribute;
encoder << cookie.domain;
encoder << cookie.path;
encoder << cookie.secure_attribute_present;
encoder << cookie.http_only_attribute_present;
LibWeb: Parse SameSite cookie attribute
2022-10-21 13:00:04 +02:00
encoder << cookie.same_site_attribute;
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
return true;
}
Userland: Remove a few gratuitous IPC namespace qualifiers Spotted this while trying to search for specific IPC encode/decode implementations. Now they are all the same, so searching is easier.
2022-04-03 15:44:25 +03:00
ErrorOr<void> IPC::decode(Decoder& decoder, Web::Cookie::ParsedCookie& cookie)
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
{
LibIPC+IPCCompiler+AK: Make IPC value decoders return ErrorOr<void> This allows us to use TRY() in decoding helpers, leading to a nice reduction in line count.
2021-11-28 11:56:31 +01:00
TRY(decoder.decode(cookie.name));
TRY(decoder.decode(cookie.value));
TRY(decoder.decode(cookie.expiry_time_from_expires_attribute));
TRY(decoder.decode(cookie.expiry_time_from_max_age_attribute));
TRY(decoder.decode(cookie.domain));
TRY(decoder.decode(cookie.path));
TRY(decoder.decode(cookie.secure_attribute_present));
TRY(decoder.decode(cookie.http_only_attribute_present));
LibWeb: Parse SameSite cookie attribute
2022-10-21 13:00:04 +02:00
TRY(decoder.decode(cookie.same_site_attribute));
LibIPC+IPCCompiler+AK: Make IPC value decoders return ErrorOr<void> This allows us to use TRY() in decoding helpers, leading to a nice reduction in line count.
2021-11-28 11:56:31 +01:00
return {};
Browser+LibWeb+WebContent: Parse cookies in the OOP tab To protect the main Browser process against nefarious cookies, parse the cookies out-of-process and then send the parsed result over IPC to the main process. This way, if the cookie parser blows up, only that tab will be affected.
2021-04-15 10:36:20 -04:00
}
Reference in a new issue Copy permalink