Use helper function to lookup safe cookie values

This helper function is now used by `set-cookie` and
`set-local-storage-item` scriptlets, so changes in the
helper function will benefit both scriptlets.
This commit is contained in:
Raymond Hill 2024-08-19 14:56:15 -04:00
parent 3e2171f550
commit 79e10323ad
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 31 additions and 25 deletions

View File

@ -954,6 +954,33 @@ function objectFindOwnerFn(
/******************************************************************************/
builtinScriptlets.push({
name: 'get-safe-cookie-values.fn',
fn: getSafeCookieValuesFn,
});
function getSafeCookieValuesFn() {
return [
'accept', 'reject',
'accepted', 'rejected', 'notaccepted',
'allow', 'disallow', 'deny',
'allowed', 'denied',
'approved', 'disapproved',
'checked', 'unchecked',
'dismiss', 'dismissed',
'enable', 'disable',
'enabled', 'disabled',
'essential', 'nonessential',
'hide', 'hidden',
'necessary', 'required',
'ok',
'on', 'off',
'true', 't', 'false', 'f',
'yes', 'y', 'no', 'n',
];
}
/******************************************************************************/
builtinScriptlets.push({
name: 'get-all-cookies.fn',
fn: getAllCookiesFn,
@ -1076,6 +1103,7 @@ builtinScriptlets.push({
name: 'set-local-storage-item.fn',
fn: setLocalStorageItemFn,
dependencies: [
'get-safe-cookie-values.fn',
'safe-self.fn',
],
});
@ -1097,14 +1125,9 @@ function setLocalStorageItemFn(
const trustedValues = [
'',
'undefined', 'null',
'false', 'true',
'on', 'off',
'yes', 'no',
'accept', 'reject',
'accepted', 'rejected',
'allowed', 'denied',
'{}', '[]', '""',
'$remove$',
...getSafeCookieValuesFn(),
];
if ( trusted ) {
@ -3819,6 +3842,7 @@ builtinScriptlets.push({
fn: setCookie,
world: 'ISOLATED',
dependencies: [
'get-safe-cookie-values.fn',
'safe-self.fn',
'set-cookie.fn',
],
@ -3831,28 +3855,10 @@ function setCookie(
if ( name === '' ) { return; }
const safe = safeSelf();
const logPrefix = safe.makeLogPrefix('set-cookie', name, value, path);
const validValues = [
'accept', 'reject',
'accepted', 'rejected', 'notaccepted',
'allow', 'deny',
'allowed', 'disallow',
'enable', 'disable',
'enabled', 'disabled',
'ok',
'on', 'off',
'true', 't', 'false', 'f',
'yes', 'y', 'no', 'n',
'necessary', 'required',
'approved', 'disapproved',
'hide', 'hidden',
'essential', 'nonessential',
'dismiss', 'dismissed',
'checked', 'unchecked',
];
const normalized = value.toLowerCase();
const match = /^("?)(.+)\1$/.exec(normalized);
const unquoted = match && match[2] || normalized;
const validValues = getSafeCookieValuesFn();
if ( validValues.includes(unquoted) === false ) {
if ( /^\d+$/.test(unquoted) === false ) { return; }
const n = parseInt(value, 10);