Use helper function to lookup safe cookie values

This helper function is now used by `set-cookie` and
`set-local-storage-item` scriptlets, so changes in the
helper function will benefit both scriptlets.
This commit is contained in:
Raymond Hill 2024-08-19 14:56:15 -04:00
parent 3e2171f550
commit 79e10323ad
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 31 additions and 25 deletions

View File

@ -954,6 +954,33 @@ function objectFindOwnerFn(
/******************************************************************************/ /******************************************************************************/
builtinScriptlets.push({
name: 'get-safe-cookie-values.fn',
fn: getSafeCookieValuesFn,
});
function getSafeCookieValuesFn() {
return [
'accept', 'reject',
'accepted', 'rejected', 'notaccepted',
'allow', 'disallow', 'deny',
'allowed', 'denied',
'approved', 'disapproved',
'checked', 'unchecked',
'dismiss', 'dismissed',
'enable', 'disable',
'enabled', 'disabled',
'essential', 'nonessential',
'hide', 'hidden',
'necessary', 'required',
'ok',
'on', 'off',
'true', 't', 'false', 'f',
'yes', 'y', 'no', 'n',
];
}
/******************************************************************************/
builtinScriptlets.push({ builtinScriptlets.push({
name: 'get-all-cookies.fn', name: 'get-all-cookies.fn',
fn: getAllCookiesFn, fn: getAllCookiesFn,
@ -1076,6 +1103,7 @@ builtinScriptlets.push({
name: 'set-local-storage-item.fn', name: 'set-local-storage-item.fn',
fn: setLocalStorageItemFn, fn: setLocalStorageItemFn,
dependencies: [ dependencies: [
'get-safe-cookie-values.fn',
'safe-self.fn', 'safe-self.fn',
], ],
}); });
@ -1097,14 +1125,9 @@ function setLocalStorageItemFn(
const trustedValues = [ const trustedValues = [
'', '',
'undefined', 'null', 'undefined', 'null',
'false', 'true',
'on', 'off',
'yes', 'no',
'accept', 'reject',
'accepted', 'rejected',
'allowed', 'denied',
'{}', '[]', '""', '{}', '[]', '""',
'$remove$', '$remove$',
...getSafeCookieValuesFn(),
]; ];
if ( trusted ) { if ( trusted ) {
@ -3819,6 +3842,7 @@ builtinScriptlets.push({
fn: setCookie, fn: setCookie,
world: 'ISOLATED', world: 'ISOLATED',
dependencies: [ dependencies: [
'get-safe-cookie-values.fn',
'safe-self.fn', 'safe-self.fn',
'set-cookie.fn', 'set-cookie.fn',
], ],
@ -3831,28 +3855,10 @@ function setCookie(
if ( name === '' ) { return; } if ( name === '' ) { return; }
const safe = safeSelf(); const safe = safeSelf();
const logPrefix = safe.makeLogPrefix('set-cookie', name, value, path); const logPrefix = safe.makeLogPrefix('set-cookie', name, value, path);
const validValues = [
'accept', 'reject',
'accepted', 'rejected', 'notaccepted',
'allow', 'deny',
'allowed', 'disallow',
'enable', 'disable',
'enabled', 'disabled',
'ok',
'on', 'off',
'true', 't', 'false', 'f',
'yes', 'y', 'no', 'n',
'necessary', 'required',
'approved', 'disapproved',
'hide', 'hidden',
'essential', 'nonessential',
'dismiss', 'dismissed',
'checked', 'unchecked',
];
const normalized = value.toLowerCase(); const normalized = value.toLowerCase();
const match = /^("?)(.+)\1$/.exec(normalized); const match = /^("?)(.+)\1$/.exec(normalized);
const unquoted = match && match[2] || normalized; const unquoted = match && match[2] || normalized;
const validValues = getSafeCookieValuesFn();
if ( validValues.includes(unquoted) === false ) { if ( validValues.includes(unquoted) === false ) {
if ( /^\d+$/.test(unquoted) === false ) { return; } if ( /^\d+$/.test(unquoted) === false ) { return; }
const n = parseInt(value, 10); const n = parseInt(value, 10);