diff options
author | Timothy Flynn <trflynn89@pm.me> | 2021-04-15 10:36:20 -0400 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2021-04-16 19:19:31 +0200 |
commit | 2381b197198344544964aa19368cde2d35a35e14 (patch) | |
tree | 9aa2394c0f95113946487c72265aebe11be84b31 /Userland/Libraries/LibWeb | |
parent | 6e10c2cdb706f0f6a1a4cd600fadfa809026f622 (diff) | |
download | serenity-2381b197198344544964aa19368cde2d35a35e14.zip |
Browser+LibWeb+WebContent: Parse cookies in the OOP tab
To protect the main Browser process against nefarious cookies, parse the
cookies out-of-process and then send the parsed result over IPC to the
main process. This way, if the cookie parser blows up, only that tab
will be affected.
Diffstat (limited to 'Userland/Libraries/LibWeb')
-rw-r--r-- | Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp | 39 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/Cookie/ParsedCookie.h | 8 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/DOM/Document.cpp | 9 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/InProcessWebView.cpp | 2 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/InProcessWebView.h | 2 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/OutOfProcessWebView.cpp | 2 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/OutOfProcessWebView.h | 2 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/Page/Page.h | 2 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/WebContentClient.cpp | 1 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/WebContentClient.h | 1 | ||||
-rw-r--r-- | Userland/Libraries/LibWeb/WebViewHooks.h | 2 |
11 files changed, 62 insertions, 8 deletions
diff --git a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp index 8f4b7e058e..6d0d0d4940 100644 --- a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp +++ b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp @@ -25,7 +25,10 @@ */ #include "ParsedCookie.h" +#include <AK/StdLibExtras.h> #include <AK/Vector.h> +#include <LibIPC/Decoder.h> +#include <LibIPC/Encoder.h> #include <ctype.h> namespace Web::Cookie { @@ -351,3 +354,39 @@ Optional<Core::DateTime> parse_date_time(StringView date_string) } } + +bool IPC::encode(IPC::Encoder& encoder, const Web::Cookie::ParsedCookie& cookie) +{ + encoder << cookie.name; + encoder << cookie.value; + encoder << cookie.expiry_time_from_expires_attribute; + encoder << cookie.expiry_time_from_max_age_attribute; + encoder << cookie.domain; + encoder << cookie.path; + encoder << cookie.secure_attribute_present; + encoder << cookie.http_only_attribute_present; + + return true; +} + +bool IPC::decode(IPC::Decoder& decoder, Web::Cookie::ParsedCookie& cookie) +{ + if (!decoder.decode(cookie.name)) + return false; + if (!decoder.decode(cookie.value)) + return false; + if (!decoder.decode(cookie.expiry_time_from_expires_attribute)) + return false; + if (!decoder.decode(cookie.expiry_time_from_max_age_attribute)) + return false; + if (!decoder.decode(cookie.domain)) + return false; + if (!decoder.decode(cookie.path)) + return false; + if (!decoder.decode(cookie.secure_attribute_present)) + return false; + if (!decoder.decode(cookie.http_only_attribute_present)) + return false; + + return true; +} diff --git a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.h b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.h index c48103b28e..5d3c8b8020 100644 --- a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.h +++ b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.h @@ -29,6 +29,7 @@ #include <AK/Optional.h> #include <AK/String.h> #include <LibCore/DateTime.h> +#include <LibIPC/Forward.h> namespace Web::Cookie { @@ -46,3 +47,10 @@ struct ParsedCookie { Optional<ParsedCookie> parse_cookie(const String& cookie_string); } + +namespace IPC { + +bool encode(IPC::Encoder&, const Web::Cookie::ParsedCookie&); +bool decode(IPC::Decoder&, Web::Cookie::ParsedCookie&); + +} diff --git a/Userland/Libraries/LibWeb/DOM/Document.cpp b/Userland/Libraries/LibWeb/DOM/Document.cpp index 59c2407904..86cb77ab03 100644 --- a/Userland/Libraries/LibWeb/DOM/Document.cpp +++ b/Userland/Libraries/LibWeb/DOM/Document.cpp @@ -34,6 +34,7 @@ #include <LibWeb/Bindings/MainThreadVM.h> #include <LibWeb/Bindings/WindowObject.h> #include <LibWeb/CSS/StyleResolver.h> +#include <LibWeb/Cookie/ParsedCookie.h> #include <LibWeb/DOM/Comment.h> #include <LibWeb/DOM/DOMException.h> #include <LibWeb/DOM/Document.h> @@ -828,10 +829,14 @@ String Document::cookie(Cookie::Source source) return {}; } -void Document::set_cookie(String cookie, Cookie::Source source) +void Document::set_cookie(String cookie_string, Cookie::Source source) { + auto cookie = Cookie::parse_cookie(cookie_string); + if (!cookie.has_value()) + return; + if (auto* page = this->page()) - page->client().page_did_set_cookie(m_url, cookie, source); + page->client().page_did_set_cookie(m_url, cookie.value(), source); } } diff --git a/Userland/Libraries/LibWeb/InProcessWebView.cpp b/Userland/Libraries/LibWeb/InProcessWebView.cpp index 61cbc087a8..094ef8c8bd 100644 --- a/Userland/Libraries/LibWeb/InProcessWebView.cpp +++ b/Userland/Libraries/LibWeb/InProcessWebView.cpp @@ -440,7 +440,7 @@ String InProcessWebView::page_did_request_cookie(const URL& url, Cookie::Source return {}; } -void InProcessWebView::page_did_set_cookie(const URL& url, const String& cookie, Cookie::Source source) +void InProcessWebView::page_did_set_cookie(const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source) { if (on_set_cookie) on_set_cookie(url, cookie, source); diff --git a/Userland/Libraries/LibWeb/InProcessWebView.h b/Userland/Libraries/LibWeb/InProcessWebView.h index 46db6e319c..9852abc428 100644 --- a/Userland/Libraries/LibWeb/InProcessWebView.h +++ b/Userland/Libraries/LibWeb/InProcessWebView.h @@ -112,7 +112,7 @@ private: virtual bool page_did_request_confirm(const String&) override; virtual String page_did_request_prompt(const String&, const String&) override; virtual String page_did_request_cookie(const URL&, Cookie::Source) override; - virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) override; + virtual void page_did_set_cookie(const URL&, const Cookie::ParsedCookie&, Cookie::Source) override; void layout_and_sync_size(); diff --git a/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp b/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp index 6c069edf69..7e9b5de1f6 100644 --- a/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp +++ b/Userland/Libraries/LibWeb/OutOfProcessWebView.cpp @@ -372,7 +372,7 @@ String OutOfProcessWebView::notify_server_did_request_cookie(Badge<WebContentCli return {}; } -void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source) +void OutOfProcessWebView::notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source) { if (on_set_cookie) on_set_cookie(url, cookie, source); diff --git a/Userland/Libraries/LibWeb/OutOfProcessWebView.h b/Userland/Libraries/LibWeb/OutOfProcessWebView.h index 386cd92be7..d101ebf60f 100644 --- a/Userland/Libraries/LibWeb/OutOfProcessWebView.h +++ b/Userland/Libraries/LibWeb/OutOfProcessWebView.h @@ -80,7 +80,7 @@ public: void notify_server_did_js_console_output(const String& method, const String& line); void notify_server_did_change_favicon(const Gfx::Bitmap& favicon); String notify_server_did_request_cookie(Badge<WebContentClient>, const URL& url, Cookie::Source source); - void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const String& cookie, Cookie::Source source); + void notify_server_did_set_cookie(Badge<WebContentClient>, const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source); private: OutOfProcessWebView(); diff --git a/Userland/Libraries/LibWeb/Page/Page.h b/Userland/Libraries/LibWeb/Page/Page.h index dab43a39a4..e5a62e23cd 100644 --- a/Userland/Libraries/LibWeb/Page/Page.h +++ b/Userland/Libraries/LibWeb/Page/Page.h @@ -112,7 +112,7 @@ public: virtual bool page_did_request_confirm(const String&) { return false; } virtual String page_did_request_prompt(const String&, const String&) { return {}; } virtual String page_did_request_cookie(const URL&, Cookie::Source) { return {}; } - virtual void page_did_set_cookie(const URL&, const String&, Cookie::Source) { } + virtual void page_did_set_cookie(const URL&, const Cookie::ParsedCookie&, Cookie::Source) { } protected: virtual ~PageClient() = default; diff --git a/Userland/Libraries/LibWeb/WebContentClient.cpp b/Userland/Libraries/LibWeb/WebContentClient.cpp index dd25e07e3a..c5678a8125 100644 --- a/Userland/Libraries/LibWeb/WebContentClient.cpp +++ b/Userland/Libraries/LibWeb/WebContentClient.cpp @@ -27,6 +27,7 @@ #include "WebContentClient.h" #include "OutOfProcessWebView.h" #include <AK/Debug.h> +#include <LibWeb/Cookie/ParsedCookie.h> namespace Web { diff --git a/Userland/Libraries/LibWeb/WebContentClient.h b/Userland/Libraries/LibWeb/WebContentClient.h index 54e4a34dbc..320e8793d0 100644 --- a/Userland/Libraries/LibWeb/WebContentClient.h +++ b/Userland/Libraries/LibWeb/WebContentClient.h @@ -28,6 +28,7 @@ #include <AK/HashMap.h> #include <LibIPC/ServerConnection.h> +#include <LibWeb/Cookie/ParsedCookie.h> #include <WebContent/WebContentClientEndpoint.h> #include <WebContent/WebContentServerEndpoint.h> diff --git a/Userland/Libraries/LibWeb/WebViewHooks.h b/Userland/Libraries/LibWeb/WebViewHooks.h index a8f4d2911c..8cb1936a8f 100644 --- a/Userland/Libraries/LibWeb/WebViewHooks.h +++ b/Userland/Libraries/LibWeb/WebViewHooks.h @@ -49,7 +49,7 @@ public: Function<void(const URL&, const String&)> on_get_source; Function<void(const String& method, const String& line)> on_js_console_output; Function<String(const URL& url, Cookie::Source source)> on_get_cookie; - Function<void(const URL& url, const String& cookie, Cookie::Source source)> on_set_cookie; + Function<void(const URL& url, const Cookie::ParsedCookie& cookie, Cookie::Source source)> on_set_cookie; }; } |