KotJohansson
/
UXP
mirror of https://github.com/roytam1/UXP
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Issue #1102 - Disable <meta http-equiv=set-cookie> 

Create a new pref 'dom.meta-set-cookie.enabled' which is set to 'false', disabling http-equiv meta cookies.
pull/7/head
Gaming4JC 3 years ago committed by Roy Tam
parent
8ca43343c9
commit
4ab1401ee6
30 changed files with 32 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      dom/base/nsContentSink.cpp
  2. 1
      extensions/cookie/test/file_domain_hierarchy_inner.html
  3. 1
      extensions/cookie/test/file_domain_hierarchy_inner.html^headers^
  4. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner.html
  5. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner.html^headers^
  6. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html
  7. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html^headers^
  8. 1
      extensions/cookie/test/file_domain_inner.html
  9. 1
      extensions/cookie/test/file_domain_inner.html^headers^
  10. 1
      extensions/cookie/test/file_domain_inner_inner.html
  11. 1
      extensions/cookie/test/file_domain_inner_inner.html^headers^
  12. 1
      extensions/cookie/test/file_image_inner.html
  13. 1
      extensions/cookie/test/file_image_inner.html^headers^
  14. 1
      extensions/cookie/test/file_image_inner_inner.html
  15. 1
      extensions/cookie/test/file_image_inner_inner.html^headers^
  16. 1
      extensions/cookie/test/file_loadflags_inner.html
  17. 1
      extensions/cookie/test/file_loadflags_inner.html^headers^
  18. 1
      extensions/cookie/test/file_localhost_inner.html
  19. 1
      extensions/cookie/test/file_localhost_inner.html^headers^
  20. 1
      extensions/cookie/test/file_loopback_inner.html
  21. 1
      extensions/cookie/test/file_loopback_inner.html^headers^
  22. 1
      extensions/cookie/test/file_subdomain_inner.html
  23. 1
      extensions/cookie/test/file_subdomain_inner.html^headers^
  24. 11
      extensions/cookie/test/mochitest.ini
  25. 2
      extensions/cookie/test/test_same_base_domain.html
  26. 2
      extensions/cookie/test/test_same_base_domain_2.html
  27. 2
      extensions/cookie/test/test_same_base_domain_3.html
  28. 2
      extensions/cookie/test/test_same_base_domain_5.html
  29. 2
      extensions/cookie/test/test_samedomain.html
  30. 3
      modules/libpref/init/all.js

3
dom/base/nsContentSink.cpp
Unescape View File

@ -304,7 +304,8 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
mDocument->SetHeaderData(aHeader, aValue);
if (aHeader == nsGkAtoms::setcookie) {
if (aHeader == nsGkAtoms::setcookie &&
Preferences::GetBool("dom.meta-set-cookie.enabled", true)) {
// Don't allow setting cookies in cookie-averse documents.
if (mDocument->IsCookieAverse()) {
return NS_OK;

1
extensions/cookie/test/file_domain_hierarchy_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_domain_hierarchy_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_domain_hierarchy_inner_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";

1
extensions/cookie/test/file_domain_hierarchy_inner_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta3=tag3">
<script type="text/javascript">
document.cookie = "can3=has3";

1
extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta3=tag3

1
extensions/cookie/test/file_domain_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_domain_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_domain_inner_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";

1
extensions/cookie/test/file_domain_inner_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_image_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_image_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_image_inner_inner.html
Unescape View File

@ -3,7 +3,6 @@
<head>
<link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/extensions/cookie/test/test1.css" />
<link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/extensions/cookie/test/test2.css" />
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
function runTest() {
document.cookie = "can2=has2";

1
extensions/cookie/test/file_image_inner_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_loadflags_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
function runTest() {
document.cookie = "can=has";

1
extensions/cookie/test/file_loadflags_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_localhost_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_localhost_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_loopback_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_loopback_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_subdomain_inner.html
Unescape View File

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_subdomain_inner.html^headers^
Unescape View File

@ -0,0 +1 @@
Set-Cookie: meta=tag

11
extensions/cookie/test/mochitest.ini
Unescape View File

@ -6,16 +6,27 @@ support-files =
damonbowling.jpg^headers^
file_chromecommon.js
file_domain_hierarchy_inner.html
file_domain_hierarchy_inner.html^headers^
file_domain_hierarchy_inner_inner.html
file_domain_hierarchy_inner_inner.html^headers^
file_domain_hierarchy_inner_inner_inner.html
file_domain_hierarchy_inner_inner_inner.html^headers^
file_domain_inner.html
file_domain_inner.html^headers^
file_domain_inner_inner.html
file_domain_inner_inner.html^headers^
file_image_inner.html
file_image_inner.html^headers^
file_image_inner_inner.html
file_image_inner_inner.html^headers^
file_loadflags_inner.html
file_loadflags_inner.html^headers^
file_localhost_inner.html
file_localhost_inner.html^headers^
file_loopback_inner.html
file_loopback_inner.html^headers^
file_subdomain_inner.html
file_subdomain_inner.html^headers^
file_testcommon.js
file_testloadflags.js
file_testloadflags_chromescript.js

2
extensions/cookie/test/test_same_base_domain.html
Unescape View File

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_2.html
Unescape View File

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_3.html
Unescape View File

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_5.html
Unescape View File

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_samedomain.html
Unescape View File

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

3
modules/libpref/init/all.js
Unescape View File

@ -5207,6 +5207,9 @@ pref("intl.allow-insecure-text-input", false);
// Enable meta-viewport support in remote APZ-enabled frames.
pref("dom.meta-viewport.enabled", false);
// Disable <meta http-equiv=set-cookie> support. See m-c bug 1457503 / UXP #1102.
pref("dom.meta-set-cookie.enabled", false);
// MozSettings debugging prefs for each component
pref("dom.mozSettings.SettingsDB.debug.enabled", false);
pref("dom.mozSettings.SettingsManager.debug.enabled", false);

Write Preview
Loading…
Cancel
Save