Browse Source

Issue #1102 - Disable <meta http-equiv=set-cookie>

Create a new pref 'dom.meta-set-cookie.enabled' which is set to 'false', disabling http-equiv meta cookies.
pull/7/head
Gaming4JC 3 years ago committed by Roy Tam
parent
commit
4ab1401ee6
  1. 3
      dom/base/nsContentSink.cpp
  2. 1
      extensions/cookie/test/file_domain_hierarchy_inner.html
  3. 1
      extensions/cookie/test/file_domain_hierarchy_inner.html^headers^
  4. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner.html
  5. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner.html^headers^
  6. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html
  7. 1
      extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html^headers^
  8. 1
      extensions/cookie/test/file_domain_inner.html
  9. 1
      extensions/cookie/test/file_domain_inner.html^headers^
  10. 1
      extensions/cookie/test/file_domain_inner_inner.html
  11. 1
      extensions/cookie/test/file_domain_inner_inner.html^headers^
  12. 1
      extensions/cookie/test/file_image_inner.html
  13. 1
      extensions/cookie/test/file_image_inner.html^headers^
  14. 1
      extensions/cookie/test/file_image_inner_inner.html
  15. 1
      extensions/cookie/test/file_image_inner_inner.html^headers^
  16. 1
      extensions/cookie/test/file_loadflags_inner.html
  17. 1
      extensions/cookie/test/file_loadflags_inner.html^headers^
  18. 1
      extensions/cookie/test/file_localhost_inner.html
  19. 1
      extensions/cookie/test/file_localhost_inner.html^headers^
  20. 1
      extensions/cookie/test/file_loopback_inner.html
  21. 1
      extensions/cookie/test/file_loopback_inner.html^headers^
  22. 1
      extensions/cookie/test/file_subdomain_inner.html
  23. 1
      extensions/cookie/test/file_subdomain_inner.html^headers^
  24. 11
      extensions/cookie/test/mochitest.ini
  25. 2
      extensions/cookie/test/test_same_base_domain.html
  26. 2
      extensions/cookie/test/test_same_base_domain_2.html
  27. 2
      extensions/cookie/test/test_same_base_domain_3.html
  28. 2
      extensions/cookie/test/test_same_base_domain_5.html
  29. 2
      extensions/cookie/test/test_samedomain.html
  30. 3
      modules/libpref/init/all.js

3
dom/base/nsContentSink.cpp

@ -304,7 +304,8 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
mDocument->SetHeaderData(aHeader, aValue);
if (aHeader == nsGkAtoms::setcookie) {
if (aHeader == nsGkAtoms::setcookie &&
Preferences::GetBool("dom.meta-set-cookie.enabled", true)) {
// Don't allow setting cookies in cookie-averse documents.
if (mDocument->IsCookieAverse()) {
return NS_OK;

1
extensions/cookie/test/file_domain_hierarchy_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_domain_hierarchy_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_domain_hierarchy_inner_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";

1
extensions/cookie/test/file_domain_hierarchy_inner_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta3=tag3">
<script type="text/javascript">
document.cookie = "can3=has3";

1
extensions/cookie/test/file_domain_hierarchy_inner_inner_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta3=tag3

1
extensions/cookie/test/file_domain_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_domain_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_domain_inner_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
document.cookie = "can2=has2";

1
extensions/cookie/test/file_domain_inner_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_image_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_image_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_image_inner_inner.html

@ -3,7 +3,6 @@
<head>
<link rel="stylesheet" type="text/css" media="all" href="http://example.org/tests/extensions/cookie/test/test1.css" />
<link rel="stylesheet" type="text/css" media="all" href="http://example.com/tests/extensions/cookie/test/test2.css" />
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta2=tag2">
<script type="text/javascript">
function runTest() {
document.cookie = "can2=has2";

1
extensions/cookie/test/file_image_inner_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta2=tag2

1
extensions/cookie/test/file_loadflags_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
function runTest() {
document.cookie = "can=has";

1
extensions/cookie/test/file_loadflags_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_localhost_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_localhost_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_loopback_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_loopback_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

1
extensions/cookie/test/file_subdomain_inner.html

@ -1,7 +1,6 @@
<!DOCTYPE HTML>
<html>
<head>
<META HTTP-EQUIV="Set-Cookie" CONTENT="meta=tag">
<script type="text/javascript">
document.cookie = "can=has";

1
extensions/cookie/test/file_subdomain_inner.html^headers^

@ -0,0 +1 @@
Set-Cookie: meta=tag

11
extensions/cookie/test/mochitest.ini

@ -6,16 +6,27 @@ support-files =
damonbowling.jpg^headers^
file_chromecommon.js
file_domain_hierarchy_inner.html
file_domain_hierarchy_inner.html^headers^
file_domain_hierarchy_inner_inner.html
file_domain_hierarchy_inner_inner.html^headers^
file_domain_hierarchy_inner_inner_inner.html
file_domain_hierarchy_inner_inner_inner.html^headers^
file_domain_inner.html
file_domain_inner.html^headers^
file_domain_inner_inner.html
file_domain_inner_inner.html^headers^
file_image_inner.html
file_image_inner.html^headers^
file_image_inner_inner.html
file_image_inner_inner.html^headers^
file_loadflags_inner.html
file_loadflags_inner.html^headers^
file_localhost_inner.html
file_localhost_inner.html^headers^
file_loopback_inner.html
file_loopback_inner.html^headers^
file_subdomain_inner.html
file_subdomain_inner.html^headers^
file_testcommon.js
file_testloadflags.js
file_testloadflags_chromescript.js

2
extensions/cookie/test/test_same_base_domain.html

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_2.html

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_3.html

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_same_base_domain_5.html

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 5, 2)">
<body onload="setupTest('http://sub1.test1.example.org/tests/extensions/cookie/test/file_subdomain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

2
extensions/cookie/test/test_samedomain.html

@ -5,7 +5,7 @@
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 5, 2)">
<body onload="setupTest('http://example.org/tests/extensions/cookie/test/file_domain_inner.html', 4, 2)">
<p id="display"></p>
<pre id="test">
<script class="testbody" type="text/javascript" src="file_testcommon.js">

3
modules/libpref/init/all.js

@ -5207,6 +5207,9 @@ pref("intl.allow-insecure-text-input", false);
// Enable meta-viewport support in remote APZ-enabled frames.
pref("dom.meta-viewport.enabled", false);
// Disable <meta http-equiv=set-cookie> support. See m-c bug 1457503 / UXP #1102.
pref("dom.meta-set-cookie.enabled", false);
// MozSettings debugging prefs for each component
pref("dom.mozSettings.SettingsDB.debug.enabled", false);
pref("dom.mozSettings.SettingsManager.debug.enabled", false);

Loading…
Cancel
Save