| blob | 958801839f2594d0fce13c6b855f45291bd3cc4b |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include <cstdio>
8 #include <cstdlib>
23 }
29 host,
31 }
36 }
43 // If no domain was specified in the domain string, default to a host cookie.
44 // We match IE/Firefox in allowing a domain=IPADDR if it matches the url
45 // ip address hostname exactly. It should be treated as a host cookie.
51 }
53 // Get the normalized domain specified in cookie line.
61 // Ensure |url| and |cookie_domain| have the same domain+registry.
72 // Ensure |url_host| is |cookie_domain| or one of its subdomains. Given that
73 // we know the domain+registry are the same from the above checks, this is
74 // basically a simple string suffix check.
84 }
86 // Parse a cookie expiration time. We try to be lenient, but we need to
87 // assume some order to distinguish the fields. The basic rules:
88 // - The month name must be present and prefix the first 3 letters of the
89 // full month name (jan for January, jun for June).
90 // - If the year is <= 2 digits, it must occur after the day of month.
91 // - The time must be of the format hh:mm:ss.
92 // An average cookie expiration will look something like this:
93 // Sat, 15-Apr-17 21:01:22 GMT
98 // We want to be pretty liberal, and support most non-ascii and non-digit
99 // characters as a delimiter. We can't treat : as a delimiter, because it
100 // is the delimiter for hh:mm:ss, and we want to keep this field together.
101 // We make sure to include - and +, since they could prefix numbers.
102 // If the cookie attribute came in in quotes (ex expires="XXX"), the quotes
103 // will be preserved, and we will get them here. So we make sure to include
104 // quote characters, and also \ for anything that was internally escaped.
121 // String field
125 // Match prefix, so we could match January, etc
130 }
131 }
133 // If we've gotten here, it means we've already found and parsed our
134 // month, and we have another string, which we would expect to be the
135 // the time zone name. According to the RFC and my experiments with
136 // how sites format their expirations, we don't have much of a reason
137 // to support timezones. We don't want to ever barf on user input,
138 // but this DCHECK should pass for well-formed data.
139 // DCHECK(token == "GMT");
140 }
141 // Numeric field w/ a colon
144 #ifdef COMPILER_MSVC
146 #else
148 #endif
153 // We should only ever encounter one time-like thing. If we're here,
154 // it means we've found a second, which shouldn't happen. We keep
155 // the first. This check should be ok for well-formed input:
156 // NOTREACHED();
157 }
158 // Numeric field
160 // Overflow with atoi() is unspecified, so we enforce a max length.
168 // If we're here, it means we've either found an extra numeric field,
169 // or a numeric field which was too long. For well-formed input, the
170 // following check would be reasonable:
171 // NOTREACHED();
172 }
173 }
174 }
177 // We didn't find all of the fields we need. For well-formed input, the
178 // following check would be reasonable:
179 // NOTREACHED() << "Cookie parse expiration failed: " << time_string;
181 }
183 // Normalize the year to expand abbreviated years to the full year.
189 // If our values are within their correct ranges, we got our time.
195 }
197 // One of our values was out of expected range. For well-formed input,
198 // the following check would be reasonable:
199 // NOTREACHED() << "Cookie exploded expiration failed: " << time_string;
202 }
211 }
217 // Here we are at the beginning of a cookie.
219 // Eat whitespace.
223 // Find cookie name.
228 // Find cookie value.
230 // Cookies may have no value, in this case '=' may or may not be there.
240 // i points to character after '"', potentially a ';'.
244 // i points to ';' or end of string.
245 }
246 }
248 // Eat ';'.
250 }
251 }
263 }
265 }