| blob | 125d3d998b9c7007dfa19c674b329807843f8baf |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
9 *
10 * The contents of this file are subject to the Mozilla Public License Version
11 * 1.1 (the "License"); you may not use this file except in compliance with
12 * the License. You may obtain a copy of the License at
13 * http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS IS" basis,
16 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
17 * for the specific language governing rights and limitations under the
18 * License.
19 *
20 * The Original Code is mozilla.org code.
21 *
22 * The Initial Developer of the Original Code is
23 * Netscape Communications Corporation.
24 * Portions created by the Initial Developer are Copyright (C) 2003
25 * the Initial Developer. All Rights Reserved.
26 *
27 * Contributor(s):
28 * Daniel Witte (dwitte@stanford.edu)
29 * Michiel van Leeuwen (mvl@exedo.nl)
30 *
31 * Alternatively, the contents of this file may be used under the terms of
32 * either the GNU General Public License Version 2 or later (the "GPL"), or
33 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
34 * in which case the provisions of the GPL or the LGPL are applicable instead
35 * of those above. If you wish to allow use of your version of this file only
36 * under the terms of either the GPL or the LGPL, and not to allow others to
37 * use your version of this file under the terms of the MPL, indicate your
38 * decision by deleting the provisions above and replace them with the notice
39 * and other provisions required by the GPL or the LGPL. If you do not delete
40 * the provisions above, a recipient may use your version of this file under
41 * the terms of any one of the MPL, the GPL or the LGPL.
42 *
43 * ***** END LICENSE BLOCK ***** */
51 // TODO(jww): We are collecting several UMA statistics in this file, and they
52 // relate to http://crbug.com/238041. We are measuring stats related to control
53 // characters in cookies because, currently, we allow control characters in a
54 // variety of scenarios where various RFCs theoretically disallow them. These
55 // control characters have the potential to cause problems with certain web
56 // servers that reject HTTP requests that contain cookies with control
57 // characters. We are measuring whether disallowing such cookies would have a
58 // notable impact on our users. We want to collect these stats through 1 stable
59 // release, so these UMA stats should remain at least through the M29
60 // branch-point.
78 // Returns true if |c| occurs in |chars|
79 // TODO(erikwright): maybe make this take an iterator, could check for end also?
82 }
83 // Seek the iterator to the first occurrence of a character in |chars|.
84 // Returns true if it hit the end, false otherwise.
90 }
91 // Seek the iterator to the first occurrence of a character not in |chars|.
92 // Returns true if it hit the end, false otherwise.
98 }
104 }
106 // Validate whether |value| is a valid token according to [RFC2616],
107 // Section 2.2.
112 // Check that |value| has no separators.
117 // Check that |value| has no CTLs.
121 }
124 }
126 // Validate value, which may be according to RFC 6265
127 // cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
128 // cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
129 // ; US-ASCII characters excluding CTLs,
130 // ; whitespace DQUOTE, comma, semicolon,
131 // ; and backslash
133 // Number of characters to skip in validation at beginning and end of string.
147 }
149 }
152 // The greatest common denominator of cookie attribute values is
153 // <any CHAR except CTLs or ";"> according to RFC 6265.
157 }
159 }
177 }
182 }
185 }
189 }
194 }
205 }
210 valid_cookie_value);
217 }
221 }
225 }
229 }
233 }
237 }
241 }
245 }
257 }
258 }
260 }
268 // We found a character we should treat as an end of string.
270 }
272 }
281 // Seek past any whitespace before the "token" (the name).
282 // token_start should point at the first character in the token
287 // Seek over the token, to the token separator.
288 // token_real_end should point at the token separator, i.e. '='.
289 // If it == end after the seek, we probably have a token-value.
293 // Ignore any whitespace between the token and the token separator.
294 // token_end should point after the last interesting token character,
295 // pointing at either whitespace, or at '=' (and equal to token_real_end).
298 // Skip over any whitespace to the first non-whitespace character.
300 // Point after it.
302 }
305 // Seek us back to the end of the token.
308 }
316 // Seek past any whitespace that might in-between the token and value.
318 // value_start should point at the first character of the value.
321 // Just look for ';' to terminate ('=' allowed).
322 // We can hit the end, maybe they didn't terminate.
325 // Will be pointed at the ; seperator or the end.
328 // Ignore any unwanted whitespace after the value.
333 }
334 }
344 }
353 }
355 // Parse all token/value pairs and populate pairs_.
361 PARSED_COOKIE_STATUS_BOTH =
362 PARSED_COOKIE_STATUS_CONTROL_CHAR | PARSED_COOKIE_STATUS_INVALID
363 };
368 // Ok, here we go. We should be expecting to be starting somewhere
369 // before the cookie line, not including any header name...
373 // TODO(erikwright): Make sure we're stripping \r\n in the network code.
374 // Then we can log any unexpected terminators.
378 TokenValuePair pair;
385 // We have a token-value, we didn't have any token name.
387 // For the first time around, we want to treat single values
388 // as a value with an empty name. (Mozilla bug 169091).
389 // IE seems to also have this behavior, ex "AAA", and "AAA=10" will
390 // set 2 different cookies, and setting "BBB" will then replace "AAA".
392 // Rewind to the beginning of what we thought was the token name,
393 // and let it get parsed as a value.
396 // Any not-first attribute we want to treat a value as a
397 // name with an empty value... This is so something like
398 // "secure;" will get parsed as a Token name, and not a value.
400 }
402 // We have a TOKEN=VALUE.
405 }
407 // OK, now try to parse a value.
410 // OK, we're finished with a Token/Value.
418 // From RFC2109: "Attributes (names) (attr) are case-insensitive."
423 // We've processed a token/value pair, we're either at the end of
424 // the string or a ValueSeparator like ';', which we want to skip.
427 }
431 }
434 // We skip over the first token/value, the user supplied one.
451 /* some attribute we don't know or don't care about. */
452 }
453 }
454 }
464 }
465 }
475 }
476 }
484 valid_attribute_pair);
494 }
496 }
499 // The first pair (name/value of cookie at pairs_[0]) cannot be cleared.
500 // Cookie attributes that don't have a value at the moment, are represented
501 // with an index being equal to 0.
513 }
515 }