github/puppeteer
0
0
Fork 0
mirror of https://github.com/puppeteer/puppeteer synced 2024-06-14 14:02:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Cookies): disallow setting cookies in 'about:blank' page (#1567)

Browse Source 
This patch asserts that no cookies are set on `about:blank` and `data:` urls.

References #1411
This commit is contained in:
Jih-Chi Lee 2017-12-16 17:17:20 +08:00 committed by Andrey Lushnikov
parent be438c59c1
commit 18d5cfa269
2 changed files with 67 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/Page.js
View File

@ -255,11 +255,20 @@ class Page extends EventEmitter {
* @param {Array<Network.CookieParam>} cookies
*/
async setCookie(...cookies) {
const pageURL = this.url();
const startsWithHTTP = pageURL.startsWith('http');
const items = cookies.map(cookie => {
const item = Object.assign({}, cookie);
const pageURL = this.url();
if (!item.url && pageURL.startsWith('http'))
item.url = this.url();
if (!item.url && startsWithHTTP)
item.url = pageURL;
console.assert(
item.url !== 'about:blank',
`Blank page can not have cookie "${item.name}"`
);
console.assert(
!String.prototype.startsWith.call(item.url || '', 'data:'),
`Data URL page can not have cookie "${item.name}"`
);
return item;
});
await this.deleteCookie(...items);

55
test/test.js
View File

@ -3126,6 +3126,61 @@ describe('Page', function() {
expect(await page.evaluate('document.cookie')).toBe('cookie1=1; cookie3=3');
});
it('should not set a cookie on a blank page', async function({page}) {
let error = null;
await page.goto('about:blank');
try {
await page.setCookie({name: 'example-cookie', value: 'best'});
} catch (e) {
error = e;
}
expect(error).toBeTruthy();
expect(error.message).toEqual('Protocol error (Network.deleteCookies): At least one of the url and domain needs to be specified undefined');
});
it('should not set a cookie with blank page URL', async function({page, server}) {
let error = null;
await page.goto(server.PREFIX + '/grid.html');
try {
await page.setCookie(
{name: 'example-cookie', value: 'best'},
{url: 'about:blank', name: 'example-cookie-blank', value: 'best'}
);
} catch (e) {
error = e;
}
expect(error).toBeTruthy();
expect(error.message).toEqual(
`Blank page can not have cookie "example-cookie-blank"`
);
});
it('should not set a cookie on a data URL page', async function({page}) {
let error = null;
await page.goto('data:,Hello%2C%20World!');
try {
await page.setCookie({name: 'example-cookie', value: 'best'});
} catch (e) {
error = e;
}
expect(error).toBeTruthy();
expect(error.message).toEqual(
'Protocol error (Network.deleteCookies): At least one of the url and domain needs to be specified undefined'
);
});
it('should not set a cookie with blank page URL', async function({page, server}) {
let error = null;
await page.goto(server.PREFIX + '/grid.html');
try {
await page.setCookie({name: 'example-cookie', value: 'best'}, {url: 'about:blank', name: 'example-cookie-blank', value: 'best'});
} catch (e) {
error = e;
}
expect(error).toBeTruthy();
expect(error.message).toEqual(`Blank page can not have cookie "example-cookie-blank"`);
});
it('should set a cookie on a different domain', async({page, server}) => {
await page.goto(server.PREFIX + '/grid.html');
await page.setCookie({name: 'example-cookie', value: 'best', url: 'https://www.example.com'});