| blob | b9c7e8d601f8ed2e3c4d8b3eb07c8e1d0c5ffdae |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include <cstdio>
8 #include <cstdlib>
23 }
30 host,
32 }
37 }
44 // If no domain was specified in the domain string, default to a host cookie.
45 // We match IE/Firefox in allowing a domain=IPADDR if it matches the url
46 // ip address hostname exactly. It should be treated as a host cookie.
52 }
54 // Get the normalized domain specified in cookie line.
62 // Ensure |url| and |cookie_domain| have the same domain+registry.
73 // Ensure |url_host| is |cookie_domain| or one of its subdomains. Given that
74 // we know the domain+registry are the same from the above checks, this is
75 // basically a simple string suffix check.
85 }
87 // Parse a cookie expiration time. We try to be lenient, but we need to
88 // assume some order to distinguish the fields. The basic rules:
89 // - The month name must be present and prefix the first 3 letters of the
90 // full month name (jan for January, jun for June).
91 // - If the year is <= 2 digits, it must occur after the day of month.
92 // - The time must be of the format hh:mm:ss.
93 // An average cookie expiration will look something like this:
94 // Sat, 15-Apr-17 21:01:22 GMT
100 // We want to be pretty liberal, and support most non-ascii and non-digit
101 // characters as a delimiter. We can't treat : as a delimiter, because it
102 // is the delimiter for hh:mm:ss, and we want to keep this field together.
103 // We make sure to include - and +, since they could prefix numbers.
104 // If the cookie attribute came in in quotes (ex expires="XXX"), the quotes
105 // will be preserved, and we will get them here. So we make sure to include
106 // quote characters, and also \ for anything that was internally escaped.
123 // String field
127 // Match prefix, so we could match January, etc
133 }
134 }
136 // If we've gotten here, it means we've already found and parsed our
137 // month, and we have another string, which we would expect to be the
138 // the time zone name. According to the RFC and my experiments with
139 // how sites format their expirations, we don't have much of a reason
140 // to support timezones. We don't want to ever barf on user input,
141 // but this DCHECK should pass for well-formed data.
142 // DCHECK(token == "GMT");
143 }
144 // Numeric field w/ a colon
147 #ifdef COMPILER_MSVC
149 #else
151 #endif
156 // We should only ever encounter one time-like thing. If we're here,
157 // it means we've found a second, which shouldn't happen. We keep
158 // the first. This check should be ok for well-formed input:
159 // NOTREACHED();
160 }
161 // Numeric field
163 // Overflow with atoi() is unspecified, so we enforce a max length.
171 // If we're here, it means we've either found an extra numeric field,
172 // or a numeric field which was too long. For well-formed input, the
173 // following check would be reasonable:
174 // NOTREACHED();
175 }
176 }
177 }
180 // We didn't find all of the fields we need. For well-formed input, the
181 // following check would be reasonable:
182 // NOTREACHED() << "Cookie parse expiration failed: " << time_string;
184 }
186 // Normalize the year to expand abbreviated years to the full year.
192 // If our values are within their correct ranges, we got our time.
198 }
200 // One of our values was out of expected range. For well-formed input,
201 // the following check would be reasonable:
202 // NOTREACHED() << "Cookie exploded expiration failed: " << time_string;
205 }
214 }
220 // Here we are at the beginning of a cookie.
222 // Eat whitespace.
226 // Find cookie name.
231 // Find cookie value.
233 // Cookies may have no value, in this case '=' may or may not be there.
243 // i points to character after '"', potentially a ';'.
247 // i points to ';' or end of string.
248 }
249 }
251 // Eat ';'.
253 }
254 }
266 }
268 }