[soup] Prevent setting or editing httpOnly cookies from JavaScript
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2012 00:33:03 +0000 (00:33 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2012 00:33:03 +0000 (00:33 +0000)
commit312c472c8b5d2c66b7a97827c7f4941df37f13f1
tree0782ad43ec09315b5c932d90581d6e4303dbf7e4
parent20330461e39d603b32ab77faeb533b6994403290
[soup] Prevent setting or editing httpOnly cookies from JavaScript
https://bugs.webkit.org/show_bug.cgi?id=88760

Patch by Christophe Dumez <christophe.dumez@intel.com> on 2012-06-12
Reviewed by Gustavo Noronha Silva.

Source/WebCore:

Prevent setting or overwriting httpOnly cookies from JavaScript.
Fix setCookies() so that it parses all the cookies and not just
the first one.

Test: http/tests/cookies/js-get-and-set-http-only-cookie.html

* platform/network/soup/CookieJarSoup.cpp:
(WebCore::httpOnlyCookieExists):
(WebCore):
(WebCore::setCookies):

Tools:

Update libsoup to v2.39.2, glib to v2.33.2 and glib-networking
to v2.33.2 for both GTK and EFL ports.

* efl/jhbuild.modules:
* gtk/jhbuild.modules:

LayoutTests:

Unskip http/tests/cookies/js-get-and-set-http-only-cookie.html for
both GTK and EFL ports now that that we don't allow overwriting
httpOnly cookies from JavaScript anymore.

* platform/efl/TestExpectations:
* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@120145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/platform/efl/TestExpectations
LayoutTests/platform/gtk/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/network/soup/CookieJarSoup.cpp
Tools/ChangeLog
Tools/efl/jhbuild.modules
Tools/gtk/jhbuild.modules