[Webkit-unassigned] [Bug 85028] [BlackBerry] Cookies should be checked during parsing to improve performance.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 7 08:16:32 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=85028





--- Comment #6 from Joe Mason <jmason at rim.com>  2012-05-07 08:16:31 PST ---
In the original code:

if (cookie->domain()[0] == '.') {
    // Check if the domain contains an embedded dot.
    size_t dotPosition = cookie->domain().find(".", 1);
    if (dotPosition == notFound || dotPosition == cookie->domain().length()) {
        LOG_ERROR("Cookie %s is rejected because its domain does not contain an embedded dot.\n", cookie->toString().utf8().data());
        return true;
    }
}

// The request host should domain match the Domain attribute.
// Domain string starts with a dot, so a.b.com should domain match .a.b.com.
// add a "." at beginning of host name, because it can handle many cases such as
// a.b.com matches b.com, a.b.com matches .B.com and a.b.com matches .A.b.Com
// and so on.
String hostDomainName = url.host();
hostDomainName = hostDomainName.startsWith(".") ? hostDomainName : "." + hostDomainName;
if (!hostDomainName.endsWith(cookie->domain(), false)) {
    LOG_ERROR("Cookie %s is rejected because its domain does not domain match the URL %s\n", cookie->toString().utf8().data(), url.string().utf8().data());
    return true;
}

// We should check for an embedded dot in the portion of string in the host not in the domain
// but to match firefox behaviour we do not.

return false; 


So for .xxxxx, cookie->domain()[0] is '.' and it skips the first "if" statement entirely.  Then the second "if" statement looks only at url.host() so the dot position in the domain doesn't matter.  Then it returns false, meaning "do not reject this cookie".

Am I reading that wrong?


The new code does:

// Check if the domain contains an embedded dot.
size_t dotPosition = parsedValue.find(".", 1);
if (dotPosition == notFound || dotPosition == parsedValue.length())
    LOG_AND_DELETE("Invalid cookie %s (domain): it does not contain an embedded dot", cookie.ascii().data()); 

So for ".xxxxx", dotPosition is notFound since it's starting at position 1 and not position 0.  Which means it marks the cookie invalid and deletes it.


I'm assuming the old code is correct.  If not, we should file a different PR to fix the issue since this is a performance patch and should not cause any behaviour differences.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list