From 11a48561e0987419a54da2c9fd6ebd7ff202a3fe Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Sat, 23 Mar 2024 11:00:45 -0400 Subject: [PATCH] Improve `[trusted-]set-cookie` scriptlets Related issues: - https://github.com/uBlockOrigin/uBlock-issues/issues/3178 - https://github.com/uBlockOrigin/uBlock-issues/issues/2777 --- assets/resources/scriptlets.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/assets/resources/scriptlets.js b/assets/resources/scriptlets.js index 8a00a3a7b..bbef27248 100644 --- a/assets/resources/scriptlets.js +++ b/assets/resources/scriptlets.js @@ -969,6 +969,16 @@ function setCookieFn( path = '', options = {}, ) { + // https://datatracker.ietf.org/doc/html/rfc2616#section-2.2 + // https://github.com/uBlockOrigin/uBlock-issues/issues/2777 + if ( trusted === false && /[^!#$%&'*+\-.0-9A-Z[\]^_`a-z|~]/.test(name) ) { + name = encodeURIComponent(name); + } + // https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1 + if ( /[^!#-+\--:<-[\]-~]/.test(value) ) { + value = encodeURIComponent(value); + } + const cookieBefore = getCookieFn(name); if ( cookieBefore !== undefined && options.dontOverwrite ) { return; } if ( cookieBefore === value && options.reload ) { return; } @@ -3713,7 +3723,6 @@ function setCookie( if ( name === '' ) { return; } const safe = safeSelf(); const logPrefix = safe.makeLogPrefix('set-cookie', name, value, path); - name = encodeURIComponent(name); const validValues = [ 'accept', 'reject',