Skip to content

Commit

Permalink
Merge branch 'master' into feature/AG-18483
Browse files Browse the repository at this point in the history
  • Loading branch information
slavaleleka committed May 16, 2023
2 parents 2de8352 + 66582ca commit a4ed413
Show file tree
Hide file tree
Showing 9 changed files with 33 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Changed

- `trusted-set-cookie` and `trusted-set-cookie-reaload` scriptlets to not encode cookie name and value [#311](https://github.com/AdguardTeam/Scriptlets/issues/311)
- improved `prevent-fetch` — if `responseType` is not specified,
original response type is returned instead of `default` [#297](https://github.com/AdguardTeam/Scriptlets/issues/291)

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@adguard/scriptlets",
"version": "1.9.12",
"version": "1.9.13",
"description": "AdGuard's JavaScript library of Scriptlets and Redirect resources",
"scripts": {
"build": "babel-node bundler.js",
Expand Down
15 changes: 11 additions & 4 deletions src/helpers/cookie-utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,18 @@ export const getCookiePath = (rawPath) => {
* @param {string} rawName name argument of *set-cookie-* scriptlets
* @param {string} rawValue value argument of *set-cookie-* scriptlets
* @param {string} rawPath path argument of *set-cookie-* scriptlets
* @returns {string|null} string OR `null` if path is not supported
* @param {boolean} shouldEncode if cookie's name and value should be encoded
* @returns {string|null} string OR `null` if name or value is invalid
*/
export const concatCookieNameValuePath = (rawName, rawValue, rawPath) => {
// eslint-disable-next-line max-len
return `${encodeURIComponent(rawName)}=${encodeURIComponent(rawValue)}; ${getCookiePath(rawPath)};`;
export const concatCookieNameValuePath = (rawName, rawValue, rawPath, shouldEncode = true) => {
const COOKIE_BREAKER = ';';
// semicolon will cause the cookie to break
if (!shouldEncode && (rawName.includes(COOKIE_BREAKER) || `${rawValue}`.includes(COOKIE_BREAKER))) {
return null;
}
const name = shouldEncode ? encodeURIComponent(rawName) : rawName;
const value = shouldEncode ? encodeURIComponent(rawValue) : rawValue;
return `${name}=${value}; ${getCookiePath(rawPath)};`;
};

/**
Expand Down
4 changes: 4 additions & 0 deletions src/scriptlets/set-cookie-reload.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ import {
* - `/` — root path
* - `none` — to set no path at all
*
* > Note that the scriptlet encodes cookie names and values,
* e.g value `"{ test: 'value'}"` becomes `%7B%20test%3A%20'value'%7D`.
*
* **Examples**
* ```
* example.org#%#//scriptlet('set-cookie-reload', 'checking', 'ok')
Expand Down Expand Up @@ -66,6 +69,7 @@ export function setCookieReload(source, name, value, path = '/') {

const cookieToSet = concatCookieNameValuePath(name, validValue, path);
if (!cookieToSet) {
logMessage(source, 'Invalid cookie name or value');
return;
}

Expand Down
4 changes: 4 additions & 0 deletions src/scriptlets/set-cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ import {
* - `/` — root path
* - `none` — to set no path at all
*
* > Note that the scriptlet encodes cookie names and values,
* e.g value `"{ test: 'value'}"` becomes `%7B%20test%3A%20'value'%7D`.
*
* **Examples**
* ```
* example.org#%#//scriptlet('set-cookie', 'CookieConsent', '1')
Expand All @@ -62,6 +65,7 @@ export function setCookie(source, name, value, path = '/') {

const cookieToSet = concatCookieNameValuePath(name, validValue, path);
if (!cookieToSet) {
logMessage(source, 'Invalid cookie name or value');
return;
}

Expand Down
6 changes: 5 additions & 1 deletion src/scriptlets/trusted-set-cookie-reload.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ import {
* - `/` — root path
* - `none` — to set no path at all
*
* > Note that the scriptlet does not encode cookie names and values. As a result, if a cookie's name or value includes `;`,
* the scriptlet will not set the cookie since this may cause the cookie to break.
*
* **Examples**
* 1. Set cookie and reload the page after it
* ```
Expand Down Expand Up @@ -96,8 +99,9 @@ export function trustedSetCookieReload(source, name, value, offsetExpiresSec = '
return;
}

let cookieToSet = concatCookieNameValuePath(name, parsedValue, path);
let cookieToSet = concatCookieNameValuePath(name, parsedValue, path, false);
if (!cookieToSet) {
logMessage(source, 'Invalid cookie name or value');
return;
}

Expand Down
6 changes: 5 additions & 1 deletion src/scriptlets/trusted-set-cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ import {
* - `/` — root path
* - `none` — to set no path at all
*
* > Note that the scriptlet does not encode cookie names and values. As a result, if a cookie's name or value includes `;`,
* the scriptlet will not set the cookie since this may cause the cookie to break.
*
* **Examples**
* 1. Set cookie
* ```
Expand Down Expand Up @@ -88,8 +91,9 @@ export function trustedSetCookie(source, name, value, offsetExpiresSec = '', pat
return;
}

let cookieToSet = concatCookieNameValuePath(name, parsedValue, path);
let cookieToSet = concatCookieNameValuePath(name, parsedValue, path, false);
if (!cookieToSet) {
logMessage(source, 'Invalid cookie name or value');
return;
}

Expand Down
2 changes: 1 addition & 1 deletion tests/scriptlets/trusted-set-cookie-reload.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ describe('Test trusted-set-cookie-reload scriptlet', () => {
// and jest running test
const cookieValue = parseCookieString(document.cookie)[cName];
// Check only day, month and year
const currentDate = encodeURIComponent(Date().split(' ', 4).join(' '));
const currentDate = Date().split(' ', 4).join(' ');
const dateDiff = cookieValue.split(' ', 4).join(' ');

expect(dateDiff.startsWith(currentDate)).toBeTruthy();
Expand Down
2 changes: 1 addition & 1 deletion tests/scriptlets/trusted-set-cookie.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ test('Set cookie string', (assert) => {

assert.strictEqual(window.hit, 'FIRED', 'Hit was fired');
assert.strictEqual(document.cookie.includes(cName), true, 'Cookie name has been set');
assert.strictEqual(document.cookie.includes(encodeURIComponent(cValue)), true, 'Cookie value has been set');
assert.strictEqual(document.cookie.includes(cValue), true, 'Cookie value has been set');
clearCookie(cName);
});

Expand Down

0 comments on commit a4ed413

Please sign in to comment.