From 2a125e17ad8f61dbe2b4fbc5df50e24abf8afc93 Mon Sep 17 00:00:00 2001
From: delta456 <swstkbaranwal@gmail.com>
Date: Wed, 11 Sep 2024 16:45:47 +0530
Subject: [PATCH 1/4] java/cookie: escape cookie values when required
---
.../environment/webserver/CookieHandler.java | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
index a6abb8ca9c10a..2cbd3daf8d4b9 100644
--- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
+++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
@@ -116,9 +116,9 @@ private Collection<Cookie> getCookies(HttpRequest request) {
private void addCookie(HttpResponse response, Cookie cook) {
StringBuilder cookie = new StringBuilder();
- // TODO: escape string as necessary
- String name = cook.getName();
- cookie.append(name).append("=").append(cook.getValue()).append("; ");
+ String name = escapeCookieValue(cook.getName());
+ String value = escapeCookieValue(cook.getValue());
+ cookie.append(name).append("=").append(value).append("; ");
append(cookie, cook.getDomain(), str -> "Domain=" + str);
append(cookie, cook.getPath(), str -> "Path=" + str);
@@ -191,4 +191,16 @@ private Cookie parse(String cookieString) {
return builder.build();
}
+ private String escapeCookieValue(String value) {
+ if (value == null) {
+ return "";
+ }
+
+ return value.replace("\\", "\\\\")
+ .replace("\"", "\\\"")
+ .replace(";", "\\;")
+ .replace(",", "\\,")
+ .replace("\r", "")
+ .replace("\n", "");
+ }
}
From f45a4b6a151b67bd7c4fa29ce94a0ebfcc349df6 Mon Sep 17 00:00:00 2001
From: delta456 <swstkbaranwal@gmail.com>
Date: Wed, 11 Sep 2024 22:08:00 +0530
Subject: [PATCH 2/4] add xss escaping
---
.../selenium/environment/webserver/CookieHandler.java | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
index 2cbd3daf8d4b9..8514781951cf5 100644
--- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
+++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
@@ -192,7 +192,7 @@ private Cookie parse(String cookieString) {
return builder.build();
}
private String escapeCookieValue(String value) {
- if (value == null) {
+ if (value == null || value.isEmpty()) {
return "";
}
@@ -201,6 +201,9 @@ private String escapeCookieValue(String value) {
.replace(";", "\\;")
.replace(",", "\\,")
.replace("\r", "")
- .replace("\n", "");
+ .replace("\n", "")
+ .replace("<", "<")
+ .replace(">", ">")
+ .replace("&", "&");
}
}
From 860a790fc262b5fb82c3cbeb407fbccfd039db03 Mon Sep 17 00:00:00 2001
From: delta456 <swstkbaranwal@gmail.com>
Date: Thu, 12 Sep 2024 12:37:59 +0530
Subject: [PATCH 3/4] firefox_profile.py: use `with` statement in zipfile as
Python 2.x support is dropped
---
py/selenium/webdriver/firefox/firefox_profile.py | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/py/selenium/webdriver/firefox/firefox_profile.py b/py/selenium/webdriver/firefox/firefox_profile.py
index 0deb2587a3acc..6b1dce381b387 100644
--- a/py/selenium/webdriver/firefox/firefox_profile.py
+++ b/py/selenium/webdriver/firefox/firefox_profile.py
@@ -276,17 +276,11 @@ def parse_manifest_json(content):
try:
if zipfile.is_zipfile(addon_path):
- # Bug 944361 - We cannot use 'with' together with zipFile because
- # it will cause an exception thrown in Python 2.6.
- # TODO: use with statement when Python 2.x is no longer supported
- try:
- compressed_file = zipfile.ZipFile(addon_path, "r")
+ with zipfile.ZipFile(addon_path, "r") as compressed_file:
if "manifest.json" in compressed_file.namelist():
return parse_manifest_json(compressed_file.read("manifest.json"))
manifest = compressed_file.read("install.rdf")
- finally:
- compressed_file.close()
elif os.path.isdir(addon_path):
manifest_json_filename = os.path.join(addon_path, "manifest.json")
if os.path.exists(manifest_json_filename):
From be94161915aef9f8567913674eb957f37dcce293 Mon Sep 17 00:00:00 2001
From: delta456 <swstkbaranwal@gmail.com>
Date: Thu, 12 Sep 2024 12:46:09 +0530
Subject: [PATCH 4/4] remove java changes
---
.../environment/webserver/CookieHandler.java | 21 +++----------------
1 file changed, 3 insertions(+), 18 deletions(-)
diff --git a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
index 8514781951cf5..a6abb8ca9c10a 100644
--- a/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
+++ b/java/test/org/openqa/selenium/environment/webserver/CookieHandler.java
@@ -116,9 +116,9 @@ private Collection<Cookie> getCookies(HttpRequest request) {
private void addCookie(HttpResponse response, Cookie cook) {
StringBuilder cookie = new StringBuilder();
- String name = escapeCookieValue(cook.getName());
- String value = escapeCookieValue(cook.getValue());
- cookie.append(name).append("=").append(value).append("; ");
+ // TODO: escape string as necessary
+ String name = cook.getName();
+ cookie.append(name).append("=").append(cook.getValue()).append("; ");
append(cookie, cook.getDomain(), str -> "Domain=" + str);
append(cookie, cook.getPath(), str -> "Path=" + str);
@@ -191,19 +191,4 @@ private Cookie parse(String cookieString) {
return builder.build();
}
- private String escapeCookieValue(String value) {
- if (value == null || value.isEmpty()) {
- return "";
- }
-
- return value.replace("\\", "\\\\")
- .replace("\"", "\\\"")
- .replace(";", "\\;")
- .replace(",", "\\,")
- .replace("\r", "")
- .replace("\n", "")
- .replace("<", "<")
- .replace(">", ">")
- .replace("&", "&");
- }
}