ssl/ezXSS

Broken copy cookies as JSON

vaadata-pascala opened this issue · 2 comments

vaadata-pascala commented

Hi,

The feature used to copy cookies as JSON is broken with some edge-case.

ezXSS/assets/js/ezxss4.js

Lines 274 to 282 in c1a46a6

var json = '[';
$.each(split, function (index, value) {
var cookieData = value.split('=');
var cookieName = cookieData[0];
var cookieValue = cookieData[1];
json += '{"domain":"' + origin + '","expirationDate":' + (Date.now() / 1000 + 31556926) + ',"hostOnly":true,"httpOnly":false,"name":"' + cookieName + '","path":"/","sameSite":"unspecified","secure":false,"session":false,"storeId": "0","value":"' + cookieValue + '","id":"' + (index + 1) + '"},';
});
json = json.substring(0, json.length - 1) + ']';

  • Since the JSON is built manually it does not handle special characters which can break the JSON if they appear in a cookie. An easy example is if a cookie's value contains the double quote character.
    • An easy way to fix this is to add JavaScript object to an array and use JSON.stringify on it at the end.
  • If the value of a cookie contains equals character, the character as well as everything following it is removed from the cookie (due to the split function).

I was also wondering, is it necessary to add constant or irrelevant data to the JSON ? For example, the path property could be false as well as the expirationDate.

Sincerely,

ssl commented

Hey @vaadata-pascala,

you have some valid points here. I will add it to my todo list and fix it in the next release.

ssl commented

Fixes this for the 4.2 release in c41e534