tough-cookie
Advanced tools
Comparing version 2.3.2 to 2.3.3
@@ -56,2 +56,6 @@ /*! | ||
// For COOKIE_PAIR and LOOSE_COOKIE_PAIR below, the number of spaces has been | ||
// restricted to 256 to side-step a ReDoS issue reported here: | ||
// https://github.com/salesforce/tough-cookie/issues/92 | ||
// Double quotes are part of the value (see: S4.1.1). | ||
@@ -62,7 +66,7 @@ // '\r', '\n' and '\0' should be treated as a terminator in the "relaxed" mode | ||
// (see: https://github.com/ChromiumWebApps/chromium/blob/b3d3b4da8bb94c1b2e061600df106d590fda3620/net/cookies/parsed_cookie.cc#L64) | ||
var COOKIE_PAIR = /^(([^=;]+))\s*=\s*([^\n\r\0]*)/; | ||
var COOKIE_PAIR = /^(([^=;]+))\s{0,256}=\s*([^\n\r\0]*)/; | ||
// Used to parse non-RFC-compliant cookies like '=abc' when given the `loose` | ||
// option in Cookie.parse: | ||
var LOOSE_COOKIE_PAIR = /^((?:=)?([^=;]*)\s*=\s*)?([^\n\r\0]*)/; | ||
var LOOSE_COOKIE_PAIR = /^((?:=)?([^=;]*)\s{0,256}=\s*)?([^\n\r\0]*)/; | ||
@@ -1211,2 +1215,3 @@ // RFC6265 S4.1.1 defines path value as 'any CHAR except CTLs or ";"' | ||
} | ||
cookies = cookies.slice(); // do not modify the original | ||
@@ -1213,0 +1218,0 @@ function putNext(err) { |
@@ -46,3 +46,3 @@ { | ||
], | ||
"version": "2.3.2", | ||
"version": "2.3.3", | ||
"homepage": "https://github.com/salesforce/tough-cookie", | ||
@@ -49,0 +49,0 @@ "repository": { |
@@ -137,2 +137,5 @@ [RFC6265](https://tools.ietf.org/html/rfc6265) Cookies and CookieJar for Node.js | ||
_Potentially non-standard behavior:_ currently, tough-cookie will limit the number of spaces before the `=` to 256 characters. | ||
See [Issue 92](https://github.com/salesforce/tough-cookie/issues/92) | ||
### Properties | ||
@@ -139,0 +142,0 @@ |
Sorry, the diff of this file is too big to display
236744
2159
510
5