cookies: Use js-cookie to read and write cookies

Rather than reinvent the wheel, use a well-tested library to parse and write cookies. This should also help prevent XSS vulnerabilities because the library handles special characters such as semicolon.
2025-04-22 08:26:16 -04:00 · 2020-10-02 18:43:12 -04:00 · 2020-10-02 18:43:12 -04:00 · 3ab0f30ac8
commit 3ab0f30ac8
parent d55edebddd
9 changed files with 54 additions and 96 deletions
--- a/src/node/utils/Minify.js
+++ b/src/node/utils/Minify.js
@ -44,12 +44,13 @@ var threadsPool = Threads.Pool(function () {
 }, 2)

 var LIBRARY_WHITELIST = [
-      'async'
-    , 'security'
-    , 'tinycon'
-    , 'underscore'
-    , 'unorm'
-    ];
+  'async',
+  'js-cookie',
+  'security',
+  'tinycon',
+  'underscore',
+  'unorm',
+];

 // Rewrite tar to include modules with no extensions and proper rooted paths.
 var LIBRARY_PREFIX = 'ep_etherpad-lite/static/js';
--- a/src/node/utils/tar.json
+++ b/src/node/utils/tar.json
@ -17,6 +17,7 @@
  , "pad_connectionstatus.js"
  , "chat.js"
  , "gritter.js"
+  , "$js-cookie/src/js.cookie.js"
  , "$tinycon/tinycon.js"
  , "excanvas.js"
  , "farbtastic.js"