search

cloudflare / lua-resty-cookie

Lua library for HTTP cookie manipulations for OpenResty/ngx_lua
347 stars 160 forks source link

There are some problems in obtaining cookies #33

Open Liang2580 opened 4 years ago

Liang2580 commented 4 years ago

Assume that the client's cookie is Hm_lvt_ff7f6fcad4e6116760e7b632f9614dc2=1583134761; Hm_lvt_137ae1af30761db81edff2e16f0bf0f8=1583134761; Hm_lpvt_ff7f6fcad4e6116760e7b632f9614dc2=1583309076 Hm_lpvt_137ae1af30761db81edff2e16f0bf0f8=<img src=x onerror=alert(1)>

Then get the following: {"Hm_lvt_ff7f6fcad4e6116760e7b632f9614dc2":"1583134761","onerror":"alert(1)>","Hm_lvt_137ae1af30761db81edff2e16f0bf0f8":"1583134761","Hm_lpvt_137ae1af30761db81edff2e16f0bf0f8":"<img","Hm_lpvt_ff7f6fcad4e6116760e7b632f9614dc2":"1583309076","src":"x"}

This confused me. I also plan to modify some of your code logic