core/gui
8
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Harden storage preload persistence
Some checks are pending
Security Scan / security (push) Waiting to run
Details
Test / test (push) Waiting to run
Details

Browse source
This commit is contained in:
Snider 2026-04-15 20:10:06 +01:00
parent eba34209ae
commit 8e91384143
1 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
pkg/display/preload.go
View file

@ -125,6 +125,8 @@ func (s *Service) injectStoragePolyfills(pageOrigin string, bootstrap map[string
const __corePageURL = ` + core.JSONMarshalString(pageOrigin) + `;
const __coreOrigin = ` + core.JSONMarshalString(storageOriginForPageURL(pageOrigin)) + ` || __corePageURL;
const __coreCanInvoke = ` + core.JSONMarshalString(trustedOrigin) + `;
const __coreMaxPersistKeyBytes = 1024;
const __coreMaxPersistValueBytes = 1048576;
const __coreBootstrapStorage = ` + core.JSONMarshalString(bootstrap) + `;
const __coreScopes = globalThis.__coreStorageScopes || (globalThis.__coreStorageScopes = {});
const __scope = __coreScopes[__coreOrigin] || (__coreScopes[__coreOrigin] = { localStorage: {}, sessionStorage: {}, cookies: {}, indexedDB: {}, caches: {}, buckets: {}, opfs: {} });
@ -213,11 +215,30 @@ func (s *Service) injectStoragePolyfills(pageOrigin string, bootstrap map[string
}
hydrateBucket(bucketName, __scope[bucketName], bucket);
});
const byteLength = (value) => {
const text = String(value ?? "");
if (typeof TextEncoder !== "undefined") {
return new TextEncoder().encode(text).length;
}
return text.length;
};
const withinPersistBounds = (bucket, key, value) => {
if (bucket === "sessionStorage") {
return true;
}
if (byteLength(key) > __coreMaxPersistKeyBytes) {
return false;
}
if (byteLength(value) > __coreMaxPersistValueBytes) {
return false;
}
return true;
};
const persist = (bucket, key, value) => {
if (!__coreCanInvoke) {
return;
}
if (bucket === "sessionStorage") {
if (!withinPersistBounds(bucket, key, value)) {
return;
}
__coreBridge.invoke('display.storage.set', { origin: __coreOrigin, bucket, key, value }).catch(() => undefined);