cookie jar code: enhance security by keeping track of effective TLDs

The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".

Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706

1 files changed, 17 insertions, 0 deletions

diff --git a/src/network/access/qnetworkcookiejartlds_p.h.INFO b/src/network/access/qnetworkcookiejartlds_p.h.INFO
new file mode 100644
index 0000000000..57a8d0e0cc
--- /dev/null
+++ b/src/network/access/qnetworkcookiejartlds_p.h.INFO
@@ -0,0 +1,17 @@
+The file qnetworkcookiejartlds_p.h is generated from the Public Suffix
+List (see [1] and [2]), by the program residing at
+util/network/cookiejar-generateTLDs in the Qt source tree.
+
+That program generates a character array and an index array from the
+list to provide fast lookups of elements within C++.
+
+Those arrays in qnetworkcookiejartlds_p.h are derived from the Public
+Suffix List ([2]), which was originally provided by
+Jo Hermans <jo.hermans@gmail.com>.
+
+The file qnetworkcookiejartlds_p.h was last generated Friday,
+November 19th 15:24 2010.
+
+----
+[1] list: http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1
+[2] homepage: http://publicsuffix.org/