tags:

views:

25

answers:

2
Q: 

How to assign the value of document.cookie to your browser cookies?

I'm a developer (and therefore a tester) of a website. Our site accepts any JavaScript or HTML from an user but I haven't been successful in explaining the danger of it, as obvious as it is. So I would like to prove it by logging in as my boss to prove to him that there is definitely a real danger here. I think this will put down any of his arguments and let us move onto filtering content like this. (note this question is not about filtering, or other suggestions on JavaScript tricks)

I already know how to steal the value of the document.cookie variable, but once you have that string of name=value;name=value;..., how do you apply it to your own browser?

This is programming related because I am asking about tools which will help me debug my web program.

+1  A: 

Try the Firefox plugin Web Developer Toolbar. It has lots of useful functionality, including tools for creating and editing your own cookies.

Emil Vikström  2010-06-10 17:02:54
I don't directly see this ability though... I did look at the toolbar. Thanks for the guess though!
Ricket  2010-06-10 17:38:35
The user interface isn't great, but on the "View Cookies" page is a button to edit or add cookies. There are other similar plugins that afford the same capabilities.
VoteyDisciple  2010-06-10 19:03:58
These are edited one at a time though. I have a string, such as is shown by javascript:void(alert(document.cookie)) [run that in your address bar] - it has a good number of cookies, and several of the cookies are pretty large. To split it by hand and enter them one by one is not optimal. See my posted answer for the kind of thing I was looking for...
Ricket  2010-06-14 19:32:59
A: 

I wrote a bit of JavaScript to do the trick, and it works great! Paste it into Firebug or collapse it into one line and run it in the address bar: (be sure to change the expiration date if desired)

cookies="PASTE THE document.cookie STRING HERE";
cookies_a=cookies.split("; ");
for(i=0;i<cookies_a.length;i++){
    document.cookie = cookies_a[i]+"; expires=Thu, 2 Aug 2012 20:47:11 UTC; path=/";
}

Tested in Firefox, not other browsers.

Ricket  2010-06-14 19:28:51

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript