Exploit for Prototype Pollution in Salesforce Tough-Cookie

RFC6265 Cookies and CookieJar for Node.js Synopsis “` javascript var tough = require('tough-cookie'); var Cookie = tough.Cookie; var cookie = Cookie.parse(header); cookie.value = 'somethingdifferent'; header = cookie.toString(); var cookiejar = new tough.CookieJar(); cookiejar.setCookie(cookie, 'https://currentdomain.example.com/path', cb); // … cookiejar.getCookies('https://example.com/otherpath',function(err,cookies) { res.headers['cookie'] = cookies.join('; '); }); “` Installation It's so easy! npm install tough-cookie Why the name? NPM modules cookie, cookies and cookiejar were already taken. Version Support Support for versions of node.js will follow that of the request module. API tough Functions on the module you get from require('tough-cookie'). All can be used as pure functions and don't need to be "bound". Note: prior to 1.0.x, several of these functions took a strict parameter. This has since been removed from the API as it was no longer necessary. parseDate(string) Parse a cookie date string into a Date. Parses according to RFC6265 Section 5.1.1, not Date.parse(). formatDate(date) Format a Date into a RFC1123 string (the RFC6265-recommended format). canonicalDomain(str) Transforms a domain-name into a canonical domain-name. The canonical domain-name is a trimmed, lowercased, stripped-of-leading-dot and optionally punycode-encoded domain-name (Section 5.1.2 of RFC6265). For the most part, this function is idempotent (can be run again on its output…Read More