diff options
Diffstat (limited to 'core/java/android/webkit/CookieManager.java')
-rw-r--r-- | core/java/android/webkit/CookieManager.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/core/java/android/webkit/CookieManager.java b/core/java/android/webkit/CookieManager.java index d188a39..fca591f 100644 --- a/core/java/android/webkit/CookieManager.java +++ b/core/java/android/webkit/CookieManager.java @@ -833,22 +833,24 @@ public final class CookieManager { // "secure" is a known attribute doesn't use "="; // while sites like live.com uses "secure=" - if (length - index > SECURE_LENGTH + if (length - index >= SECURE_LENGTH && cookieString.substring(index, index + SECURE_LENGTH). equalsIgnoreCase(SECURE)) { index += SECURE_LENGTH; cookie.secure = true; + if (index == length) break; if (cookieString.charAt(index) == EQUAL) index++; continue; } // "httponly" is a known attribute doesn't use "="; // while sites like live.com uses "httponly=" - if (length - index > HTTP_ONLY_LENGTH + if (length - index >= HTTP_ONLY_LENGTH && cookieString.substring(index, index + HTTP_ONLY_LENGTH). equalsIgnoreCase(HTTP_ONLY)) { index += HTTP_ONLY_LENGTH; + if (index == length) break; if (cookieString.charAt(index) == EQUAL) index++; // FIXME: currently only parse the attribute continue; |