diff options
Diffstat (limited to 'testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html')
-rw-r--r-- | testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html new file mode 100644 index 0000000000..e741dfd9c2 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html @@ -0,0 +1,99 @@ +<!doctype html> +<html> + <head> + <meta charset=utf-8> + <title>Test cookie attribute parsing with control characters</title> + <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> + </head> + <body> + <div id=log></div> + <script> + const host = "{{host}}"; + const path = "/cookies/attributes"; + + // Tests for control characters (CTLs) in a cookie's attribute values. + // CTLs are defined by RFC 5234 to be %x00-1F / %x7F. + const CTLS = getCtlCharacters(); + + // All CTLs, with the exception of %x09 (the tab character), should + // cause the cookie to be rejected. + // In these tests we rely on subsequent attributes with the same name + // overriding the earlier one. In the cases where the control character + // should cause the entire cookie line to be rejected, if the control + // character were not present the cookie line should be one that + // would not be rejected. That way, if the attribute value is ignored + // instead of the cookie line being rejected, the test will catch it. + for (const ctl of CTLS) { + const controlCharacterAttributeTests = [ + { + cookie: `test${ctl.code}domain=t; Domain=test${ctl.chr}.co; Domain=${host};`, + name: `Cookie with %x${ctl.code.toString(16)} in Domain attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}domain2=t; Domain=${host}${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after Domain attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}path=t; Path=/te${ctl.chr}st; Path=${path}`, + name: `Cookie with %x${ctl.code.toString(16)} in Path attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}path2=t; Path=${path}${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after Path attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}maxage=t; Max-Age=10${ctl.chr}00; Max-Age=1000;`, + name: `Cookie with %x${ctl.code.toString(16)} in Max-Age attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}maxage2=t; Max-Age=1000${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after Max-Age attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}expires=t; Expires=Fri, 01 Jan 20${ctl.chr}38 00:00:00 GMT; ` + + 'Expires=Fri, 01 Jan 2038 00:00:00 GMT;', + name: `Cookie with %x${ctl.code.toString(16)} in Expires attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}expires2=t; Expires=Fri, 01 Jan 2038 00:00:00 GMT${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after Expires attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}secure=t; Sec${ctl.chr}ure;`, + name: `Cookie with %x${ctl.code.toString(16)} in Secure attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}secure2=t; Secure${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after Secure attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}httponly=t; Http${ctl.chr}Only;`, + name: `Cookie with %x${ctl.code.toString(16)} in HttpOnly attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}samesite=t; SameSite=La${ctl.chr}x; SameSite=Lax;`, + name: `Cookie with %x${ctl.code.toString(16)} in SameSite attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}samesite2=t; SameSite=Lax${ctl.chr};`, + name: `Cookie with %x${ctl.code.toString(16)} after SameSite attribute value is handled correctly.`, + }, + ]; + + for (const test of controlCharacterAttributeTests) { + if (ctl.code === 0x09) { + domCookieTest(test.cookie, test.cookie.split(";")[0], test.name); + } else { + domCookieTest(test.cookie, "", test.name); + } + } + } + </script> + </body> +</html> |