diff options
Diffstat (limited to 'testing/web-platform/tests/cookies/name')
-rw-r--r-- | testing/web-platform/tests/cookies/name/name-ctl.html | 63 | ||||
-rw-r--r-- | testing/web-platform/tests/cookies/name/name.html | 169 |
2 files changed, 232 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/name/name-ctl.html b/testing/web-platform/tests/cookies/name/name-ctl.html new file mode 100644 index 0000000000..6ff2305b3a --- /dev/null +++ b/testing/web-platform/tests/cookies/name/name-ctl.html @@ -0,0 +1,63 @@ +<!doctype html> +<html> + <head> + <meta charset=utf-8> + <title>Test cookie name parsing with control characters</title> + <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> + </head> + <body> + <div id=log></div> + <script> + // Tests for control characters (CTLs) in a cookie's name. + // CTLs are defined by RFC 5234 to be %x00-1F / %x7F. + const CTLS = getCtlCharacters(); + + // All CTLs, with the exception of %x09 (the tab character), should + // cause the cookie to be rejected. + for (const ctl of CTLS) { + if (ctl.code === 0x09) { + domCookieTest( + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + `Cookie with %x${ctl.code.toString(16)} in name is accepted (DOM).`); + } else { + domCookieTest( + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + '', + `Cookie with %x${ctl.code.toString(16)} in name is rejected (DOM).`); + } + } + + // Note that per RFC 9110, %x00, %x0A, and %x0D characters in the HTTP + // header MUST either cause the HTTP message to be rejected or be + // replaced with %x20 (space) characters. Both cases will result in a + // passing test here. For more info, see: + // https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5 + for (const ctl of CTLS) { + if (ctl.code === 0x09) { + httpCookieTest( + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + `Cookie with %x${ctl.code.toString(16)} in name is accepted (HTTP).`); + } else if (ctl.code === 0x00 || ctl.code === 0x0A || ctl.code === 0x0D) { + httpCookieTest( + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + `test${ctl.code} name=${ctl.code}`, + `Cookie with %x${ctl.code.toString(16)} in name is rejected or modified (HTTP).`, + /* defaultPath */ true, /* allowFetchFailure */ true); + } else { + httpCookieTest( + `test${ctl.code}${ctl.chr}name=${ctl.code}`, + '', + `Cookie with %x${ctl.code.toString(16)} in name is rejected (HTTP).`); + } + } + </script> + </body> +</html> diff --git a/testing/web-platform/tests/cookies/name/name.html b/testing/web-platform/tests/cookies/name/name.html new file mode 100644 index 0000000000..d7fe05560e --- /dev/null +++ b/testing/web-platform/tests/cookies/name/name.html @@ -0,0 +1,169 @@ +<!doctype html> +<html> + <head> + <meta charset=utf-8> + <title>Test cookie name parsing</title> + <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> + </head> + <body> + <div id=log></div> + <script> + const nameTests = [ + { + cookie: "test1=; path = /", + expected: "test1=", + name: "Set valueless cookie to its name with empty value", + defaultPath: false, + }, + { + cookie: "=test=2", + expected: "test=2", + name: "Set a nameless cookie (that has an = in its value)", + }, + { + cookie: "===test=2b", + expected: "==test=2b", + name: "Set a nameless cookie (that has multiple ='s in its value)", + }, + { + cookie: "=test2c", + expected: "test2c", + name: "Set a nameless cookie", + }, + { + cookie: "test =3", + expected: "test=3", + name: "Remove trailing WSP characters from the name string", + }, + { + cookie: " test=4", + expected: "test=4", + name: "Remove leading WSP characters from the name string", + }, + { + cookie: ['"test=5"=test', '"test=5'], + expected: '"test=5', + name: "Only return the new cookie (with the same name)", + }, + { + cookie: "test6;cool=dude", + expected: "test6", + name: "Ignore invalid attributes after nameless cookie", + }, + { + cookie: "$Version=1; test=7", + expected: "$Version=1", + name: "Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute)", + }, + { + cookie: "test test=8", + expected: "test test=8", + name: "Set a cookie that has whitespace in its name", + }, + { + cookie: '"test9;test"=9', + expected: '"test9', + name: "Set a nameless cookie ignoring characters after first ;", + }, + { + cookie: '"test\"10;baz"=qux', + expected: '"test\"10', + name: "Set a nameless cookie ignoring characters after first ; (2)", + }, + { + cookie: ["=test=11", "test11"], + expected: "test11", + name: "Return the most recent nameless cookie", + }, + { + cookie: ["test11", "test11a"], + expected: "test11a", + name: "Return the most recent nameless cookie, without leading =", + }, + { + cookie: ["test11", "test11a", "=test11b"], + expected: "test11b", + name: "Return the most recent nameless cookie, even if preceded by =", + }, + { + cookie: ["test11", "test11a", "=test11b", "test=11c"], + expected: "test11b; test=11c", + name: "Return the most recent nameless cookie, even if preceded by =, in addition to other valid cookie", + }, + { + cookie: ["test12=11", "test12=12"], + expected: "test12=12", + name: "Use last value for cookies with identical names", + }, + { + cookie: ["testA=13", "testB=13"], + expected: "testA=13; testB=13", + name: "Keep first-in, first-out name order", + }, + { + cookie: ["a=test14", "z=test14"], + expected: "a=test14; z=test14", + name: "Keep first-in, first-out single-char name order", + }, + { + cookie: ["z=test15", "a=test15"], + expected: "z=test15; a=test15", + name: "Keep non-alphabetic first-in, first-out name order", + }, + { + cookie: "z=test16, a=test16", + expected: "z=test16, a=test16", + name: "Keep first-in, first-out order if comma-separated", + }, + { + cookie: ["testA=16", "=test16", "testB=16"], + expected: "testA=16; test16; testB=16", + name: "Set nameless cookie, given `Set-Cookie: =test16`", + }, + { + cookie: ["test17a", "test17b"], + expected: "test17b", + name: "Overwrite nameless cookie", + }, + { + cookie: ["=__Secure-abc=123", "=__Host-abc=123", "=__SeCuRe-abc=123", "=__HoSt-abc=123", "__Secure-abc", "__Host-abc", "__SeCuRe-abc", "__HoSt-abc"], + expected: "", + name: "Ignore nameless cookies that impersonate cookie prefixes", + }, + { + cookie: "=", + expected: "", + name: "Ignore cookie with empty name and empty value", + }, + { + cookie: "", + expected: "", + name: "Ignore cookie with no name or value", + }, + { + cookie: "%74%65%73%74=20", + expected: "%74%65%73%74=20", + name: "URL-encoded cookie name is not decoded", + }, + ]; + + for (const test of nameTests) { + httpCookieTest(test.cookie, test.expected, test.name); + } + + for (const name of ["a", "1", "$", "!a", "@a", "#a", "$a", "%a", + "^a", "&a", "*a", "(a", ")a", "-a", "_a", "+", + '"a', '"a=b"' + ]) { + const cookie = `${name}=test`; + httpCookieTest(cookie, cookie, `Name is set as expected for ${name}=test`); + } + </script> + </body> +</html> |