summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies/name
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/cookies/name')
-rw-r--r--testing/web-platform/tests/cookies/name/name-ctl.html63
-rw-r--r--testing/web-platform/tests/cookies/name/name.html169
2 files changed, 232 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/name/name-ctl.html b/testing/web-platform/tests/cookies/name/name-ctl.html
new file mode 100644
index 0000000000..6ff2305b3a
--- /dev/null
+++ b/testing/web-platform/tests/cookies/name/name-ctl.html
@@ -0,0 +1,63 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie name parsing with control characters</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ // Tests for control characters (CTLs) in a cookie's name.
+ // CTLs are defined by RFC 5234 to be %x00-1F / %x7F.
+ const CTLS = getCtlCharacters();
+
+ // All CTLs, with the exception of %x09 (the tab character), should
+ // cause the cookie to be rejected.
+ for (const ctl of CTLS) {
+ if (ctl.code === 0x09) {
+ domCookieTest(
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ `Cookie with %x${ctl.code.toString(16)} in name is accepted (DOM).`);
+ } else {
+ domCookieTest(
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ '',
+ `Cookie with %x${ctl.code.toString(16)} in name is rejected (DOM).`);
+ }
+ }
+
+ // Note that per RFC 9110, %x00, %x0A, and %x0D characters in the HTTP
+ // header MUST either cause the HTTP message to be rejected or be
+ // replaced with %x20 (space) characters. Both cases will result in a
+ // passing test here. For more info, see:
+ // https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5
+ for (const ctl of CTLS) {
+ if (ctl.code === 0x09) {
+ httpCookieTest(
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ `Cookie with %x${ctl.code.toString(16)} in name is accepted (HTTP).`);
+ } else if (ctl.code === 0x00 || ctl.code === 0x0A || ctl.code === 0x0D) {
+ httpCookieTest(
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ `test${ctl.code} name=${ctl.code}`,
+ `Cookie with %x${ctl.code.toString(16)} in name is rejected or modified (HTTP).`,
+ /* defaultPath */ true, /* allowFetchFailure */ true);
+ } else {
+ httpCookieTest(
+ `test${ctl.code}${ctl.chr}name=${ctl.code}`,
+ '',
+ `Cookie with %x${ctl.code.toString(16)} in name is rejected (HTTP).`);
+ }
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/name/name.html b/testing/web-platform/tests/cookies/name/name.html
new file mode 100644
index 0000000000..d7fe05560e
--- /dev/null
+++ b/testing/web-platform/tests/cookies/name/name.html
@@ -0,0 +1,169 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie name parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ const nameTests = [
+ {
+ cookie: "test1=; path = /",
+ expected: "test1=",
+ name: "Set valueless cookie to its name with empty value",
+ defaultPath: false,
+ },
+ {
+ cookie: "=test=2",
+ expected: "test=2",
+ name: "Set a nameless cookie (that has an = in its value)",
+ },
+ {
+ cookie: "===test=2b",
+ expected: "==test=2b",
+ name: "Set a nameless cookie (that has multiple ='s in its value)",
+ },
+ {
+ cookie: "=test2c",
+ expected: "test2c",
+ name: "Set a nameless cookie",
+ },
+ {
+ cookie: "test =3",
+ expected: "test=3",
+ name: "Remove trailing WSP characters from the name string",
+ },
+ {
+ cookie: " test=4",
+ expected: "test=4",
+ name: "Remove leading WSP characters from the name string",
+ },
+ {
+ cookie: ['"test=5"=test', '"test=5'],
+ expected: '"test=5',
+ name: "Only return the new cookie (with the same name)",
+ },
+ {
+ cookie: "test6;cool=dude",
+ expected: "test6",
+ name: "Ignore invalid attributes after nameless cookie",
+ },
+ {
+ cookie: "$Version=1; test=7",
+ expected: "$Version=1",
+ name: "Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute)",
+ },
+ {
+ cookie: "test test=8",
+ expected: "test test=8",
+ name: "Set a cookie that has whitespace in its name",
+ },
+ {
+ cookie: '"test9;test"=9',
+ expected: '"test9',
+ name: "Set a nameless cookie ignoring characters after first ;",
+ },
+ {
+ cookie: '"test\"10;baz"=qux',
+ expected: '"test\"10',
+ name: "Set a nameless cookie ignoring characters after first ; (2)",
+ },
+ {
+ cookie: ["=test=11", "test11"],
+ expected: "test11",
+ name: "Return the most recent nameless cookie",
+ },
+ {
+ cookie: ["test11", "test11a"],
+ expected: "test11a",
+ name: "Return the most recent nameless cookie, without leading =",
+ },
+ {
+ cookie: ["test11", "test11a", "=test11b"],
+ expected: "test11b",
+ name: "Return the most recent nameless cookie, even if preceded by =",
+ },
+ {
+ cookie: ["test11", "test11a", "=test11b", "test=11c"],
+ expected: "test11b; test=11c",
+ name: "Return the most recent nameless cookie, even if preceded by =, in addition to other valid cookie",
+ },
+ {
+ cookie: ["test12=11", "test12=12"],
+ expected: "test12=12",
+ name: "Use last value for cookies with identical names",
+ },
+ {
+ cookie: ["testA=13", "testB=13"],
+ expected: "testA=13; testB=13",
+ name: "Keep first-in, first-out name order",
+ },
+ {
+ cookie: ["a=test14", "z=test14"],
+ expected: "a=test14; z=test14",
+ name: "Keep first-in, first-out single-char name order",
+ },
+ {
+ cookie: ["z=test15", "a=test15"],
+ expected: "z=test15; a=test15",
+ name: "Keep non-alphabetic first-in, first-out name order",
+ },
+ {
+ cookie: "z=test16, a=test16",
+ expected: "z=test16, a=test16",
+ name: "Keep first-in, first-out order if comma-separated",
+ },
+ {
+ cookie: ["testA=16", "=test16", "testB=16"],
+ expected: "testA=16; test16; testB=16",
+ name: "Set nameless cookie, given `Set-Cookie: =test16`",
+ },
+ {
+ cookie: ["test17a", "test17b"],
+ expected: "test17b",
+ name: "Overwrite nameless cookie",
+ },
+ {
+ cookie: ["=__Secure-abc=123", "=__Host-abc=123", "=__SeCuRe-abc=123", "=__HoSt-abc=123", "__Secure-abc", "__Host-abc", "__SeCuRe-abc", "__HoSt-abc"],
+ expected: "",
+ name: "Ignore nameless cookies that impersonate cookie prefixes",
+ },
+ {
+ cookie: "=",
+ expected: "",
+ name: "Ignore cookie with empty name and empty value",
+ },
+ {
+ cookie: "",
+ expected: "",
+ name: "Ignore cookie with no name or value",
+ },
+ {
+ cookie: "%74%65%73%74=20",
+ expected: "%74%65%73%74=20",
+ name: "URL-encoded cookie name is not decoded",
+ },
+ ];
+
+ for (const test of nameTests) {
+ httpCookieTest(test.cookie, test.expected, test.name);
+ }
+
+ for (const name of ["a", "1", "$", "!a", "@a", "#a", "$a", "%a",
+ "^a", "&a", "*a", "(a", ")a", "-a", "_a", "+",
+ '"a', '"a=b"'
+ ]) {
+ const cookie = `${name}=test`;
+ httpCookieTest(cookie, cookie, `Name is set as expected for ${name}=test`);
+ }
+ </script>
+ </body>
+</html>