diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html')
-rw-r--r-- | testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html new file mode 100644 index 0000000000..7950751e27 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html @@ -0,0 +1,114 @@ +<!doctype html> +<html> + <head> + <meta charset=utf-8> + <title>Test cookie attribute parsing with control characters</title> + <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> + </head> + <body> + <div id=log></div> + <script> + const host = "{{host}}"; + const path = "/cookies/attributes"; + + // Tests for control characters (CTLs) in a cookie's attribute values. + // CTLs are defined by RFC 5234 to be %x00-1F / %x7F. + const CTLS = getCtlCharacters(); + + // All CTLs, with the exception of %x09 (the tab character), should + // cause the cookie to be rejected. + // In these tests we rely on subsequent attributes with the same name + // overriding the earlier one. In the cases where the control character + // should cause the entire cookie line to be rejected, if the control + // character were not present the cookie line should be one that + // would not be rejected. That way, if the attribute value is ignored + // instead of the cookie line being rejected, the test will catch it. + for (const ctl of CTLS) { + // NOTE: 'expected' below is only expected in the case of the tab + // character. Otherwise, '' is expected. + const controlCharacterAttributeTests = [ + { + cookie: `test${ctl.code}domain=t; Domain=test${ctl.chr}.co; Domain=${host};`, + expected: `test${ctl.code}domain=t`, + name: `Cookie with %x${ctl.code.toString(16)} in Domain attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}domain2=t; Domain=${host}${ctl.chr};`, + expected: `test${ctl.code}domain2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after Domain attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}path=t; Path=/te${ctl.chr}st; Path=${path}`, + expected: `test${ctl.code}path=t`, + name: `Cookie with %x${ctl.code.toString(16)} in Path attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}path2=t; Path=${path}${ctl.chr};`, + expected: `test${ctl.code}path2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after Path attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}maxage=t; Max-Age=10${ctl.chr}00; Max-Age=1000;`, + expected: `test${ctl.code}maxage=t`, + name: `Cookie with %x${ctl.code.toString(16)} in Max-Age attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}maxage2=t; Max-Age=1000${ctl.chr};`, + expected: `test${ctl.code}maxage2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after Max-Age attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}expires=t; Expires=Fri, 01 Jan 20${ctl.chr}38 00:00:00 GMT; ` + + 'Expires=Fri, 01 Jan 2038 00:00:00 GMT;', + expected: `test${ctl.code}expires=t`, + name: `Cookie with %x${ctl.code.toString(16)} in Expires attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}expires2=t; Expires=Fri, 01 Jan 2038 00:00:00 GMT${ctl.chr};`, + expected: `test${ctl.code}expires2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after Expires attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}secure=t; Sec${ctl.chr}ure;`, + expected: `test${ctl.code}secure=t`, + name: `Cookie with %x${ctl.code.toString(16)} in Secure attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}secure2=t; Secure${ctl.chr};`, + expected: `test${ctl.code}secure2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after Secure attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}httponly=t; Http${ctl.chr}Only;`, + expected: `test${ctl.code}httponly=t`, + name: `Cookie with %x${ctl.code.toString(16)} in HttpOnly attribute is handled correctly.`, + }, + { + cookie: `test${ctl.code}samesite=t; SameSite=La${ctl.chr}x; SameSite=Lax;`, + expected: `test${ctl.code}samesite=t`, + name: `Cookie with %x${ctl.code.toString(16)} in SameSite attribute value is handled correctly.`, + }, + { + cookie: `test${ctl.code}samesite2=t; SameSite=Lax${ctl.chr};`, + expected: `test${ctl.code}samesite2=t`, + name: `Cookie with %x${ctl.code.toString(16)} after SameSite attribute value is handled correctly.`, + }, + ]; + + for (const test of controlCharacterAttributeTests) { + if (ctl.code === 0x09) { + domCookieTest(test.cookie, test.expected, test.name); + } else { + domCookieTest(test.cookie, "", test.name); + } + } + } + </script> + </body> +</html> |