Adding upstream version 110.0.1.upstream/110.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
commit: 43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree: 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/size
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
2 files changed, 204 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/size/attributes.www.sub.html b/testing/web-platform/tests/cookies/size/attributes.www.sub.html
new file mode 100644
index 0000000000..2500daef96
--- /dev/null
+++ b/testing/web-platform/tests/cookies/size/attributes.www.sub.html
@@ -0,0 +1,121 @@
+<!doctype html>
+<html>
+
+<head>
+  <meta charset=utf-8>
+  <title>Test cookie attribute size restrictions</title>
+  <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4">
+  <meta name="timeout" content="long">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/resources/testdriver.js"></script>
+  <script src="/resources/testdriver-vendor.js"></script>
+  <script src="/cookies/resources/cookie-test.js"></script>
+</head>
+
+<body>
+  <div id=log></div>
+  <script>
+    const host = "{{host}}";
+    const attrSizeTests = [
+      {
+        cookie: `test=1; path=/cookies/size; path=/cookies/siz${"e".repeat(1024)}`,
+        expected: "test=1",
+        name: "Too long path attribute (>1024 bytes) is ignored; previous valid path wins.",
+        defaultPath: false,
+      },
+      {
+        cookie: `test=2; path=/cookies/siz${"e".repeat(1024)}; path=/cookies/size`,
+        expected: "test=2",
+        name: "Too long path attribute (>1024 bytes) is ignored; next valid path wins.",
+        defaultPath: false,
+      },
+      {
+        // Look for the cookie using the default path to ensure that it
+        // doesn't show up if the path attribute actually takes effect.
+        cookie: `test=3; path=/${"a".repeat(1023)};`,
+        expected: "",
+        name: "Max size path attribute (1024 bytes) is not ignored",
+      },
+      {
+        // Look for the cookie using the default path to ensure that it
+        // shows up if the path is ignored.
+        cookie: `test=4; path=/${"a".repeat(1024)};`,
+        expected: "test=4",
+        name: "Too long path attribute (>1024 bytes) is ignored",
+      },
+      {
+        // This page opens on the www subdomain, so we set domain to {{host}}
+        // to see if anything works as expected. Using a valid domain other
+        // than ${host} will cause the cookie to fail to be set.
+
+        // NOTE: the domain we use for testing here is technically invalid per
+        // the RFCs that define the format of domain names, but currently
+        // neither RFC6265bis or the major browsers enforce those restrictions
+        // when parsing cookie domain attributes. If that changes, update these
+        // tests.
+        cookie: `test=5; domain=${host}; domain=${"a".repeat(1024)}.com`,
+        expected: "test=5",
+        name: "Too long domain attribute (>1024 bytes) is ignored; previous valid domain wins.",
+      },
+      {
+        cookie: `test=6; domain=${"a".repeat(1024)}.com; domain=${host}`,
+        expected: "test=6",
+        name: "Too long domain attribute (>1024 bytes) is ignored; next valid domain wins.",
+      },
+      {
+        cookie: `test=7; domain=${"a".repeat(1020)}.com;`,
+        expected: "",
+        name: "Max size domain attribute (1024 bytes) is not ignored"
+      },
+      {
+        cookie: `test=8; domain=${"a".repeat(1021)}.com;`,
+        expected: "test=8",
+        name: "Too long domain attribute (>1024 bytes) is ignored"
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(2048, 2048) +
+          `; domain=${"a".repeat(1020)}.com; domain=${host}`,
+        expected: cookieStringWithNameAndValueLengths(2048, 2048),
+        name: "Set cookie with max size name/value pair and max size attribute value",
+      },
+      {
+        // RFC6265bis doesn't specify a maximum size of the entire Set-Cookie
+        // header, although some browsers do
+        cookie: cookieStringWithNameAndValueLengths(2048, 2048) +
+          `; domain=${"a".repeat(1020)}.com` +
+          `; domain=${"a".repeat(1020)}.com` +
+          `; domain=${"a".repeat(1020)}.com` +
+          `; domain=${"a".repeat(1020)}.com; domain=${host}`,
+        expected: cookieStringWithNameAndValueLengths(2048, 2048),
+        name: "Set cookie with max size name/value pair and multiple max size attributes (>8k bytes total)",
+      },
+      {
+        cookie: `test=11; max-age=${"1".repeat(1024)};`,
+        expected: "test=11",
+        name: "Max length Max-Age attribute value (1024 bytes) doesn't cause cookie rejection"
+      },
+      {
+        cookie: `test=12; max-age=${"1".repeat(1025)};`,
+        expected: "test=12",
+        name: "Too long Max-Age attribute value (>1024 bytes) doesn't cause cookie rejection"
+      },
+      {
+        cookie: `test=13; max-age=-${"1".repeat(1023)};`,
+        expected: "",
+        name: "Max length negative Max-Age attribute value (1024 bytes) doesn't get ignored"
+      },
+      {
+        cookie: `test=14; max-age=-${"1".repeat(1024)};`,
+        expected: "test=14",
+        name: "Too long negative Max-Age attribute value (>1024 bytes) gets ignored"
+      },
+    ];
+
+    for (const test of attrSizeTests) {
+      httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+    }
+  </script>
+</body>
+
+</html>
diff --git a/testing/web-platform/tests/cookies/size/name-and-value.html b/testing/web-platform/tests/cookies/size/name-and-value.html
new file mode 100644
index 0000000000..b387bd2d54
--- /dev/null
+++ b/testing/web-platform/tests/cookies/size/name-and-value.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<html>
+
+<head>
+  <meta charset=utf-8>
+  <title>Test cookie name size restrictions</title>
+  <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4">
+  <meta name="timeout" content="long">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/resources/testdriver.js"></script>
+  <script src="/resources/testdriver-vendor.js"></script>
+  <script src="/cookies/resources/cookie-test.js"></script>
+</head>
+
+<body>
+  <div id=log></div>
+  <script>
+    const nameAndValueSizeTests = [
+      {
+        cookie: cookieStringWithNameAndValueLengths(2048, 2048),
+        expected: cookieStringWithNameAndValueLengths(2048, 2048),
+        name: "Set max-size cookie with largest possible name and value (4096 bytes)",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(4097, 1),
+        expected: "",
+        name: "Ignore cookie with name larger than 4096 and 1 byte value",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(4096, 0),
+        expected: cookieStringWithNameAndValueLengths(4096, 0),
+        name: "Set max-size value-less cookie",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(4097, 0),
+        expected: "",
+        name: "Ignore value-less cookie with name larger than 4096 bytes",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(1, 4095),
+        expected: cookieStringWithNameAndValueLengths(1, 4095),
+        name: "Set max-size cookie with largest possible value (4095 bytes)",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(1, 4096),
+        expected: "",
+        name: "Ignore named cookie (with non-zero length) and value larger than 4095 bytes",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(4096, 1),
+        expected: "",
+        name: "Ignore named cookie with length larger than 4095 bytes, and a non-zero value",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(0, 4096),
+        expected: cookieStringWithNameAndValueLengths(0, 4096).slice(1), // it won't come back with leading =
+        name: "Set max-size name-less cookie",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(0, 4097),
+        expected: "",
+        name: "Ignore name-less cookie with value larger than 4096 bytes",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(0, 4097).slice(1), // slice off leading =
+        expected: "",
+        name: "Ignore name-less cookie (without leading =) with value larger than 4096 bytes",
+      },
+      {
+        cookie: cookieStringWithNameAndValueLengths(2048, 2048) + '; Max-Age:43110;',
+        expected: cookieStringWithNameAndValueLengths(2048, 2048),
+        name: "Set max-size cookie that also has an attribute",
+      },
+    ];
+
+    for (const test of nameAndValueSizeTests) {
+      httpCookieTest(test.cookie, test.expected, test.name);
+    }
+  </script>
+</body>
+
+</html>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
commit	43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree	620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/size
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip