diff options
Diffstat (limited to 'testing/web-platform/tests/cookies/size')
| -rw-r--r-- | testing/web-platform/tests/cookies/size/attributes.www.sub.html | 121 | ||||
| -rw-r--r-- | testing/web-platform/tests/cookies/size/name-and-value.html | 83 |
2 files changed, 204 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/size/attributes.www.sub.html b/testing/web-platform/tests/cookies/size/attributes.www.sub.html new file mode 100644 index 0000000000..2500daef96 --- /dev/null +++ b/testing/web-platform/tests/cookies/size/attributes.www.sub.html @@ -0,0 +1,121 @@ +<!doctype html> +<html> + +<head> + <meta charset=utf-8> + <title>Test cookie attribute size restrictions</title> + <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> +</head> + +<body> + <div id=log></div> + <script> + const host = "{{host}}"; + const attrSizeTests = [ + { + cookie: `test=1; path=/cookies/size; path=/cookies/siz${"e".repeat(1024)}`, + expected: "test=1", + name: "Too long path attribute (>1024 bytes) is ignored; previous valid path wins.", + defaultPath: false, + }, + { + cookie: `test=2; path=/cookies/siz${"e".repeat(1024)}; path=/cookies/size`, + expected: "test=2", + name: "Too long path attribute (>1024 bytes) is ignored; next valid path wins.", + defaultPath: false, + }, + { + // Look for the cookie using the default path to ensure that it + // doesn't show up if the path attribute actually takes effect. + cookie: `test=3; path=/${"a".repeat(1023)};`, + expected: "", + name: "Max size path attribute (1024 bytes) is not ignored", + }, + { + // Look for the cookie using the default path to ensure that it + // shows up if the path is ignored. + cookie: `test=4; path=/${"a".repeat(1024)};`, + expected: "test=4", + name: "Too long path attribute (>1024 bytes) is ignored", + }, + { + // This page opens on the www subdomain, so we set domain to {{host}} + // to see if anything works as expected. Using a valid domain other + // than ${host} will cause the cookie to fail to be set. + + // NOTE: the domain we use for testing here is technically invalid per + // the RFCs that define the format of domain names, but currently + // neither RFC6265bis or the major browsers enforce those restrictions + // when parsing cookie domain attributes. If that changes, update these + // tests. + cookie: `test=5; domain=${host}; domain=${"a".repeat(1024)}.com`, + expected: "test=5", + name: "Too long domain attribute (>1024 bytes) is ignored; previous valid domain wins.", + }, + { + cookie: `test=6; domain=${"a".repeat(1024)}.com; domain=${host}`, + expected: "test=6", + name: "Too long domain attribute (>1024 bytes) is ignored; next valid domain wins.", + }, + { + cookie: `test=7; domain=${"a".repeat(1020)}.com;`, + expected: "", + name: "Max size domain attribute (1024 bytes) is not ignored" + }, + { + cookie: `test=8; domain=${"a".repeat(1021)}.com;`, + expected: "test=8", + name: "Too long domain attribute (>1024 bytes) is ignored" + }, + { + cookie: cookieStringWithNameAndValueLengths(2048, 2048) + + `; domain=${"a".repeat(1020)}.com; domain=${host}`, + expected: cookieStringWithNameAndValueLengths(2048, 2048), + name: "Set cookie with max size name/value pair and max size attribute value", + }, + { + // RFC6265bis doesn't specify a maximum size of the entire Set-Cookie + // header, although some browsers do + cookie: cookieStringWithNameAndValueLengths(2048, 2048) + + `; domain=${"a".repeat(1020)}.com` + + `; domain=${"a".repeat(1020)}.com` + + `; domain=${"a".repeat(1020)}.com` + + `; domain=${"a".repeat(1020)}.com; domain=${host}`, + expected: cookieStringWithNameAndValueLengths(2048, 2048), + name: "Set cookie with max size name/value pair and multiple max size attributes (>8k bytes total)", + }, + { + cookie: `test=11; max-age=${"1".repeat(1024)};`, + expected: "test=11", + name: "Max length Max-Age attribute value (1024 bytes) doesn't cause cookie rejection" + }, + { + cookie: `test=12; max-age=${"1".repeat(1025)};`, + expected: "test=12", + name: "Too long Max-Age attribute value (>1024 bytes) doesn't cause cookie rejection" + }, + { + cookie: `test=13; max-age=-${"1".repeat(1023)};`, + expected: "", + name: "Max length negative Max-Age attribute value (1024 bytes) doesn't get ignored" + }, + { + cookie: `test=14; max-age=-${"1".repeat(1024)};`, + expected: "test=14", + name: "Too long negative Max-Age attribute value (>1024 bytes) gets ignored" + }, + ]; + + for (const test of attrSizeTests) { + httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath); + } + </script> +</body> + +</html> diff --git a/testing/web-platform/tests/cookies/size/name-and-value.html b/testing/web-platform/tests/cookies/size/name-and-value.html new file mode 100644 index 0000000000..b387bd2d54 --- /dev/null +++ b/testing/web-platform/tests/cookies/size/name-and-value.html @@ -0,0 +1,83 @@ +<!doctype html> +<html> + +<head> + <meta charset=utf-8> + <title>Test cookie name size restrictions</title> + <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> +</head> + +<body> + <div id=log></div> + <script> + const nameAndValueSizeTests = [ + { + cookie: cookieStringWithNameAndValueLengths(2048, 2048), + expected: cookieStringWithNameAndValueLengths(2048, 2048), + name: "Set max-size cookie with largest possible name and value (4096 bytes)", + }, + { + cookie: cookieStringWithNameAndValueLengths(4097, 1), + expected: "", + name: "Ignore cookie with name larger than 4096 and 1 byte value", + }, + { + cookie: cookieStringWithNameAndValueLengths(4096, 0), + expected: cookieStringWithNameAndValueLengths(4096, 0), + name: "Set max-size value-less cookie", + }, + { + cookie: cookieStringWithNameAndValueLengths(4097, 0), + expected: "", + name: "Ignore value-less cookie with name larger than 4096 bytes", + }, + { + cookie: cookieStringWithNameAndValueLengths(1, 4095), + expected: cookieStringWithNameAndValueLengths(1, 4095), + name: "Set max-size cookie with largest possible value (4095 bytes)", + }, + { + cookie: cookieStringWithNameAndValueLengths(1, 4096), + expected: "", + name: "Ignore named cookie (with non-zero length) and value larger than 4095 bytes", + }, + { + cookie: cookieStringWithNameAndValueLengths(4096, 1), + expected: "", + name: "Ignore named cookie with length larger than 4095 bytes, and a non-zero value", + }, + { + cookie: cookieStringWithNameAndValueLengths(0, 4096), + expected: cookieStringWithNameAndValueLengths(0, 4096).slice(1), // it won't come back with leading = + name: "Set max-size name-less cookie", + }, + { + cookie: cookieStringWithNameAndValueLengths(0, 4097), + expected: "", + name: "Ignore name-less cookie with value larger than 4096 bytes", + }, + { + cookie: cookieStringWithNameAndValueLengths(0, 4097).slice(1), // slice off leading = + expected: "", + name: "Ignore name-less cookie (without leading =) with value larger than 4096 bytes", + }, + { + cookie: cookieStringWithNameAndValueLengths(2048, 2048) + '; Max-Age:43110;', + expected: cookieStringWithNameAndValueLengths(2048, 2048), + name: "Set max-size cookie that also has an attribute", + }, + ]; + + for (const test of nameAndValueSizeTests) { + httpCookieTest(test.cookie, test.expected, test.name); + } + </script> +</body> + +</html> |