1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Test cookie secure attribute parsing (on non-secure page)</title>
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src="/cookies/resources/cookie-test.js"></script>
</head>
<body>
<script>
setTestContextUsingRootWindow();
// These tests are the non-secure analog to secure.https.html.
// They're not in the /cookies/attributes folder because they shouldn't
// be run by themselves. Instead, /cookies/attributes/secure.https.html
// opens this in a non-secure window.
const secureNonSecureTests = [
{
cookie: "test=1; Secure",
expected: "",
name: "(non-secure) Ignore cookie for Secure attribute",
},
{
cookie: "test=2; seCURe",
expected: "",
name: "(non-secure) Ignore cookie for seCURe attribute",
},
{
cookie: "test=3; Secure=",
expected: "",
name: "(non-secure) Ignore cookie for for Secure= attribute",
},
{
cookie: "test=4; Secure=aaaa",
expected: "",
name: "(non-secure) Ignore cookie for Secure=aaaa",
},
{
cookie: "test=5; Secure =aaaaa",
expected: "",
name: "(non-secure) Ignore cookie for Secure space equals",
},
{
cookie: "test=6; Secure= aaaaa",
expected: "",
name: "(non-secure) Ignore cookie for Secure equals space",
},
{
cookie: "test=7; Secure",
expected: "",
name: "(non-secure) Ignore cookie for spaced Secure",
},
{
cookie: "test=8; Secure ;",
expected: "",
name: "(non-secure) Ignore cookie for space Secure with ;",
},
{
cookie: "__Secure-test=9; Secure",
expected: "",
name: "(non-secure) Ignore cookie with __Secure- prefix and Secure",
},
{
cookie: "__Secure-test=10",
expected: "",
name: "(non-secure) Ignore cookie with __Secure- prefix and without Secure",
},
// This is really a test that the cookie name isn't URL-decoded, but this
// is here to be next to the other __Secure- prefix tests.
{
cookie: "__%53ecure-test=11",
expected: "__%53ecure-test=11",
name: "(non-secure) Cookie returned with __%53ecure- prefix and without Secure",
},
];
for (const test of secureNonSecureTests) {
httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
}
</script>
</body>
</html>
|
