tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

secure-non-secure-child.html (2836B)

      1 <!doctype html>
      2 <html>
      3  <head>
      4    <meta charset=utf-8>
      5    <title>Test cookie secure attribute parsing (on non-secure page)</title>
      6    <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
      7    <meta name="timeout" content="long">
      8    <script src="/resources/testharness.js"></script>
      9    <script src="/resources/testdriver.js"></script>
     10    <script src="/resources/testdriver-vendor.js"></script>
     11    <script src="/cookies/resources/cookie-test.js"></script>
     12  </head>
     13  <body>
     14    <script>
     15      setTestContextUsingRootWindow();
     16      // These tests are the non-secure analog to secure.https.html.
     17      // They're not in the /cookies/attributes folder because they shouldn't
     18      // be run by themselves. Instead, /cookies/attributes/secure.https.html
     19      // opens this in a non-secure window.
     20      const secureNonSecureTests = [
     21      {
     22        cookie: "test=1; Secure",
     23        expected: "",
     24        name: "(non-secure) Ignore cookie for Secure attribute",
     25      },
     26      {
     27        cookie: "test=2; seCURe",
     28        expected: "",
     29        name: "(non-secure) Ignore cookie for seCURe attribute",
     30      },
     31      {
     32        cookie: "test=3; Secure=",
     33        expected: "",
     34        name: "(non-secure) Ignore cookie for for Secure= attribute",
     35      },
     36      {
     37        cookie: "test=4; Secure=aaaa",
     38        expected: "",
     39        name: "(non-secure) Ignore cookie for Secure=aaaa",
     40      },
     41      {
     42        cookie: "test=5; Secure =aaaaa",
     43        expected: "",
     44        name: "(non-secure) Ignore cookie for Secure space equals",
     45      },
     46      {
     47        cookie: "test=6; Secure= aaaaa",
     48        expected: "",
     49        name: "(non-secure) Ignore cookie for Secure equals space",
     50      },
     51      {
     52        cookie: "test=7;                Secure",
     53        expected: "",
     54        name: "(non-secure) Ignore cookie for spaced Secure",
     55      },
     56      {
     57        cookie: "test=8;       Secure     ;",
     58        expected: "",
     59        name: "(non-secure) Ignore cookie for space Secure with ;",
     60      },
     61      {
     62        cookie: "__Secure-test=9; Secure",
     63        expected: "",
     64        name: "(non-secure) Ignore cookie with __Secure- prefix and Secure",
     65      },
     66      {
     67        cookie: "__Secure-test=10",
     68        expected: "",
     69        name: "(non-secure) Ignore cookie with __Secure- prefix and without Secure",
     70      },
     71      // This is really a test that the cookie name isn't URL-decoded, but this
     72      // is here to be next to the other __Secure- prefix tests.
     73      {
     74        cookie: "__%53ecure-test=11",
     75        expected: "__%53ecure-test=11",
     76        name: "(non-secure) Cookie returned with __%53ecure- prefix and without Secure",
     77      },
     78    ];
     79 
     80    for (const test of secureNonSecureTests) {
     81      httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
     82    }
     83    </script>
     84  </body>
     85 </html>