Test control characters in Set-Cookie values

For httpwg/http-extensions#1420
englehardt · Mar 29, 2021 · 15226db · 15226db
1 parent cdde8ac
commit 15226db
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/cookies/bytes.window.js b/cookies/bytes.window.js
@@ -7,3 +7,12 @@ promise_test(async t => {
   const expected = "cookiesarebananas%3D%FFtest%FF"
   assert_equals(get.search(expected), 0, `Needs to contain ${expected} but did not. Full value: ${get}`);
 }, "Cookie containing non-UTF-8 bytes");
+promise_test(async t => {
+  t.add_cleanup(async () => { await fetch("resources/bytes.py?delete") });
+  let response = await fetch("resources/bytes.py?set_ctl");
+  assert_equals(await response.text(), "set_ctl");
+  response = await fetch("resources/bytes.py?get_ctl");
+  const get = await response.text();
+  const expected = "cookiesarebananas%3D"
+  assert_equals(get.search(expected), 0, `Needs to contain ${expected} but did not. Full value: ${get}`);
+}, "Cookie containing control characters");
diff --git a/cookies/resources/bytes.py b/cookies/resources/bytes.py
@@ -6,6 +6,11 @@ def main(request, response):
         response.content = "set"
     elif b"get" in request.GET:
         response.content = quote(request.headers[b"Cookie"])
+    elif b"set_ctl" in request.GET:
+        response.headers.append(b"Set-Cookie", b"cookiesarebananas=\x0Dtest\x0C")
+        response.content = "set_ctl"
+    elif b"get_ctl" in request.GET:
+        response.content = quote(request.headers[b"Cookie"])
     elif b"delete" in request.GET:
         response.headers.append(b"Set-Cookie", b"cookiesarebananas=meh;Max-Age=0")
         response.content = "delete"