Cookie Store: disallow '=' in cookies with empty names

Per the explainer[1] and tests: "Cookies with an empty name cannot be set using values containing = as this would result in ambiguous serializations in the majority of current browsers." Also, fix a test glitch now that this restriction is implemented. [1] https://github.com/WICG/cookie-store/blob/gh-pages/explainer.md Bug: 729800 Change-Id: I9ed02885c217cbdb4c86d8fd236d49c6c56b6e96 Reviewed-on: https://chromium-review.googlesource.com/994145 Commit-Queue: Joshua Bell <jsbell@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#548563}

Cookie Store: disallow '=' in cookies with empty names
Per the explainer[1] and tests: "Cookies with an empty name cannot be set using values containing = as this would result in ambiguous serializations in the majority of current browsers." Also, fix a test glitch now that this restriction is implemented. [1] https://github.com/WICG/cookie-store/blob/gh-pages/explainer.md Bug: 729800 Change-Id: I9ed02885c217cbdb4c86d8fd236d49c6c56b6e96 Reviewed-on: https://chromium-review.googlesource.com/994145 Commit-Queue: Joshua Bell <jsbell@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#548563}
898306df · Joshua Bell · Commit Bot · f60afee8 · f60afee8 · f60afee8
Commit 898306df authored Apr 05, 2018 by Joshua Bell Committed by Commit Bot Apr 05, 2018
4 changed files
--- a/third_party/WebKit/LayoutTests/external/wpt/cookie-store/no_name_equals_in_value.tentative-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/cookie-store/no_name_equals_in_value.tentative-expected.txt
-This is a testharness.js-based test.
-FAIL Verify that attempting to set a cookie with no name and with '=' in the value does not work. assert_unreached: Should have rejected: Expected promise rejection when setting a cookie with no name and "=" in value Reached unreachable code
-Harness: the test ran to completion.
-
--- a/third_party/WebKit/LayoutTests/external/wpt/cookie-store/no_name_equals_in_value.tentative.https-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/cookie-store/no_name_equals_in_value.tentative.https-expected.txt
-This is a testharness.js-based test.
-FAIL Verify that attempting to set a cookie with no name and with '=' in the value does not work. assert_unreached: Should have rejected: Expected promise rejection when setting a cookie with no name and "=" in value Reached unreachable code
-Harness: the test ran to completion.
-
--- a/third_party/WebKit/LayoutTests/external/wpt/cookie-store/resources/no_name_equals_in_value.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/cookie-store/resources/no_name_equals_in_value.js
@@ -3,10 +3,10 @@
 cookie_test(async t => {
  let eventPromise = observeNextCookieChangeEvent();
  await cookieStore.set('', 'first-value');
-  const actual1 =
-      (await cookieStore.getAll('')).map(({ value }) => value).join(';');
-  const expected1 = 'first-value';
-  assert_equals(actual1, expected1);
+  assert_equals(
+    (await cookieStore.getAll('')).map(({ value }) => value).join(';'),
+    'first-value',
+    'Cookie with no name and normal value should have been set');
  await verifyCookieChangeEvent(
    eventPromise, {changed: [{name: '', value: 'first-value'}]},
    'Observed no-name change');
@@ -16,31 +16,26 @@ cookie_test(async t => {
    new TypeError(),
    cookieStore.set('', 'suspicious-value=resembles-name-and-value'),
    'Expected promise rejection when setting a cookie with' +
-      ' no name and "=" in value');
+      ' no name and "=" in value (via arguments)');
+
+  await promise_rejects(
+    t,
+    new TypeError(),
+    cookieStore.set(
+      {name: '', value: 'suspicious-value=resembles-name-and-value'}),
+    'Expected promise rejection when setting a cookie with' +
+      ' no name and "=" in value (via options)');

-  const actual2 =
-        (await cookieStore.getAll('')).map(({ value }) => value).join(';');
-  const expected2 = 'first-value';
-  assert_equals(actual2, expected2);
  assert_equals(
-    await getCookieString(),
+    (await cookieStore.getAll('')).map(({ value }) => value).join(';'),
    'first-value',
-    'Earlier cookie jar after rejected');
+    'Cookie with no name should still have previous value');

  eventPromise = observeNextCookieChangeEvent();
  await cookieStore.delete('');
  await verifyCookieChangeEvent(
-    eventPromise, {deleted: [{name: '', value: ''}]},
+    eventPromise, {deleted: [{name: ''}]},
    'Observed no-name deletion');

-  assert_equals(
-    await getCookieString(),
-    undefined,
-    'Empty cookie jar after cleanup');
-  assert_equals(
-    await getCookieStringHttp(),
-    undefined,
-    'Empty HTTP cookie jar after cleanup');
-
 }, "Verify that attempting to set a cookie with no name and with '=' in" +
             " the value does not work.");
--- a/third_party/WebKit/Source/modules/cookie_store/CookieStore.cpp
+++ b/third_party/WebKit/Source/modules/cookie_store/CookieStore.cpp
@@ -127,6 +127,13 @@ network::mojom::blink::CanonicalCookiePtr ToCanonicalCookie(
      canonical_cookie->value = value;
    }

+    if (canonical_cookie->name.IsEmpty() &&
+        canonical_cookie->value.Contains('=')) {
+      exception_state.ThrowTypeError(
+          "Cookie value cannot contain '=' if the name is empty.");
+      return nullptr;
+    }
+
    if (options.hasExpires())
      canonical_cookie->expiry = WTF::Time::FromJavaTime(options.expires());
    // The expires option is not set in CookieStoreSetOptions for session