From 0221332a2f80b967f2b4e801bec2254f06dc4db3 Mon Sep 17 00:00:00 2001
From: edgul <edgul@mozilla.com>
Date: Wed, 20 Sep 2023 17:50:23 +0000
Subject: [PATCH] Bug 1802057 - Block the following characters from use in the
 cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F
 (del) r=dveditz,cookie-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D182373
---
 netwerk/cookie/CookieCommons.cpp              |  6 ++--
 .../meta/cookies/name/name-ctl.html.ini       | 30 -------------------
 2 files changed, 3 insertions(+), 33 deletions(-)

diff --git a/netwerk/cookie/CookieCommons.cpp b/netwerk/cookie/CookieCommons.cpp
index 52b61c4e95d40..6eeacfe0beb08 100644
--- a/netwerk/cookie/CookieCommons.cpp
+++ b/netwerk/cookie/CookieCommons.cpp
@@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) {
 
 bool CookieCommons::CheckName(const CookieStruct& aCookieData) {
   const char illegalNameCharacters[] = {
-      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
-      0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
-      0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00};
+      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+      0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+      0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00};
 
   const auto* start = aCookieData.name().BeginReading();
   const auto* end = aCookieData.name().EndReading();
diff --git a/testing/web-platform/meta/cookies/name/name-ctl.html.ini b/testing/web-platform/meta/cookies/name/name-ctl.html.ini
index 20e22b051aea6..a4a6c8eebf21d 100644
--- a/testing/web-platform/meta/cookies/name/name-ctl.html.ini
+++ b/testing/web-platform/meta/cookies/name/name-ctl.html.ini
@@ -11,36 +11,6 @@
   [Cookie with %xd in name is rejected (DOM).]
     expected: FAIL
 
-  [Cookie with %x7f in name is rejected (DOM).]
-    expected: FAIL
-
-  [Cookie with %x0 in name is rejected or modified (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x1 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x2 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x3 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x4 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x5 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x6 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x7 in name is rejected (HTTP).]
-    expected: FAIL
-
-  [Cookie with %x8 in name is rejected (HTTP).]
-    expected: FAIL
-
   [Cookie with %x9 in name is accepted (HTTP).]
     expected: FAIL
 
-- 
GitLab