diff options
author | Peter Hartmann <peter.hartmann@trolltech.com> | 2009-04-30 14:59:37 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@trolltech.com> | 2009-05-04 14:26:09 (GMT) |
commit | a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466 (patch) | |
tree | 2f38ef2b85d0c4d2a4436e9f9660cb1c3731e3b8 /tests | |
parent | 0820be4a16f8213ba02e2a2f9fe5df4d1ec6a818 (diff) | |
download | Qt-a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466.zip Qt-a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466.tar.gz Qt-a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466.tar.bz2 |
QNetworkCookieJar: do not allow cookies for domains like ".com"
the domain attribute in cookies must always contain one embedded dot,
according to RFC 2109 section 4.3.2
Reviewed-by: Thiago
Task-number: 251467
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp index e87a3bf..7aa1d24 100644 --- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp +++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp @@ -171,6 +171,17 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data() result.clear(); result += finalCookie; QTest::newRow("defaults-2") << preset << cookie << "http://www.foo.tld" << result << true; + + // security test: do not accept cookie domains like ".com" nor ".com." (see RFC 2109 section 4.3.2) + result.clear(); + preset.clear(); + cookie.setDomain(".com"); + QTest::newRow("rfc2109-4.3.2-ex3") << preset << cookie << "http://x.foo.com" << result << false; + + result.clear(); + preset.clear(); + cookie.setDomain(".com."); + QTest::newRow("rfc2109-4.3.2-ex3-2") << preset << cookie << "http://x.foo.com" << result << false; } void tst_QNetworkCookieJar::setCookiesFromUrl() |