add unit tests for previous checkin.
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -676,18 +676,23 @@ main(PRInt32 argc, char *argv[])
SetACookie(cookieService, "http://httponly.test/", nsnull, "test=httponly; httponly; max-age=-1", nsnull);
GetACookie(cookieService, "http://httponly.test/", nsnull, getter_Copies(cookie));
rv[6] = CheckResult(cookie.get(), MUST_BE_NULL);
// Non-Httponly cookies can replace HttpOnly cookies when set over http
SetACookie(cookieService, "http://httponly.test/", nsnull, "test=httponly; httponly", nsnull);
SetACookie(cookieService, "http://httponly.test/", nsnull, "test=not-httponly", nsnull);
GetACookieNoHttp(cookieService, "http://httponly.test/", getter_Copies(cookie));
rv[7] = CheckResult(cookie.get(), MUST_EQUAL, "test=not-httponly");
+ // scripts should not be able to set httponly cookies by replacing an existing non-httponly cookie
+ SetACookie(cookieService, "http://httponly.test/", nsnull, "test=not-httponly", nsnull);
+ SetACookieNoHttp(cookieService, "http://httponly.test/", "test=httponly; httponly");
+ GetACookieNoHttp(cookieService, "http://httponly.test/", getter_Copies(cookie));
+ rv[8] = CheckResult(cookie.get(), MUST_EQUAL, "test=not-httponly");
- allTestsPassed = PrintResult(rv, 8) && allTestsPassed;
+ allTestsPassed = PrintResult(rv, 9) && allTestsPassed;
// *** nsICookieManager{2} interface tests
printf("*** Beginning nsICookieManager{2} interface tests...\n");
nsCOMPtr<nsICookieManager> cookieMgr = do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv0);
if (NS_FAILED(rv0)) return -1;
nsCOMPtr<nsICookieManager2> cookieMgr2 = do_QueryInterface(cookieMgr);
if (!cookieMgr2) return -1;