Bug 1964767 - Don't allow = in nameless cookie values a=pascalc

Differential Revision: https://phabricator.services.mozilla.com/D256404

modules/libpref/init/StaticPrefList.yaml

@@ -13141,6 +13141,12 @@
   value: true
   mirror: always
 
+# When true, Firefox will reject nameless cookies that contain `=` in value.
+- name: network.cookie.block_nameless_with_equal_char
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
 # If we should attempt to race the cache and network.
 - name: network.http.rcwn.enabled
   type: bool

netwerk/cookie/CookieCommons.cpp

@@ -250,10 +250,19 @@ bool CookieCommons::CheckValue(const CookieStruct& aCookieData) {
   const auto* start = aCookieData.value().BeginReading();
   const auto* end = aCookieData.value().EndReading();
 
+  bool shouldBlockEqualInNamelessCookie =
+      aCookieData.name().IsEmpty() &&
+      StaticPrefs::network_cookie_block_nameless_with_equal_char();
+
   auto charFilter = [&](unsigned char c) {
     if (StaticPrefs::network_cookie_blockUnicode() && c >= 0x80) {
       return true;
     }
+
+    if (c == '=' && shouldBlockEqualInNamelessCookie) {
+      return true;
+    }
+
     return std::find(std::begin(illegalCharacters), std::end(illegalCharacters),
                      c) != std::end(illegalCharacters);
   };

testing/web-platform/meta/cookies/name/name.html.ini

@@ -3,3 +3,7 @@
     expected:
       if (os == "mac") and not debug: FAIL
       [FAIL, PASS]
+  [Set a nameless cookie (that has an = in its value)]
+    expected: FAIL
+  [Set a nameless cookie (that has multiple ='s in its value)]
+    expected: FAIL