168912 2017-02-27 07:12:13 -0800 [Soup] "Only from websites I visit" cookie policy is broken 2017-03-22 03:09:33 -0700 1 1 1 Unclassified WebKit WebKitGTK Other Unspecified Linux RESOLVED FIXED P2 Normal --- 1 ht990332 svillar achristensen berto bugs-noreply cdumez cgarcia commit-queue danw gustavo joepeck mcatanzaro mrobinson svillar zan oldest_to_newest 1281372 0 ht990332 2017-02-27 07:12:13 -0800 I noticed "Only from websites I visit" cookie policy is broken on WebKitGTK+ 2.15.90 and epiphany 2.23.90 (latest from git master branch). I don't have advertisements disabled and it is saving cookies from domains of hotlinked ads. 1281416 1 mcatanzaro 2017-02-27 10:34:20 -0800 Lots of changes to this code recently. Is it a regression? Did it work properly in 2.14? Or has it always been broken like this? 1282395 2 ht990332 2017-03-01 12:50:33 -0800 It looks like this was broken in 2.14.xx and epiphany 3.22.xx as well. 1289490 3 svillar 2017-03-20 10:21:49 -0700 After some quick research it looks like we are not properly setting the first party for cookies in some cases, that's why cookies are being stored anyway. For example if I visit http://www.bmw.es I can see how some cookies are set by youtube because the first party for the requests is youtube.com. 1289518 4 svillar 2017-03-20 11:46:00 -0700 OK so I finally found the culprit. It's in NetworkDataTaskSoup::continuteHTTPRedirection(). I am not sure what's the relationship with ResourceHandleSoup but they look pretty much the same. The problem is that we're setting the firstPartyForCookies to the URL of the redirected message meaning that any redirection will successfully bypass the "no third party cookies" policy. That call is already present in ResourceHandleSoup and has been there for ages. I am almost sure that we can safely remove that call (the cocoa code does not do that BTW) as it does not correct. Setting the first party for cookies is handled by the FrameLoader and we should not overwrite that. 1289620 5 mcatanzaro 2017-03-20 16:29:48 -0700 Sergio, are you planning to submit a patch? 1289730 6 cgarcia 2017-03-21 01:34:46 -0700 (In reply to comment #4) > OK so I finally found the culprit. \o/ Thanks for investigating this. > It's in > NetworkDataTaskSoup::continuteHTTPRedirection(). No recent regression then . . . > I am not sure what's the > relationship with ResourceHandleSoup but they look pretty much the same. NetworkDataTask is the new ResourceHandle. The latter is only used in the web process now for the few bits that hasn't been moved to the network process yet. > The > problem is that we're setting the firstPartyForCookies to the URL of the > redirected message meaning that any redirection will successfully bypass the > "no third party cookies" policy. Actually, I think the problem is that we are assuming that all redirections are main resource loads. It's amazing that this problem has always been there! > That call is already present in ResourceHandleSoup and has been there for > ages. Exactly, this is copied from ResourceHandle. > I am almost sure that we can safely remove that call (the cocoa code > does not do that BTW) as it does not correct. Setting the first party for > cookies is handled by the FrameLoader and we should not overwrite that. Right. In case of main resource, DocumentLoader::willSendRequest sets the first party for cookies after the redirection, and in case of subresources, the initial request first party for cookies is copied to the new one, so it's the right one too. 1289744 7 svillar 2017-03-21 03:32:16 -0700 Actually I added it https://bugs.webkit.org/show_bug.cgi?id=64575 :O 1289776 8 305004 svillar 2017-03-21 08:22:10 -0700 Created attachment 305004 Patch 1289919 9 305004 mcatanzaro 2017-03-21 18:03:54 -0700 Comment on attachment 305004 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=305004&action=review Looks excellent, thanks for the test. I'll let Carlos give final r+. > Source/WebCore/ChangeLog:12 > + The most notable effect was that subresources loaded via redirects where effectively were > LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-redirect-expected.txt:2 > +This test PASS if you can see the text "FAILED: Cookie not set". I'm not sure what you were thinking here, but this was a bad idea. :) Please change the text to "PASS: Cookie not set". 1290001 10 305004 cgarcia 2017-03-22 00:40:10 -0700 Comment on attachment 305004 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=305004&action=review >> LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-redirect-expected.txt:2 >> +This test PASS if you can see the text "FAILED: Cookie not set". > > I'm not sure what you were thinking here, but this was a bad idea. :) Please change the text to "PASS: Cookie not set". I think this is because it's reusing the cookies/resources/set-cookie-on-redirect.php that is used to test that cookies are indeed set on redirect, but here we want to test the opposite. 1290033 11 svillar 2017-03-22 03:05:19 -0700 (In reply to Carlos Garcia Campos from comment #10) > Comment on attachment 305004 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=305004&action=review > > >> LayoutTests/http/tests/security/cookies/third-party-cookie-blocking-redirect-expected.txt:2 > >> +This test PASS if you can see the text "FAILED: Cookie not set". > > > > I'm not sure what you were thinking here, but this was a bad idea. :) Please change the text to "PASS: Cookie not set". > > I think this is because it's reusing the > cookies/resources/set-cookie-on-redirect.php that is used to test that > cookies are indeed set on redirect, but here we want to test the opposite. Right. 1290035 12 svillar 2017-03-22 03:09:33 -0700 Committed r214246: <http://trac.webkit.org/changeset/214246> 305004 2017-03-21 08:22:10 -0700 2017-03-22 00:40:10 -0700 Patch bug-168912-20170321162208.patch text/plain 6576 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMjE0MTA2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNjM4NDAzNzliY2FjYzM3 ZjA3ODk2NTUxODIwZmE0NjI2MzI1ZDI4MC4uYTQ3YmVhOTljMzNmYzE5NTE4NjkwOTQ3YTc4ZjIz OGRhNDIzOTRjMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIyIEBACisyMDE3LTAzLTIxICBTZXJn aW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFtTb3VwXSAi T25seSBmcm9tIHdlYnNpdGVzIEkgdmlzaXQiIGNvb2tpZSBwb2xpY3kgaXMgYnJva2VuCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNjg5MTIKKworICAg ICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBEbyBub3QgcmVzZXQg dGhlIGZpcnN0IHBhcnR5IGZvciBjb29raWVzIG9uIHJlZGlyZWN0cy4gVGhhdCdzIHByb3Blcmx5 IGRvbmUgZm9yIHRoZSBtYWluCisgICAgICAgIHJlc291cmNlIGluIERvY3VtZW50TG9hZGVyOjp3 aWxsU2VuZFJlcXVlc3QgYW5kLCBpbiB0aGUgY2FzZSBvZiBzdWJyZXNvdXJjZXMsIGlzIGFic29s dXRlbHkKKyAgICAgICAgd3JvbmcgKHdoaWNoIGlzIHdoYXQgd2Ugd2VyZSBkb2luZyBzaW5jZSBy MTQzOTMxKS4KKworICAgICAgICBUaGUgbW9zdCBub3RhYmxlIGVmZmVjdCB3YXMgdGhhdCBzdWJy ZXNvdXJjZXMgbG9hZGVkIHZpYSByZWRpcmVjdHMgd2hlcmUgZWZmZWN0aXZlbHkKKyAgICAgICAg YnlwYXNzaW5nIHRoZSAibm8gdGhpcmQgcGFydHkiIHBvbGljeSBmb3IgY29va2llcy4KKworICAg ICAgICBUZXN0OiBodHRwL3Rlc3RzL3NlY3VyaXR5L2Nvb2tpZXMvdGhpcmQtcGFydHktY29va2ll LWJsb2NraW5nLXJlZGlyZWN0Lmh0bWwKKworICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvc291 cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwOgorICAgICAgICAoV2ViQ29yZTo6ZG9SZWRpcmVjdCk6 CisKIDIwMTctMDMtMTYgIEFsZXggQ2hyaXN0ZW5zZW4gIDxhY2hyaXN0ZW5zZW5Ad2Via2l0Lm9y Zz4KIAogICAgICAgICBVc2UgY29tcGxldGlvbiBoYW5kbGVycyBpbnN0ZWFkIG9mIHJldHVybiB2 YWx1ZXMgZm9yIHNlbmRpbmcgd2Vic29ja2V0IGRhdGEKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJL aXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCA5MWU2YTI2MmIx N2YxMjZhZTQ5ZjQxYmViZjZiMjM5NzIyMDAyZDQ5Li5jYTdjNDdlZTcyZWNjNTExNDhlYjMzYjRl NTM2NjhjMzY1MjhlZjZhIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysr IGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjAgQEAKKzIwMTctMDMtMjEg IFNlcmdpbyBWaWxsYXIgU2VuaW4gIDxzdmlsbGFyQGlnYWxpYS5jb20+CisKKyAgICAgICAgW1Nv dXBdICJPbmx5IGZyb20gd2Vic2l0ZXMgSSB2aXNpdCIgY29va2llIHBvbGljeSBpcyBicm9rZW4K KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE2ODkxMgor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIERvIG5vdCBy ZXNldCB0aGUgZmlyc3QgcGFydHkgZm9yIGNvb2tpZXMgb24gcmVkaXJlY3RzLiBUaGF0J3MgcHJv cGVybHkgZG9uZSBmb3IgdGhlIG1haW4KKyAgICAgICAgcmVzb3VyY2UgaW4gRG9jdW1lbnRMb2Fk ZXI6OndpbGxTZW5kUmVxdWVzdCBhbmQsIGluIHRoZSBjYXNlIG9mIHN1YnJlc291cmNlcywgaXMg YWJzb2x1dGVseQorICAgICAgICB3cm9uZyAod2hpY2ggaXMgd2hhdCB3ZSB3ZXJlIGRvaW5nIHNp bmNlIHIxNDM5MzEpLgorCisgICAgICAgIFRoZSBtb3N0IG5vdGFibGUgZWZmZWN0IHdhcyB0aGF0 IHN1YnJlc291cmNlcyBsb2FkZWQgdmlhIHJlZGlyZWN0cyB3aGVyZSBlZmZlY3RpdmVseQorICAg ICAgICBieXBhc3NpbmcgdGhlICJubyB0aGlyZCBwYXJ0eSIgcG9saWN5IGZvciBjb29raWVzLgor CisgICAgICAgICogTmV0d29ya1Byb2Nlc3Mvc291cC9OZXR3b3JrRGF0YVRhc2tTb3VwLmNwcDoK KyAgICAgICAgKFdlYktpdDo6TmV0d29ya0RhdGFUYXNrU291cDo6Y29udGludWVIVFRQUmVkaXJl Y3Rpb24pOgorCiAyMDE3LTAzLTE2ICBBbGV4IENocmlzdGVuc2VuICA8YWNocmlzdGVuc2VuQHdl YmtpdC5vcmc+CiAKICAgICAgICAgVXNlIGNvbXBsZXRpb24gaGFuZGxlcnMgaW5zdGVhZCBvZiBy ZXR1cm4gdmFsdWVzIGZvciBzZW5kaW5nIHdlYnNvY2tldCBkYXRhCmRpZmYgLS1naXQgYS9Tb3Vy Y2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcCBi L1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAu Y3BwCmluZGV4IGU2OGU1MWMxY2I1M2MzZjRkODVmNDEyODY5NDJlNjdkNGVjZjM5MWEuLjEzOWUw OWRiNzJlYWNiMjEzYmEzNjNjZGYzN2U4YmIyMjhkMmUzNDEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9X ZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwCisrKyBi L1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAu Y3BwCkBAIC0zMjIsNyArMzIyLDYgQEAgc3RhdGljIHZvaWQgZG9SZWRpcmVjdChSZXNvdXJjZUhh bmRsZSogaGFuZGxlKQogICAgIFVSTCBuZXdVUkwgPSBVUkwoVVJMKHNvdXBfbWVzc2FnZV9nZXRf dXJpKG1lc3NhZ2UpKSwgbG9jYXRpb24pOwogICAgIGJvb2wgY3Jvc3NPcmlnaW4gPSAhcHJvdG9j b2xIb3N0QW5kUG9ydEFyZUVxdWFsKGhhbmRsZS0+Zmlyc3RSZXF1ZXN0KCkudXJsKCksIG5ld1VS TCk7CiAgICAgbmV3UmVxdWVzdC5zZXRVUkwobmV3VVJMKTsKLSAgICBuZXdSZXF1ZXN0LnNldEZp cnN0UGFydHlGb3JDb29raWVzKG5ld1VSTCk7CiAKICAgICBpZiAobmV3UmVxdWVzdC5odHRwTWV0 aG9kKCkgIT0gIkdFVCIpIHsKICAgICAgICAgLy8gQ2hhbmdlIG5ld1JlcXVlc3QgbWV0aG9kIHRv IEdFVCBpZiBjaGFuZ2Ugd2FzIG1hZGUgZHVyaW5nIGEgcHJldmlvdXMgcmVkaXJlY3Rpb24KZGlm ZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL05ldHdvcmtQcm9jZXNzL3NvdXAvTmV0d29ya0RhdGFU YXNrU291cC5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9OZXR3b3JrUHJvY2Vzcy9zb3VwL05ldHdvcmtE YXRhVGFza1NvdXAuY3BwCmluZGV4IDQxZDkyNmVhOTdiZDA2YjcwMDkxNWQwNjIzMjIxMTg4Nzhl NDc0MDkuLmE4OGU5NGFlYWFkZTkzYjc0NGJkMjAwOWZjNjExMWZlMzc4MmM2YTcgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJLaXQyL05ldHdvcmtQcm9jZXNzL3NvdXAvTmV0d29ya0RhdGFUYXNrU291 cC5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvTmV0d29ya1Byb2Nlc3Mvc291cC9OZXR3b3JrRGF0 YVRhc2tTb3VwLmNwcApAQCAtNjM4LDcgKzYzOCw2IEBAIHZvaWQgTmV0d29ya0RhdGFUYXNrU291 cDo6Y29udGludWVIVFRQUmVkaXJlY3Rpb24oKQogCiAgICAgUmVzb3VyY2VSZXF1ZXN0IHJlcXVl c3QgPSBtX2ZpcnN0UmVxdWVzdDsKICAgICByZXF1ZXN0LnNldFVSTChVUkwobV9yZXNwb25zZS51 cmwoKSwgbV9yZXNwb25zZS5odHRwSGVhZGVyRmllbGQoSFRUUEhlYWRlck5hbWU6OkxvY2F0aW9u KSkpOwotICAgIHJlcXVlc3Quc2V0Rmlyc3RQYXJ0eUZvckNvb2tpZXMocmVxdWVzdC51cmwoKSk7 CiAKICAgICAvLyBTaG91bGQgbm90IHNldCBSZWZlcmVyIGFmdGVyIGEgcmVkaXJlY3QgZnJvbSBh IHNlY3VyZSByZXNvdXJjZSB0byBub24tc2VjdXJlIG9uZS4KICAgICBpZiAobV9zaG91bGRDbGVh clJlZmVycmVyT25IVFRQU1RvSFRUUFJlZGlyZWN0ICYmICFyZXF1ZXN0LnVybCgpLnByb3RvY29s SXMoImh0dHBzIikgJiYgcHJvdG9jb2xJcyhyZXF1ZXN0Lmh0dHBSZWZlcnJlcigpLCAiaHR0cHMi KSkKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5n ZUxvZwppbmRleCBiMjY0YTEyNmY0N2I0OTNiODM2M2VjMGJkMzVkZjFhMzUyMTEzY2NlLi4wOTc4 MGEyOTQyY2Q0YWIwOGJjNGM4NDExNWQ5MjFkZGZlZmFlYWJmIDEwMDY0NAotLS0gYS9MYXlvdXRU ZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMg QEAKKzIwMTctMDMtMjEgIFNlcmdpbyBWaWxsYXIgU2VuaW4gIDxzdmlsbGFyQGlnYWxpYS5jb20+ CisKKyAgICAgICAgW1NvdXBdICJPbmx5IGZyb20gd2Vic2l0ZXMgSSB2aXNpdCIgY29va2llIHBv bGljeSBpcyBicm9rZW4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTE2ODkxMgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9jb29raWVzL3RoaXJkLXBhcnR5LWNvb2tpZS1i bG9ja2luZy1yZWRpcmVjdC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGh0dHAvdGVz dHMvc2VjdXJpdHkvY29va2llcy90aGlyZC1wYXJ0eS1jb29raWUtYmxvY2tpbmctcmVkaXJlY3Qu aHRtbDogQWRkZWQuCisKIDIwMTctMDMtMTcgIE1pZ3VlbCBHb21leiAgPG1hZ29tZXpAaWdhbGlh LmNvbT4KIAogICAgICAgICBGb2xsb3ctdXAgKHIyMTM4MzMpOiB3cml0ZSBhIGxheW91dCB0ZXN0 IGZvciAxNjkxOTkKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkv Y29va2llcy90aGlyZC1wYXJ0eS1jb29raWUtYmxvY2tpbmctcmVkaXJlY3QtZXhwZWN0ZWQudHh0 IGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb29raWVzL3RoaXJkLXBhcnR5LWNv b2tpZS1ibG9ja2luZy1yZWRpcmVjdC1leHBlY3RlZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQK aW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uMzNlYWFhMDhm YmZjMTQzYzA1Y2JiZDY2OWQ2NjE5YzVlMWI4NTQ2MgotLS0gL2Rldi9udWxsCisrKyBiL0xheW91 dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29va2llcy90aGlyZC1wYXJ0eS1jb29raWUtYmxv Y2tpbmctcmVkaXJlY3QtZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsOSBAQAorQ2hlY2tzIHRoYXQg c3VicmVzb3VyY2VzIHRoYXQgZ290IHJlZGlyZWN0ZWQgZG8gbm90IGNpcmN1bXZlbnQgdGhpcmQt cGFydHkgY29va2llIHJ1bGVzLgorVGhpcyB0ZXN0IFBBU1MgaWYgeW91IGNhbiBzZWUgdGhlIHRl eHQgIkZBSUxFRDogQ29va2llIG5vdCBzZXQiLgorCisKKworLS0tLS0tLS0KK0ZyYW1lOiAnPCEt LWZyYW1lUGF0aCAvLzwhLS1mcmFtZTAtLT4tLT4nCistLS0tLS0tLQorRkFJTEVEOiBDb29raWUg bm90IHNldApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb29r aWVzL3RoaXJkLXBhcnR5LWNvb2tpZS1ibG9ja2luZy1yZWRpcmVjdC5odG1sIGIvTGF5b3V0VGVz dHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb29raWVzL3RoaXJkLXBhcnR5LWNvb2tpZS1ibG9ja2lu Zy1yZWRpcmVjdC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLjc5Mzk0MWI3NDNkMDQ2N2Y2YzE1MTFlOWMwMDJk ZmY0Y2MxNjhlOTAKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3Nl Y3VyaXR5L2Nvb2tpZXMvdGhpcmQtcGFydHktY29va2llLWJsb2NraW5nLXJlZGlyZWN0Lmh0bWwK QEAgLTAsMCArMSwyMSBAQAorPCFET0NUWVBFIGh0bWw+Cis8c2NyaXB0PgorZnVuY3Rpb24gdGVz dCgpIHsKKyAgICBpZiAod2luZG93LnRlc3RSdW5uZXIpCisgICAgICAgIHRlc3RSdW5uZXIubm90 aWZ5RG9uZSgpOworfQorCitpZiAod2luZG93LnRlc3RSdW5uZXIpIHsKKyAgICB0ZXN0UnVubmVy LndhaXRVbnRpbERvbmUoKTsKKyAgICB0ZXN0UnVubmVyLmR1bXBBc1RleHQoKTsKKyAgICB0ZXN0 UnVubmVyLmR1bXBDaGlsZEZyYW1lc0FzVGV4dCgpOworCisgICAgaWYgKHRlc3RSdW5uZXIuc2V0 UHJpdmF0ZUJyb3dzaW5nRW5hYmxlZCkKKyAgICAgICAgdGVzdFJ1bm5lci5zZXRQcml2YXRlQnJv d3NpbmdFbmFibGVkKHRydWUpOworCisgICAgdGVzdFJ1bm5lci5zZXRBbHdheXNBY2NlcHRDb29r aWVzKGZhbHNlKTsKK30KKzwvc2NyaXB0PgorCis8cD5DaGVja3MgdGhhdCBzdWJyZXNvdXJjZXMg dGhhdCBnb3QgcmVkaXJlY3RlZCBkbyBub3QgY2lyY3VtdmVudCB0aGlyZC1wYXJ0eSBjb29raWUg cnVsZXMuPGJyPlRoaXMgdGVzdCBQQVNTIGlmIHlvdSBjYW4gc2VlIHRoZSB0ZXh0ICJGQUlMRUQ6 IENvb2tpZSBub3Qgc2V0Ii48L3A+Cis8aWZyYW1lIG9ubG9hZD0idGVzdCIgc3JjPSJodHRwOi8v bG9jYWxob3N0OjgwMDAvY29va2llcy9yZXNvdXJjZXMvc2V0LWNvb2tpZS1vbi1yZWRpcmVjdC5w aHA/c3RlcD0xIj48L2lmcmFtZT4K