Commit daa7ba03 authored by R. David Murray's avatar R. David Murray

Merged revisions 87550 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines

  #9824: encode , and ; in cookie values so that browsers don't split on them

  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........
parent 6c858384
......@@ -178,6 +178,11 @@ _Translator = {
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
'\036' : '\\036', '\037' : '\\037',
# Because of the way browsers really handle cookies (as opposed
# to what the RFC says) we also encode , and ;
',' : '\\054', ';' : '\\073',
'"' : '\\"', '\\' : '\\\\',
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
......
......@@ -65,6 +65,14 @@ class CookieTests(unittest.TestCase):
</script>
""")
def test_extended_encode(self):
# Issue 9824: some browsers don't follow the standard; we now
# encode , and ; to keep them from tripping up.
C = cookies.SimpleCookie()
C['val'] = "some,funky;stuff"
self.assertEqual(C.output(['val']),
'Set-Cookie: val="some\\054funky\\073stuff"')
def test_special_attrs(self):
# 'expires'
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
......
......@@ -24,6 +24,9 @@ Core and Builtins
Library
-------
- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
browsers actually parse cookies.
- Issue #5258/#10642: if site.py encounters a .pth file that generates an error,
it now prints the filename, line number, and traceback to stderr and skips
the rest of that individual file, instead of stopping processing entirely.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment