mirror of https://github.com/python/cpython
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines #9824: encode , and ; in cookie values so that browsers don't split on them There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal. ........
This commit is contained in:
R. David Murray
parent
3f60f09eb2
commit
08fc701714
|
|
@ -258,6 +258,11 @@ _Translator = {
|
|||
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
|
||||
'\036' : '\\036', '\037' : '\\037',
|
||||
|
||||
# Because of the way browsers really handle cookies (as opposed
|
||||
# to what the RFC says) we also encode , and ;
|
||||
|
||||
',' : '\\054', ';' : '\\073',
|
||||
|
||||
'"' : '\\"', '\\' : '\\\\',
|
||||
|
||||
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
|
||||
|
|
|
|||
|
|
@ -72,6 +72,14 @@ class CookieTests(unittest.TestCase):
|
|||
self.assertEqual(C['Customer']['expires'],
|
||||
'Wed, 01-Jan-98 00:00:00 GMT')
|
||||
|
||||
def test_extended_encode(self):
|
||||
# Issue 9824: some browsers don't follow the standard; we now
|
||||
# encode , and ; to keep them from tripping up.
|
||||
C = Cookie.SimpleCookie()
|
||||
C['val'] = "some,funky;stuff"
|
||||
self.assertEqual(C.output(['val']),
|
||||
'Set-Cookie: val="some\\054funky\\073stuff"')
|
||||
|
||||
def test_quoted_meta(self):
|
||||
# Try cookie with quoted meta-data
|
||||
C = Cookie.SimpleCookie()
|
||||
|
|
|
|||
Loading…
Reference in New Issue