Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines #9824: encode , and ; in cookie values so that browsers don't split on them There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal. ........
This commit is contained in:
parent
3f60f09eb2
commit
08fc701714
|
@ -258,6 +258,11 @@ _Translator = {
|
||||||
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
|
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
|
||||||
'\036' : '\\036', '\037' : '\\037',
|
'\036' : '\\036', '\037' : '\\037',
|
||||||
|
|
||||||
|
# Because of the way browsers really handle cookies (as opposed
|
||||||
|
# to what the RFC says) we also encode , and ;
|
||||||
|
|
||||||
|
',' : '\\054', ';' : '\\073',
|
||||||
|
|
||||||
'"' : '\\"', '\\' : '\\\\',
|
'"' : '\\"', '\\' : '\\\\',
|
||||||
|
|
||||||
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
|
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
|
||||||
|
|
|
@ -72,6 +72,14 @@ class CookieTests(unittest.TestCase):
|
||||||
self.assertEqual(C['Customer']['expires'],
|
self.assertEqual(C['Customer']['expires'],
|
||||||
'Wed, 01-Jan-98 00:00:00 GMT')
|
'Wed, 01-Jan-98 00:00:00 GMT')
|
||||||
|
|
||||||
|
def test_extended_encode(self):
|
||||||
|
# Issue 9824: some browsers don't follow the standard; we now
|
||||||
|
# encode , and ; to keep them from tripping up.
|
||||||
|
C = Cookie.SimpleCookie()
|
||||||
|
C['val'] = "some,funky;stuff"
|
||||||
|
self.assertEqual(C.output(['val']),
|
||||||
|
'Set-Cookie: val="some\\054funky\\073stuff"')
|
||||||
|
|
||||||
def test_quoted_meta(self):
|
def test_quoted_meta(self):
|
||||||
# Try cookie with quoted meta-data
|
# Try cookie with quoted meta-data
|
||||||
C = Cookie.SimpleCookie()
|
C = Cookie.SimpleCookie()
|
||||||
|
|
|
@ -22,6 +22,9 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
|
||||||
|
browsers actually parse cookies.
|
||||||
|
|
||||||
- Issue #1379416: eliminated a source of accidental unicode promotion in
|
- Issue #1379416: eliminated a source of accidental unicode promotion in
|
||||||
email.header.Header.encode.
|
email.header.Header.encode.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue