Merged revisions 87550 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines

  #9824: encode , and ; in cookie values so that browsers don't split on them

  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........
This commit is contained in:
R. David Murray 2010-12-28 19:11:03 +00:00
parent 3f60f09eb2
commit 08fc701714
3 changed files with 16 additions and 0 deletions

View File

@ -258,6 +258,11 @@ _Translator = {
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
'\036' : '\\036', '\037' : '\\037', '\036' : '\\036', '\037' : '\\037',
# Because of the way browsers really handle cookies (as opposed
# to what the RFC says) we also encode , and ;
',' : '\\054', ';' : '\\073',
'"' : '\\"', '\\' : '\\\\', '"' : '\\"', '\\' : '\\\\',
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201',

View File

@ -72,6 +72,14 @@ class CookieTests(unittest.TestCase):
self.assertEqual(C['Customer']['expires'], self.assertEqual(C['Customer']['expires'],
'Wed, 01-Jan-98 00:00:00 GMT') 'Wed, 01-Jan-98 00:00:00 GMT')
def test_extended_encode(self):
# Issue 9824: some browsers don't follow the standard; we now
# encode , and ; to keep them from tripping up.
C = Cookie.SimpleCookie()
C['val'] = "some,funky;stuff"
self.assertEqual(C.output(['val']),
'Set-Cookie: val="some\\054funky\\073stuff"')
def test_quoted_meta(self): def test_quoted_meta(self):
# Try cookie with quoted meta-data # Try cookie with quoted meta-data
C = Cookie.SimpleCookie() C = Cookie.SimpleCookie()

View File

@ -22,6 +22,9 @@ Core and Builtins
Library Library
------- -------
- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
browsers actually parse cookies.
- Issue #1379416: eliminated a source of accidental unicode promotion in - Issue #1379416: eliminated a source of accidental unicode promotion in
email.header.Header.encode. email.header.Header.encode.