traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merged revisions 87550 via svnmerge from 

svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines

  #9824: encode , and ; in cookie values so that browsers don't split on them

  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........
This commit is contained in:
R. David Murray 2010-12-28 18:56:33 +00:00
parent 6c85838489
commit daa7ba038b
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Lib/http/cookies.py
View File

@ -178,6 +178,11 @@ _Translator = {
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
'\036' : '\\036', '\037' : '\\037', '\036' : '\\036', '\037' : '\\037',
# Because of the way browsers really handle cookies (as opposed
# to what the RFC says) we also encode , and ;
',' : '\\054', ';' : '\\073',
'"' : '\\"', '\\' : '\\\\', '"' : '\\"', '\\' : '\\\\',
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201',

8
Lib/test/test_http_cookies.py
View File

@ -65,6 +65,14 @@ class CookieTests(unittest.TestCase):
</script> </script>
""") """)
def test_extended_encode(self):
# Issue 9824: some browsers don't follow the standard; we now
# encode , and ; to keep them from tripping up.
C = cookies.SimpleCookie()
C['val'] = "some,funky;stuff"
self.assertEqual(C.output(['val']),
'Set-Cookie: val="some\\054funky\\073stuff"')
def test_special_attrs(self): def test_special_attrs(self):
# 'expires' # 'expires'
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"') C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')

3
Misc/NEWS
View File

@ -24,6 +24,9 @@ Core and Builtins
Library Library
------- -------
- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
browsers actually parse cookies.
- Issue #5258/#10642: if site.py encounters a .pth file that generates an error, - Issue #5258/#10642: if site.py encounters a .pth file that generates an error,
it now prints the filename, line number, and traceback to stderr and skips it now prints the filename, line number, and traceback to stderr and skips
the rest of that individual file, instead of stopping processing entirely. the rest of that individual file, instead of stopping processing entirely.