diff options
| author | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 18:56:33 (GMT) |
|---|---|---|
| committer | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 18:56:33 (GMT) |
| commit | daa7ba038b9556ff0adabb2ab10c092c73b20243 (patch) | |
| tree | e8126330fd2af01df0d7b81aca41e9c41052429d | |
| parent | 6c85838489d4627d0f8292c3a3aead3519d4765c (diff) | |
| download | cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.zip cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.tar.gz cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.tar.bz2 | |
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
| -rw-r--r-- | Lib/http/cookies.py | 5 | ||||
| -rw-r--r-- | Lib/test/test_http_cookies.py | 8 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 16 insertions, 0 deletions
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py index e584396..0d9e6d0 100644 --- a/Lib/http/cookies.py +++ b/Lib/http/cookies.py @@ -178,6 +178,11 @@ _Translator = { '\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\036' : '\\036', '\037' : '\\037', + # Because of the way browsers really handle cookies (as opposed + # to what the RFC says) we also encode , and ; + + ',' : '\\054', ';' : '\\073', + '"' : '\\"', '\\' : '\\\\', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201', diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py index 99133f7..cc225cd 100644 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@ -65,6 +65,14 @@ class CookieTests(unittest.TestCase): </script> """) + def test_extended_encode(self): + # Issue 9824: some browsers don't follow the standard; we now + # encode , and ; to keep them from tripping up. + C = cookies.SimpleCookie() + C['val'] = "some,funky;stuff" + self.assertEqual(C.output(['val']), + 'Set-Cookie: val="some\\054funky\\073stuff"') + def test_special_attrs(self): # 'expires' C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"') @@ -24,6 +24,9 @@ Core and Builtins Library ------- +- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how + browsers actually parse cookies. + - Issue #5258/#10642: if site.py encounters a .pth file that generates an error, it now prints the filename, line number, and traceback to stderr and skips the rest of that individual file, instead of stopping processing entirely. |