diff options
| author | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 19:11:03 (GMT) |
|---|---|---|
| committer | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 19:11:03 (GMT) |
| commit | 08fc701714e294279bb313d2f13c7486d3ee8b7f (patch) | |
| tree | 1cdd70eafe8d2889cf0f6b921a9b351354979647 /Lib/Cookie.py | |
| parent | 3f60f09eb23be3289ac5cc019391711dcdf800b3 (diff) | |
| download | cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.zip cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.tar.gz cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.tar.bz2 | |
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
Diffstat (limited to 'Lib/Cookie.py')
| -rw-r--r-- | Lib/Cookie.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Lib/Cookie.py b/Lib/Cookie.py index b4f9db4..323450b 100644 --- a/Lib/Cookie.py +++ b/Lib/Cookie.py @@ -258,6 +258,11 @@ _Translator = { '\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\036' : '\\036', '\037' : '\\037', + # Because of the way browsers really handle cookies (as opposed + # to what the RFC says) we also encode , and ; + + ',' : '\\054', ';' : '\\073', + '"' : '\\"', '\\' : '\\\\', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201', |