diff options
| author | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 18:56:33 (GMT) |
|---|---|---|
| committer | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 18:56:33 (GMT) |
| commit | daa7ba038b9556ff0adabb2ab10c092c73b20243 (patch) | |
| tree | e8126330fd2af01df0d7b81aca41e9c41052429d /Lib/http | |
| parent | 6c85838489d4627d0f8292c3a3aead3519d4765c (diff) | |
| download | cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.zip cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.tar.gz cpython-daa7ba038b9556ff0adabb2ab10c092c73b20243.tar.bz2 | |
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
Diffstat (limited to 'Lib/http')
| -rw-r--r-- | Lib/http/cookies.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py index e584396..0d9e6d0 100644 --- a/Lib/http/cookies.py +++ b/Lib/http/cookies.py @@ -178,6 +178,11 @@ _Translator = { '\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\036' : '\\036', '\037' : '\\037', + # Because of the way browsers really handle cookies (as opposed + # to what the RFC says) we also encode , and ; + + ',' : '\\054', ';' : '\\073', + '"' : '\\"', '\\' : '\\\\', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201', |