diff options
author | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 19:11:03 (GMT) |
---|---|---|
committer | R. David Murray <rdmurray@bitdance.com> | 2010-12-28 19:11:03 (GMT) |
commit | 08fc701714e294279bb313d2f13c7486d3ee8b7f (patch) | |
tree | 1cdd70eafe8d2889cf0f6b921a9b351354979647 /Lib | |
parent | 3f60f09eb23be3289ac5cc019391711dcdf800b3 (diff) | |
download | cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.zip cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.tar.gz cpython-08fc701714e294279bb313d2f13c7486d3ee8b7f.tar.bz2 |
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/Cookie.py | 5 | ||||
-rw-r--r-- | Lib/test/test_cookie.py | 8 |
2 files changed, 13 insertions, 0 deletions
diff --git a/Lib/Cookie.py b/Lib/Cookie.py index b4f9db4..323450b 100644 --- a/Lib/Cookie.py +++ b/Lib/Cookie.py @@ -258,6 +258,11 @@ _Translator = { '\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\036' : '\\036', '\037' : '\\037', + # Because of the way browsers really handle cookies (as opposed + # to what the RFC says) we also encode , and ; + + ',' : '\\054', ';' : '\\073', + '"' : '\\"', '\\' : '\\\\', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201', diff --git a/Lib/test/test_cookie.py b/Lib/test/test_cookie.py index 0e74ccf..d09398d 100644 --- a/Lib/test/test_cookie.py +++ b/Lib/test/test_cookie.py @@ -72,6 +72,14 @@ class CookieTests(unittest.TestCase): self.assertEqual(C['Customer']['expires'], 'Wed, 01-Jan-98 00:00:00 GMT') + def test_extended_encode(self): + # Issue 9824: some browsers don't follow the standard; we now + # encode , and ; to keep them from tripping up. + C = Cookie.SimpleCookie() + C['val'] = "some,funky;stuff" + self.assertEqual(C.output(['val']), + 'Set-Cookie: val="some\\054funky\\073stuff"') + def test_quoted_meta(self): # Try cookie with quoted meta-data C = Cookie.SimpleCookie() |