#9824: encode , and ; in cookie values so that browsers don't split on them

There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal.
author: R. David Murray <rdmurray@bitdance.com> 2010-12-28 18:54:13 (GMT)
committer: R. David Murray <rdmurray@bitdance.com> 2010-12-28 18:54:13 (GMT)
commit: e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12 (patch)
tree: 5acbe67bba3c5dd2f939c9a45179207f8e903ff2 /Misc
parent: 8aa7e999b5ab87cdbefe441649c223647875c110 (diff)
download: cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.zip
cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.tar.gz
cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index f69abcf..8eec18e 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -20,6 +20,9 @@ Core and Builtins
 Library
 -------
 
+- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
+  browsers actually parse cookies.
+
 - Issue 9333: os.symlink now available regardless of user privileges.
   The function now raises OSError on Windows >=6.0 when the user is unable
   to create symbolic links. XP and 2003 still raise NotImplementedError.
author	R. David Murray <rdmurray@bitdance.com>	2010-12-28 18:54:13 (GMT)
committer	R. David Murray <rdmurray@bitdance.com>	2010-12-28 18:54:13 (GMT)
commit	e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12 (patch)
tree	5acbe67bba3c5dd2f939c9a45179207f8e903ff2 /Misc
parent	8aa7e999b5ab87cdbefe441649c223647875c110 (diff)
download	cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.zip cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.tar.gz cpython-e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12.tar.bz2