[issue25228] Regression in cookie parsing with brackets and quotes
Collin Anderson
report at bugs.python.org
Tue Mar 8 17:41:20 EST 2016
Collin Anderson added the comment:
It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values.
>From https://tools.ietf.org/html/rfc6265:
{{{
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
}}}
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25228>
_______________________________________
More information about the Python-bugs-list
mailing list