[issue991266] Cookie.py does not correctly quote Morsels
Mark Williams
report at bugs.python.org
Thu Apr 19 22:04:19 EDT 2018
Mark Williams <mrw at enotuniq.org> added the comment:
This patch only quotes the Comment attribute, and the rest of the code only quotes attributes if they're of the expected type. Consider Expires:
>>> from http.cookies import SimpleCookie
>>> c = SimpleCookie()
>>> c['name'] = 'value'
>>> c['name']['comment'] = '\n'
>>> c['name']['expires'] = 123
>>> c.output()
'Set-Cookie: name=value; Comment="\\012"; expires=Fri, 20 Apr 2018 02:03:13 GMT'
>>> c['name']['expires'] = '123; path=.example.invalid'
'Set-Cookie: name=value; Comment="\\012"; expires=123; path=.example.invalid'
Here's the offending line:
https://github.com/python/cpython/blob/b87c1c92fc93c5733cd3d8606ab2301ca6ba208f/Lib/http/cookies.py#L415
Why not quote all attribute values?
----------
nosy: +Mark.Williams
versions: +Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue991266>
_______________________________________
More information about the Python-bugs-list
mailing list