[Python-checkins] r87551 - in python/branches/release31-maint: Lib/http/cookies.py Lib/test/test_http_cookies.py Misc/NEWS

r.david.murray python-checkins at python.org
Tue Dec 28 19:56:33 CET 2010 

Author: r.david.murray
Date: Tue Dec 28 19:56:33 2010
New Revision: 87551

Log:
Merged revisions 87550 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
  
  #9824: encode , and ; in cookie values so that browsers don't split on them
  
  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........


Modified:
   python/branches/release31-maint/   (props changed)
   python/branches/release31-maint/Lib/http/cookies.py
   python/branches/release31-maint/Lib/test/test_http_cookies.py
   python/branches/release31-maint/Misc/NEWS

Modified: python/branches/release31-maint/Lib/http/cookies.py
==============================================================================
--- python/branches/release31-maint/Lib/http/cookies.py	(original)
+++ python/branches/release31-maint/Lib/http/cookies.py	Tue Dec 28 19:56:33 2010
@@ -178,6 +178,11 @@
     '\033' : '\\033',  '\034' : '\\034',  '\035' : '\\035',
     '\036' : '\\036',  '\037' : '\\037',
 
+    # Because of the way browsers really handle cookies (as opposed
+    # to what the RFC says) we also encode , and ;
+
+    ',' : '\\054', ';' : '\\073',
+
     '"' : '\\"',       '\\' : '\\\\',
 
     '\177' : '\\177',  '\200' : '\\200',  '\201' : '\\201',

Modified: python/branches/release31-maint/Lib/test/test_http_cookies.py
==============================================================================
--- python/branches/release31-maint/Lib/test/test_http_cookies.py	(original)
+++ python/branches/release31-maint/Lib/test/test_http_cookies.py	Tue Dec 28 19:56:33 2010
@@ -65,6 +65,14 @@
         </script>
         """)
 
+    def test_extended_encode(self):
+        # Issue 9824: some browsers don't follow the standard; we now
+        # encode , and ; to keep them from tripping up.
+        C = cookies.SimpleCookie()
+        C['val'] = "some,funky;stuff"
+        self.assertEqual(C.output(['val']),
+            'Set-Cookie: val="some\\054funky\\073stuff"')
+
     def test_special_attrs(self):
         # 'expires'
         C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')

Modified: python/branches/release31-maint/Misc/NEWS
==============================================================================
--- python/branches/release31-maint/Misc/NEWS	(original)
+++ python/branches/release31-maint/Misc/NEWS	Tue Dec 28 19:56:33 2010
@@ -24,6 +24,9 @@
 Library
 -------
 
+- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
+  browsers actually parse cookies.
+
 - Issue #5258/#10642: if site.py encounters a .pth file that generates an error,
   it now prints the filename, line number, and traceback to stderr and skips
   the rest of that individual file, instead of stopping processing entirely.

More information about the Python-checkins mailing list