[Python-checkins] r87551 - in python/branches/release31-maint: Lib/http/cookies.py Lib/test/test_http_cookies.py Misc/NEWS
r.david.murray
python-checkins at python.org
Tue Dec 28 19:56:33 CET 2010
Author: r.david.murray
Date: Tue Dec 28 19:56:33 2010
New Revision: 87551
Log:
Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
Modified:
python/branches/release31-maint/ (props changed)
python/branches/release31-maint/Lib/http/cookies.py
python/branches/release31-maint/Lib/test/test_http_cookies.py
python/branches/release31-maint/Misc/NEWS
Modified: python/branches/release31-maint/Lib/http/cookies.py
==============================================================================
--- python/branches/release31-maint/Lib/http/cookies.py (original)
+++ python/branches/release31-maint/Lib/http/cookies.py Tue Dec 28 19:56:33 2010
@@ -178,6 +178,11 @@
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
'\036' : '\\036', '\037' : '\\037',
+ # Because of the way browsers really handle cookies (as opposed
+ # to what the RFC says) we also encode , and ;
+
+ ',' : '\\054', ';' : '\\073',
+
'"' : '\\"', '\\' : '\\\\',
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
Modified: python/branches/release31-maint/Lib/test/test_http_cookies.py
==============================================================================
--- python/branches/release31-maint/Lib/test/test_http_cookies.py (original)
+++ python/branches/release31-maint/Lib/test/test_http_cookies.py Tue Dec 28 19:56:33 2010
@@ -65,6 +65,14 @@
</script>
""")
+ def test_extended_encode(self):
+ # Issue 9824: some browsers don't follow the standard; we now
+ # encode , and ; to keep them from tripping up.
+ C = cookies.SimpleCookie()
+ C['val'] = "some,funky;stuff"
+ self.assertEqual(C.output(['val']),
+ 'Set-Cookie: val="some\\054funky\\073stuff"')
+
def test_special_attrs(self):
# 'expires'
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
Modified: python/branches/release31-maint/Misc/NEWS
==============================================================================
--- python/branches/release31-maint/Misc/NEWS (original)
+++ python/branches/release31-maint/Misc/NEWS Tue Dec 28 19:56:33 2010
@@ -24,6 +24,9 @@
Library
-------
+- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
+ browsers actually parse cookies.
+
- Issue #5258/#10642: if site.py encounters a .pth file that generates an error,
it now prints the filename, line number, and traceback to stderr and skips
the rest of that individual file, instead of stopping processing entirely.
More information about the Python-checkins
mailing list