[Python-checkins] r87550 - in python/branches/py3k: Lib/http/cookies.py Lib/test/test_http_cookies.py Misc/NEWS
r.david.murray
python-checkins at python.org
Tue Dec 28 19:54:14 CET 2010
Author: r.david.murray
Date: Tue Dec 28 19:54:13 2010
New Revision: 87550
Log:
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
Modified:
python/branches/py3k/Lib/http/cookies.py
python/branches/py3k/Lib/test/test_http_cookies.py
python/branches/py3k/Misc/NEWS
Modified: python/branches/py3k/Lib/http/cookies.py
==============================================================================
--- python/branches/py3k/Lib/http/cookies.py (original)
+++ python/branches/py3k/Lib/http/cookies.py Tue Dec 28 19:54:13 2010
@@ -173,6 +173,11 @@
'\033' : '\\033', '\034' : '\\034', '\035' : '\\035',
'\036' : '\\036', '\037' : '\\037',
+ # Because of the way browsers really handle cookies (as opposed
+ # to what the RFC says) we also encode , and ;
+
+ ',' : '\\054', ';' : '\\073',
+
'"' : '\\"', '\\' : '\\\\',
'\177' : '\\177', '\200' : '\\200', '\201' : '\\201',
Modified: python/branches/py3k/Lib/test/test_http_cookies.py
==============================================================================
--- python/branches/py3k/Lib/test/test_http_cookies.py (original)
+++ python/branches/py3k/Lib/test/test_http_cookies.py Tue Dec 28 19:54:13 2010
@@ -69,6 +69,14 @@
</script>
""")
+ def test_extended_encode(self):
+ # Issue 9824: some browsers don't follow the standard; we now
+ # encode , and ; to keep them from tripping up.
+ C = cookies.SimpleCookie()
+ C['val'] = "some,funky;stuff"
+ self.assertEqual(C.output(['val']),
+ 'Set-Cookie: val="some\\054funky\\073stuff"')
+
def test_special_attrs(self):
# 'expires'
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
Modified: python/branches/py3k/Misc/NEWS
==============================================================================
--- python/branches/py3k/Misc/NEWS (original)
+++ python/branches/py3k/Misc/NEWS Tue Dec 28 19:54:13 2010
@@ -20,6 +20,9 @@
Library
-------
+- Issue 9824: SimpleCookie now encodes , and ; in values to cater to how
+ browsers actually parse cookies.
+
- Issue 9333: os.symlink now available regardless of user privileges.
The function now raises OSError on Windows >=6.0 when the user is unable
to create symbolic links. XP and 2003 still raise NotImplementedError.
More information about the Python-checkins
mailing list