[Python-Dev] Re: Cookie.py and `:' in the key

[Timothy O'Malley]

hola.

On Tuesday, October 2, 2001, at 09:39 PM, Barry A. Warsaw wrote:
> In Mailman, I use a version of Cookie.py written by Timothy dated from
> 1998.  I'm now trying to see if I can get rid of my independent
> copy and just use Cookie.py in the Python 2.x standard library.

According to a very strict reading of the appropriate
specifications (RFC 2109 for cookies, which in turn
references terms defined in RFC 2068 for HTTP), a colon
is not legal in a value unless it is in a quoted value:

    Many HTTP/1.1 header field values consist of words separated by LWS
    or special characters. These special characters MUST be in a quoted
    string to be used within a parameter value.

           token          = 1*<any CHAR except CTLs or tspecials>

           tspecials      = "(" | ")" | "<" | ">" | "@"
                          | "," | ";" | ":" | "\" | <">
                          | "/" | "[" | "]" | "?" | "="
                          | "{" | "}" | SP | HT


Even so, I think I agree that a strict interpretation isn't very
useful in practice.  In this case, for instance, the intended
value is clear and obvious.

I've gone back and forth on this -- should the implementation
be true to the spec or should it follow its own rules for clear
and obvious?

Should people desire the "clear and obvious" over the "strict
interpretation", I think your fix is dead on.

TimO