Message231847
| Author |
demian.brecht |
| Recipients |
Waldemar.Parzonka, demian.brecht, r.david.murray |
| Date |
2014年11月29日.01:32:19 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1417224740.6.0.47518286045.issue22931@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
There could be some history behind this that I'm unaware of that I'm not familiar with.
From what I can tell, this issue is simply due to the "[" character not being in _LegalCharsPatt (http/cookies.py). _LegalCharsPatt actually seems quite a bit more restrictive than it really should be. It's set to r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]", where RFC 6265 specifies:
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
token = <token, defined in [RFC2616], Section 2.2>
_LegalCharsPatt is used for regex matching on the cookie value, not the key (there is a distinction made between the two).
The omission of those characters is correct for the cookie keys, but not the values (RFC 2965 is a little less verbose, but nothing ruling out those characters for values). |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2014年11月29日 01:32:20 | demian.brecht | set | recipients:
+ demian.brecht, r.david.murray, Waldemar.Parzonka |
| 2014年11月29日 01:32:20 | demian.brecht | set | messageid: <1417224740.6.0.47518286045.issue22931@psf.upfronthosting.co.za> |
| 2014年11月29日 01:32:20 | demian.brecht | link | issue22931 messages |
| 2014年11月29日 01:32:19 | demian.brecht | create |
|