Message 261388 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	collinanderson
Recipients	Pathangi Jatinshravan, Tim.Graham, collinanderson, harris, martin.panter, pitrou, r.david.murray
Date	2016年03月08日.22:41:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>

Content
It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values. From https://tools.ietf.org/html/rfc6265: {{{ cookie-value = cookie-octet / ( DQUOTE cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; US-ASCII characters excluding CTLs, ; whitespace DQUOTE, comma, semicolon, ; and backslash }}}

Content

It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values.
From https://tools.ietf.org/html/rfc6265:
{{{
 cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
 ; US-ASCII characters excluding CTLs,
 ; whitespace DQUOTE, comma, semicolon,
 ; and backslash
}}}

History
Date	User	Action	Args
2016年03月08日 22:41:20	collinanderson	set	recipients: + collinanderson, pitrou, r.david.murray, martin.panter, Tim.Graham, Pathangi Jatinshravan, harris
2016年03月08日 22:41:20	collinanderson	set	messageid: <1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>
2016年03月08日 22:41:20	collinanderson	link	issue25228 messages
2016年03月08日 22:41:19	collinanderson	create

homepage