Index: Lib/http/cookies.py =================================================================== --- Lib/http/cookies.py (revision 87316) +++ Lib/http/cookies.py (working copy) @@ -173,6 +173,11 @@ '\033' : '\\033', '\034' : '\\034', '\035' : '\\035', '\036' : '\\036', '\037' : '\\037', + # Because of the way browsers really handle cookies (as opposed + # to what the RFC says) we also encode , and ; + + ',' : '\\054', ';' : '\\073', + '"' : '\\"', '\\' : '\\\\', '\177' : '\\177', '\200' : '\\200', '\201' : '\\201', Index: Lib/test/test_http_cookies.py =================================================================== --- Lib/test/test_http_cookies.py (revision 87316) +++ Lib/test/test_http_cookies.py (working copy) @@ -69,6 +69,14 @@ """) + def test_extended_encode(self): + # Issue 9824: some browsers don't follow the standard; we now + # encode , and ; to keep them from tripping up. + C = cookies.SimpleCookie() + C['val'] = "some,funky;stuff" + self.assertEqual(C.output(['val']), + 'Set-Cookie: val="some\\054funky\\073stuff"') + def test_special_attrs(self): # 'expires' C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')