Author demian.brecht
Recipients Waldemar.Parzonka, demian.brecht, r.david.murray
Date 2014-11-29.01:32:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1417224740.6.0.47518286045.issue22931@psf.upfronthosting.co.za>
In-reply-to
Content
There could be some history behind this that I'm unaware of that I'm not familiar with.

From what I can tell, this issue is simply due to the "[" character not being in _LegalCharsPatt (http/cookies.py). _LegalCharsPatt actually seems quite a bit more restrictive than it really should be. It's set to r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]", where RFC 6265 specifies:

cookie-pair       = cookie-name "=" cookie-value
cookie-name       = token
cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash
token             = <token, defined in [RFC2616], Section 2.2>

_LegalCharsPatt is used for regex matching on the cookie value, not the key (there is a distinction made between the two).

The omission of those characters is correct for the cookie keys, but not the values (RFC 2965 is a little less verbose, but nothing ruling out those characters for values).
History
Date User Action Args
2014-11-29 01:32:20demian.brechtsetrecipients: + demian.brecht, r.david.murray, Waldemar.Parzonka
2014-11-29 01:32:20demian.brechtsetmessageid: <1417224740.6.0.47518286045.issue22931@psf.upfronthosting.co.za>
2014-11-29 01:32:20demian.brechtlinkissue22931 messages
2014-11-29 01:32:19demian.brechtcreate