This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author collinanderson
Recipients Pathangi Jatinshravan, Tim.Graham, collinanderson, harris, martin.panter, pitrou, r.david.murray
Date 2016-02-10.18:12:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The issue I'm currently running into, is that although browsers correctly ignore invalid Set-Cookie values, they allow 'any CHAR except CTLs or ";"' in cookie values set via document.cookie.

So, if you say document.cookie = 'key=va"lue; path=/', the browser will happily pass 'key=va"lue;' to the server on future requests.

So, I like the behavior of this patch, which skips over these invalid cookies and continues parsing. I've cleaned the patch up a little, but it should be the same logically.
Date User Action Args
2016-02-10 18:12:52collinandersonsetrecipients: + collinanderson, pitrou, r.david.murray, martin.panter, Tim.Graham, Pathangi Jatinshravan, harris
2016-02-10 18:12:52collinandersonsetmessageid: <>
2016-02-10 18:12:51collinandersonlinkissue25228 messages
2016-02-10 18:12:51collinandersoncreate