Message 261388 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	collinanderson
Recipients	Pathangi Jatinshravan, Tim.Graham, collinanderson, harris, martin.panter, pitrou, r.david.murray
Date	2016-03-08.22:41:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>
In-reply-to

Content
It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values. From https://tools.ietf.org/html/rfc6265: {{{ cookie-value = cookie-octet / ( DQUOTE cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; US-ASCII characters excluding CTLs, ; whitespace DQUOTE, comma, semicolon, ; and backslash }}}

It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values.

From https://tools.ietf.org/html/rfc6265:

{{{
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash
}}}

History
Date	User	Action	Args
2016-03-08 22:41:20	collinanderson	set	recipients: + collinanderson, pitrou, r.david.murray, martin.panter, Tim.Graham, Pathangi Jatinshravan, harris
2016-03-08 22:41:20	collinanderson	set	messageid: <1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>
2016-03-08 22:41:20	collinanderson	link	issue25228 messages
2016-03-08 22:41:19	collinanderson	create