This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author collinanderson
Recipients Pathangi Jatinshravan, Tim.Graham, collinanderson, harris, martin.panter, pitrou, r.david.murray
Date 2016-03-08.22:41:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>
In-reply-to
Content
It should be safe to hard split on semicolon. `name="some;value"` is not valid, even though it's quoted. I think raw double quotes, commas, semicolons and backslashes are _always_ invalid characters in cookie values.

From https://tools.ietf.org/html/rfc6265:

{{{
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash
}}}
History
Date User Action Args
2016-03-08 22:41:20collinandersonsetrecipients: + collinanderson, pitrou, r.david.murray, martin.panter, Tim.Graham, Pathangi Jatinshravan, harris
2016-03-08 22:41:20collinandersonsetmessageid: <1457476880.73.0.479508139261.issue25228@psf.upfronthosting.co.za>
2016-03-08 22:41:20collinandersonlinkissue25228 messages
2016-03-08 22:41:19collinandersoncreate