Merged revisions 87550 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines #9824: encode , and ; in cookie values so that browsers don't split on them There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal. ........

commit: 08fc701714e294279bb313d2f13c7486d3ee8b7f [log] [tgz]
author: R. David Murray <rdmurray@bitdance.com> Tue Dec 28 19:11:03 2010 +0000
committer: R. David Murray <rdmurray@bitdance.com> Tue Dec 28 19:11:03 2010 +0000
tree: 1cdd70eafe8d2889cf0f6b921a9b351354979647
parent: 3f60f09eb23be3289ac5cc019391711dcdf800b3 [diff] [blame]
diff --git a/Lib/Cookie.py b/Lib/Cookie.py
index b4f9db4..323450b 100644
--- a/Lib/Cookie.py
+++ b/Lib/Cookie.py

@@ -258,6 +258,11 @@
     '\033' : '\\033',  '\034' : '\\034',  '\035' : '\\035',
     '\036' : '\\036',  '\037' : '\\037',
 
+    # Because of the way browsers really handle cookies (as opposed
+    # to what the RFC says) we also encode , and ;
+
+    ',' : '\\054', ';' : '\\073',
+
     '"' : '\\"',       '\\' : '\\\\',
 
     '\177' : '\\177',  '\200' : '\\200',  '\201' : '\\201',
commit	08fc701714e294279bb313d2f13c7486d3ee8b7f	[log] [tgz]
author	R. David Murray <rdmurray@bitdance.com>	Tue Dec 28 19:11:03 2010 +0000
committer	R. David Murray <rdmurray@bitdance.com>	Tue Dec 28 19:11:03 2010 +0000
tree	1cdd70eafe8d2889cf0f6b921a9b351354979647
parent	3f60f09eb23be3289ac5cc019391711dcdf800b3 [diff] [blame]