commit | e05ca2aff4e7e3da133c2a2410e7d2c9bb3c1d12 | [log] [tgz] |
---|---|---|
author | R. David Murray <rdmurray@bitdance.com> | Tue Dec 28 18:54:13 2010 +0000 |
committer | R. David Murray <rdmurray@bitdance.com> | Tue Dec 28 18:54:13 2010 +0000 |
tree | 5acbe67bba3c5dd2f939c9a45179207f8e903ff2 | |
parent | 8aa7e999b5ab87cdbefe441649c223647875c110 [diff] |
#9824: encode , and ; in cookie values so that browsers don't split on them There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal.