-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing a parsing problem for cookie data. #104
Conversation
Quotes are valid to appear surrounding cookie data, and thus should not be removed.
I have to plead ignorance on this. Do you have any citation for your assertion that the current behavior is incorrect? |
mcdonc, I think all ASCII characters are valid to be part of cookie-data, including the quotation mark character. I searched a little bit and found nothing related to invalid formats of cookies, or forbidden cookie characters. |
I'll probably need to see some positive evidence before changing things. |
The thing is, changing the informed cookie data just seems plain wrong to me. Check the unit test at issue #103, if you think that test should really fail, then you can discard this pull request. |
Since I was bored ... Read a bunch of RFC's and all that fun stuff, and here is the relevant one: http://tools.ietf.org/html/rfc6265#section-4.1.1 More specifically it states that characters in the following ranges are valid:
Which equals this:
Specifically it states this:
The only time the DQUOTE (double quote) is allowed to appear is around the cookie-octet:
Basically cookie-octet with quotes surrounding it is the same as cookie-octet without the surrounding double quotes. Thus @wladston: If you want to store data that is outside of the characters listed above, may I suggest base64 encoding the data. @mcdonc: The current way WebOb handles this is valid. |
@bertjwregeer, impressive, you are correct. Thanks for the research! |
We had to remove the white space character from the cookie as is not allowed, see: Pylons/webob#104 (comment)
We had to remove the white space character from the cookie as is not allowed, see: Pylons/webob#104 (comment)
We had to remove the white space character from the cookie as is not allowed, see: Pylons/webob#104 (comment)
We had to remove the white space character from the cookie as is not allowed, see: Pylons/webob#104 (comment)
We had to remove the white space character from the cookie as is not allowed, see: Pylons/webob#104 (comment)
Quotes are valid to appear surrounding cookie data, and thus should not
be removed.