Filip Hanik - Dev Lists wrote: > Mark Thomas wrote: >> jean-frederic clere wrote: >>> and we are re escaping already escaped strings. >>> >> The spec isn't 100% clear on who is responsible for escaping the >> values if >> required. >> >> <spec-quote section=SRV.16.1.1.1> >> ... The value can be anything the server chooses to send. ... >> </spec-quote> >> <spec-quote section=SRV.16.1.1.2> >> ... >> setValue(String) >> > what j-f-c is saying here, is that if there is a value of > Cookie: $Version=1; C1=C1;$Path="\"/foo/bar\"";$Domain=d1; > > when it is being parsed, it double escapes it > Path="\\"/foo/bar\\""
I get that ;) What I was trying (not very well) to say was I don't think the spec is clear whether we should escape everything, regardless of if it looks like it is already escaped. I am in favour of the current behaviour because: a) the spec isn't clear but I think it is leaning in the escape everything direction b) I don't like the complexity of adding an "is this value already escaped" function. I think we would be setting ourselves up for another round of cookie handling bugs. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
