https://issues.apache.org/bugzilla/show_bug.cgi?id=55975
Bug ID: 55975
Summary: Inconsistent escaping applied to V0 cookie values
Product: Tomcat 8
Version: trunk
Hardware: PC
OS: Mac OS X 10.4
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
If a V0 value contains a backslash or a dquote then it will be converted to a
V1 cookie and transformed into a quoted-string. During that transformation
checks are made for backslash and dquote characters but they are not escaped
consistently.
If the value contains a dquote, then it will be escaped. For example, the value
«a"b» results in
Set-Cookie: foo="a\"b"; Version=1
If the value contains a backslash then it will not be escaped. For example, the
value «a\b» results in
Set-Cookie: foo="a\b"; Version=1
which means the backslash is then incorrectly escaping the "b" character.
If the value contains a dquote and a backslash, then the dquote will be escaped
and the backslash will not so «a"b\c» results in
Set-Cookie: foo="a\"b\c"; Version=1
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
