[issue27674] Quote mark breaks cookie processing
New submission from Artur Smęt:
The problem is similar to https://bugs.python.org/issue22931 with square
brackets in cookie values.
Incorrect value is serialized JSON in this case, for example:
>>> from Cookie import SimpleCookie
>>> cookie = SimpleCookie()
>>> cookie.load('a=b; c={"somekey":"value"}; d=e, f=g, some=other')
>>> cookie.output()
'Set-Cookie: a=b'
>>>
>From my tests I figured out that quote mark (") is causing problems.
In fact, according to HTTP specification, cookies can't be JSON objects, but I
think that python library shouldn't silently allow incorrect values. Probably
incorrect cookies should be skipped, or some exception should be thrown there.
--
components: Library (Lib)
messages: 271901
nosy: Artur Smęt
priority: normal
severity: normal
status: open
title: Quote mark breaks cookie processing
type: behavior
versions: Python 2.7
___
Python tracker
<http://bugs.python.org/issue27674>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27674] Quote mark breaks cookie processing
Changes by Artur Smęt : -- versions: +Python 3.5 ___ Python tracker <http://bugs.python.org/issue27674> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27674] Quote mark breaks cookie processing
Artur Smęt added the comment:
Problem exists in Chrome for sure (it sends cookies as they are - set with JS
for example).
I have two another examples that can make this issue more clear:
>>> from Cookie import SimpleCookie
>>> c = SimpleCookie()
>>> c.load('a=b; c=c"c; d=d')
>>> c.output()
'Set-Cookie: a=b'
Also using escaping and quotes (cookie version 1) works:
>>> c = SimpleCookie()
>>> c.load('a=b; c="c\\"c"; d=d')
>>> c.output()
'Set-Cookie: a=b\r\nSet-Cookie: c="c\\"c"\r\nSet-Cookie: d=d'
>>>
--
___
Python tracker
<http://bugs.python.org/issue27674>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
