#19039: Python 3.3 fails unit test for duplicate bad cookies -----------------------------------+------------------------------------ Reporter: clelland | Owner: nobody Type: Bug | Status: new Component: HTTP handling | Version: master Severity: Release blocker | Resolution: Keywords: cookie, python3.3 | Triage Stage: Accepted Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -----------------------------------+------------------------------------
Comment (by lukeplant): First, we should fix the test `test_repeated_nonstandard_keys` to use the values in #15852 i.e. a colon not a comma, so that it will pass everywhere. We regard this as a bug in the test - it should never have used a comma. If people were relying on that (unlikely), they were relying on a bug. Second, we should file a bug against Python 3.3. I think this is a bug, since it renders `SimpleCookie` useless for parsing cookies from untrusted sources, and all cookies come from untrusted sources (the client). Then, if and only if we get a bug report about failing to handle commas or other characters in cookie names, we patch our SimpleCookie for this case. There is no point us fixing bugs that no-one is encountering in real life. I suspect you'll find that browsers do not accept comma in the cookie name, so they won't be sending cookies like that. People could send them manually to be perverse, but they don't harm anyone but themselves. -- Ticket URL: <https://code.djangoproject.com/ticket/19039#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.