#19039: Python 3.3 fails unit test for duplicate bad cookies
-----------------------------------+------------------------------------
Reporter: clelland | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: master
Severity: Release blocker | Resolution:
Keywords: cookie, python3.3 | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------------+------------------------------------
Comment (by lukeplant):
First, we should fix the test `test_repeated_nonstandard_keys` to use the
values in #15852 i.e. a colon not a comma, so that it will pass
everywhere. We regard this as a bug in the test - it should never have
used a comma. If people were relying on that (unlikely), they were relying
on a bug.
Second, we should file a bug against Python 3.3. I think this is a bug,
since it renders `SimpleCookie` useless for parsing cookies from untrusted
sources, and all cookies come from untrusted sources (the client).
Then, if and only if we get a bug report about failing to handle commas or
other characters in cookie names, we patch our SimpleCookie for this case.
There is no point us fixing bugs that no-one is encountering in real life.
I suspect you'll find that browsers do not accept comma in the cookie
name, so they won't be sending cookies like that. People could send them
manually to be perverse, but they don't harm anyone but themselves.
--
Ticket URL: <https://code.djangoproject.com/ticket/19039#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
