Martin Panter added the comment:
The current Python 3.5 and default branches actually seem to parse the test
case given:
>>> c = SimpleCookie()
>>> c.load(",BRIDGE_R=; a=b; user_id=1;")
>>> c
<SimpleCookie: ,BRIDGE_R='' a='b' user_id='1'>
But that is just a side effect of Issue 26302. When that is fixed, parsing the
cookie string will raise CookieError and fail to set the invalid cookie
“morsel”, and the ones that come after it.
There seems to be a disconnect between _LegalChars (causes the CookieError if a
comma is in a cookie key name) and _LegalKeyChars (allows a comma, but causes
cookie string parsing to silently abort for other illegal characters).
There are other cases where the entire cookie string is rejected, specifically
added by Issue 22796 (revision a065ab1c67a8).
On the other hand, Issue 25228 has a which has a patch to skip over some
invalid cookie “morsels” and continue on to valid ones.
----------
nosy: +martin.panter
title: Handle malformed cookie -> http.cookies: Handle malformed cookie
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue17340>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
