Mark Williams <m...@enotuniq.org> added the comment: This patch only quotes the Comment attribute, and the rest of the code only quotes attributes if they're of the expected type. Consider Expires:
>>> from http.cookies import SimpleCookie >>> c = SimpleCookie() >>> c['name'] = 'value' >>> c['name']['comment'] = '\n' >>> c['name']['expires'] = 123 >>> c.output() 'Set-Cookie: name=value; Comment="\\012"; expires=Fri, 20 Apr 2018 02:03:13 GMT' >>> c['name']['expires'] = '123; path=.example.invalid' 'Set-Cookie: name=value; Comment="\\012"; expires=123; path=.example.invalid' Here's the offending line: https://github.com/python/cpython/blob/b87c1c92fc93c5733cd3d8606ab2301ca6ba208f/Lib/http/cookies.py#L415 Why not quote all attribute values? ---------- nosy: +Mark.Williams versions: +Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue991266> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com