Antoine Pitrou
dad182c16e
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Senthil Kumaran
00c2ec282e
Issue #14426 : Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert
2012-05-20 12:05:16 +08:00
R. David Murray
e05ca2aff4
#9824 : encode , and ; in cookie values so that browsers don't split on them
...
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
2010-12-28 18:54:13 +00:00
Georg Brandl
b16e38b825
#8826 : the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
2010-08-01 09:06:34 +00:00
Georg Brandl
76e155a157
#3788 : more tests for http.cookies, now at 95% coverage. Also bring coding style in the module up to PEP 8, where it does not break backwards compatibility.
2010-07-31 21:04:00 +00:00
Brett Cannon
d3791ed450
Fix the warnings filter usage in test_http_cookies.
2010-03-20 21:51:10 +00:00
Senthil Kumaran
3e2ea79bda
Fixing the issue4860. Escaping the embedded '"' in the js_output method of Morsel class.
2009-04-02 03:02:03 +00:00
Georg Brandl
6101395e74
Remove deprecated SmartCookie and SerialCookie classes.
2008-05-28 15:56:30 +00:00
Georg Brandl
2442015af2
Create http package. #2883 .
2008-05-26 16:32:26 +00:00
