emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.


From: Eli Zaretskii
Subject: Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.
Date: Fri, 09 Sep 2016 10:57:09 +0300

> From: Alain Schneble <address@hidden>
> CC: Stefan Monnier <address@hidden>, <address@hidden>,
>       <address@hidden>, <address@hidden>
> Date: Thu, 8 Sep 2016 22:29:47 +0200
> 
> FWIW, Mozilla refers to RFC6265
> https://tools.ietf.org/html/rfc6265#section-5.4:
> 
> Bottom of Page 26 says:
> 
>    NOTE: Despite its name, the cookie-string is actually a sequence of
>    octets, not a sequence of characters.  To convert the cookie-string
>    (or components thereof) into a sequence of characters (e.g., for
>    presentation to the user), the user agent might wish to try using the
>    UTF-8 character encoding [RFC3629] to decode the octet sequence.
>    This decoding might fail, however, because not every sequence of
>    octets is valid UTF-8.
> 
> See also
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie.

If the cookies file can include non-ASCII characters, then IMO Stefan
is right, and url-cookie-generate-header should produce a unibyte
string consisting of UTF-8 sequences.

However, I think for the emacs-25 branch, it would be safer to encode
the cookie header explicitly in url-http-create-request; we could make
the change in url-cookie-generate-header on master.  Any objections?

P.S. We should decide about the change on emacs-25 quickly, because
the current plan calls for the final 25.1 release tarball on Sep 12.

Thanks.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]