[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.

From: Eli Zaretskii
Subject: Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.
Date: Thu, 08 Sep 2016 21:01:39 +0300

> From: Toke Høiland-Jørgensen <address@hidden>
> Cc: address@hidden,  address@hidden,  address@hidden
> Date: Thu, 08 Sep 2016 19:43:41 +0200
> > Can the cookies file include non-ASCII text?  E.g., could the domain
> > be non-ASCII?
> >From glancing at the code, it seems those are the non-puny-coded
> hostnames that are stored in that file. But that doesn't really matter,
> as those are only lookup variables in an the array.

According to this:


a cookie response could include "Domain=example.com", which I read to
mean the domain can appear in the response for a cookie.  Am I

> The question is whether the cookie values themselves can be.

The same Wikipedia article says no:

  The value of a cookie may consist of any printable ASCII character
  (! through ~, Unicode \u0021 through \u007E) excluding , and ; and
  whitespace characters. The name of a cookie excludes the same
  characters, as well as =, since that is the delimiter between the
  name and value. The cookie standard RFC 2965 is more restrictive but
  not implemented by browsers.

So AFAIU, the only problem is the domain name (and maybe also Path).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]