[issue22983] Cookie parsing should be more permissive

Martin Panter added the comment: The patch at Issue 25228 should partially do what Demian proposed. Anyway, I think Issue 17340 is basically about the same problem. -- nosy: +martin.panter resolution: -> duplicate status: open -> closed superseder: -> Handle malformed cookie

[issue22983] Cookie parsing should be more permissive

Changes by Tim Pierce : -- nosy: +Tim Pierce ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue22983] Cookie parsing should be more permissive

Changes by Waldemar Parzonka : -- nosy: +Waldemar.Parzonka ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue22983] Cookie parsing should be more permissive

Demian Brecht added the comment: Sorry, bad example. Replace "[" in the previous example with any actually invalid character. -- ___ Python tracker ___ _

[issue22983] Cookie parsing should be more permissive

Demian Brecht added the comment: Sure, but this is in regards to the initial matching, not the parsing. Because the pattern expects RFC conformity, in this cookie string: Cookie: a=b; c=[; d=r; f=h The only matching parts will be: Cookie: a=b; The rest will be discarded. What I'm proposing i

[issue22983] Cookie parsing should be more permissive

Antoine Pitrou added the comment: Well, remember that we recently made parsing stricter in response to a security issue... -- nosy: +orsenthil, pitrou ___ Python tracker ___ ___

[issue22983] Cookie parsing should be more permissive

New submission from Demian Brecht: As found in #22931, if an invalid cookie value is found while parsing, the rest of the cookie is silently ignored. The expected behavior is undefined in RFC 6265, but does state that if unexpected values are encountered that user agents MAY ignore an entire s