> Ivan Nikulin posted a comparison about how different browsers parse and > implement cookies at https://inikulin.github.io/cookie-compat/ (he found > quite a few cases where they act differently from each other and from the > spec)
Test 0017 says 'z=y, a=b' (input) -> 'z=y, a=b' (expected)
This is ok regarding Section 5.2, but not regarding the grammar definition in
4.1.1. If 5.2 obsoletes 4.1.1, why is there a grammar at all ?
Grammar in Section 4.1.1
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
token = <token, defined in [RFC2616], Section 2.2>
A second question arises - some of the tests contain an escape backslash '\',
e.g. to escape double quotes within cookie-values. Where in the RFC is this
behavior documented - I just can't find it.
But assumed the backslash is documented, how does this fit to Rule 1. in
Section 5.2 "If the set-cookie-string contains a %x3B (";") character". This
means, you can't escape semicolon.
RFC the is irritating in these points. Did I miss a newer RFC that makes it a
bit clearer ?
I tend to use the grammar in section 4.1.1, IMO 5.2 should just be a helper.
Some insights by anyone ?
Tim
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
