#32191: Not RFC Compliant Cookie handling
--------------------------------------+----------------------------------
Reporter: nicox | Owner: nobody
Type: Bug | Status: new
Component: Forms | Version: 3.1
Severity: Normal | Keywords: Cookie malformed
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------+----------------------------------
Hi
A Customer of mine is using a WAF which is handling Cookies as it is
described tin the RFC: https://tools.ietf.org/html/rfc6265
The issue now is that Django is trying to use an escape-character in
cookie-Values which is not supported in the RFC
an example of such a cookie: messages=\"123\\\"NOTRECEIVED\""
Please consider to get this fixed so there can be a protection of this
system.
Regards,
Nico
--
Ticket URL: <https://code.djangoproject.com/ticket/32191>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/048.f9e328df8fc4aa4233f8ffc6ae92aa93%40djangoproject.com.
