Aleksandr Guidrevitch wrote:
> JUANMARCOSMOREN wrote:
> >Aleksandr Guidrevitch wrote:
> >>We've found that LWP incorrectly handles cookies
> >>containing ';' in the cookie value.
> >>The patch (test case and fix) is attached
> >
> >Could you point me to a web page that is already sending these kind of 
> >cookies?
> >Does it work under MSIE/Mozilla?
> 
> Nope, it is our internal project, not available to outer world.
> Both we know that neither mozilla nor msie correctly handle such cookies :((

So, why do you want ';' in cookies if they are not handled
correctly by the most used HTTP implementations (MSIE and Mozilla)?

> According RFC in **quoted** string you can put almost anything.
> See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for 
> definition of cookie:

People don't care much about the HTTP RFC what people really want is to
be compatible with MSIE and Mozilla.

>   av-pairs        =       av-pair *(";" av-pair)
>   av-pair         =       attr ["=" value]        ; optional value
>   attr            =       token
>   value           =       word
>   word            =       token | quoted-string
> 
> 
> See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for 
> definition of quoted-string:
> 
> A string of text is parsed as a single word if it is quoted using 
> double-quote marks.
>          quoted-string  = ( <"> *(qdtext) <"> )
>          qdtext         = <any TEXT except <">>
>    The backslash character ("\") may be used as a single-character quoting 
>    mechanism only within quoted-string and comment constructs.
>          quoted-pair    = "\" CHAR
> 
> So, since the patch doesn't break original libwww behavior (according 
> to the test suite)
> and provides more proper implementation of rfc, it looked to me as a 
> good candidate
> for inclusion into libwww.

I think this patch solves nothing and add useless code to the library.

It is not a good idea to apply this patch.

Juan


Reply via email to