New submission from Tim Graham: As noted in the comments of #22758 by Georg Brandle:
* Django uses __init__(str()) roundtripping, which is not explicitly supported by the library, and worked by accident with previous versions. That it works again with 3.3+ is another accident, and a bug. (The change for #16611 reintroduces "lax" parsing behavior that the security fix [1] was supposed to prevent.) [1] https://hg.python.org/cpython/rev/d3663a0f97ed ---------- components: Library (Lib) messages: 230637 nosy: Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray priority: normal severity: normal status: open title: Support for httponly/secure cookies reintroduced lax parsing behavior type: security versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22796> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
