Demian Brecht added the comment:
There could be some history behind this that I'm unaware of that I'm not
familiar with.
>From what I can tell, this issue is simply due to the "[" character not being
>in _LegalCharsPatt (http/cookies.py). _LegalCharsPatt actually seems quite a
>bit more restrictive than it really should be. It's set to
>r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]", where RFC 6265 specifies:
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
token = <token, defined in [RFC2616], Section 2.2>
_LegalCharsPatt is used for regex matching on the cookie value, not the key
(there is a distinction made between the two).
The omission of those characters is correct for the cookie keys, but not the
values (RFC 2965 is a little less verbose, but nothing ruling out those
characters for values).
----------
versions: +Python 3.4, Python 3.5, Python 3.6
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue22931>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
