https://github.com/python/cpython/commit/d7dbde895884d58e3da7ed4107fd33171afad7cb
commit: d7dbde895884d58e3da7ed4107fd33171afad7cb
branch: main
author: Nick Burns <nbu...@users.noreply.github.com>
committer: orsenthil <sent...@python.org>
date: 2025-08-08T12:07:15-07:00
summary:
gh-92936: allow double quote in cookie values (#113663)
* allow double quote in cookie values
* Update Lib/test/test_http_cookies.py
Co-authored-by: Senthil Kumaran <sent...@python.org>
files:
A Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst
M Lib/http/cookies.py
M Lib/test/test_http_cookies.py
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
index 694b1b09a0567c..74349bb63d66e2 100644
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -426,7 +426,7 @@ def OutputString(self, attrs=None):
( # Optional group: there may not be a value.
\s*=\s* # Equal Sign
(?P<val> # Start of group 'val'
- "(?:[^\\"]|\\.)*" # Any double-quoted string
+ "(?:\\"|.)*?" # Any double-quoted string
| # or
# Special case for "expires" attr
(\w{3,6}day|\w{3}),\s # Day of the week or abbreviated day
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index 2fbc142de2fd34..c2ed30831b2e0e 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -48,6 +48,29 @@ def test_basic(self):
'Set-Cookie: d=r',
'Set-Cookie: f=h'
))
+ },
+
+ # gh-92936: allow double quote in cookie values
+ {
+ 'data': 'cookie="{"key": "value"}"',
+ 'dict': {'cookie': '{"key": "value"}'},
+ 'repr': "<SimpleCookie: cookie='{\"key\": \"value\"}'>",
+ 'output': 'Set-Cookie: cookie="{"key": "value"}"',
+ },
+ {
+ 'data': 'key="some value; surrounded by quotes"',
+ 'dict': {'key': 'some value; surrounded by quotes'},
+ 'repr': "<SimpleCookie: key='some value; surrounded by
quotes'>",
+ 'output': 'Set-Cookie: key="some value; surrounded by quotes"',
+ },
+ {
+ 'data': 'session="user123"; preferences="{"theme": "dark"}"',
+ 'dict': {'session': 'user123', 'preferences': '{"theme":
"dark"}'},
+ 'repr': "<SimpleCookie: preferences='{\"theme\": \"dark\"}'
session='user123'>",
+ 'output': '\n'.join((
+ 'Set-Cookie: preferences="{"theme": "dark"}"',
+ 'Set-Cookie: session="user123"',
+ ))
}
]
diff --git
a/Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst
b/Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst
new file mode 100644
index 00000000000000..906c442b64f438
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst
@@ -0,0 +1,2 @@
+Update regex used by ``http.cookies.SimpleCookie`` to handle values containing
+double quotes.
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: arch...@mail-archive.com
