https://github.com/python/cpython/commit/246fe14e7ccfdea62c7d92b49a272abd55acc850
commit: 246fe14e7ccfdea62c7d92b49a272abd55acc850
branch: main
author: kishorhange111 <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2026-05-04T12:51:17+03:00
summary:
gh-148849: Deprecate http.cookies.BaseCookie.js_output() (GH-148978)
files:
A Misc/NEWS.d/next/Library/2026-04-25-12-04-27.gh-issue-148849.Vk6yEW.rst
M Doc/deprecations/pending-removal-in-3.19.rst
M Doc/library/http.cookies.rst
M Doc/whatsnew/3.15.rst
M Lib/http/cookies.py
M Lib/test/test_http_cookies.py
diff --git a/Doc/deprecations/pending-removal-in-3.19.rst
b/Doc/deprecations/pending-removal-in-3.19.rst
index 25f9cba390de68..044bb8a3934a2a 100644
--- a/Doc/deprecations/pending-removal-in-3.19.rst
+++ b/Doc/deprecations/pending-removal-in-3.19.rst
@@ -22,3 +22,12 @@ Pending removal in Python 3.19
supported depending on the backend implementation of hash functions.
Prefer passing the initial data as a positional argument for maximum
backwards compatibility.
+
+* :mod:`http.cookies`:
+
+ * :meth:`http.cookies.Morsel.js_output` is deprecated and will be
+ removed in Python 3.19.
+
+ * :meth:`http.cookies.BaseCookie.js_output` is deprecated and will be
+ removed in Python 3.19.
+
diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst
index 1122b30d29def0..4965c5fc3ba1d8 100644
--- a/Doc/library/http.cookies.rst
+++ b/Doc/library/http.cookies.rst
@@ -107,6 +107,12 @@ Cookie Objects
The meaning for *attrs* is the same as in :meth:`output`.
+ .. deprecated-removed:: 3.15 3.19
+ This method generates a JavaScript snippet to set cookies in the browser,
+ which is no longer considered a standard or recommended approach.
+ Use :meth:`~http.cookies.BaseCookie.output` instead to generate HTTP
+ headers.
+
.. method:: BaseCookie.load(rawdata)
@@ -223,6 +229,12 @@ Morsel Objects
The meaning for *attrs* is the same as in :meth:`output`.
+ .. deprecated-removed:: 3.15 3.19
+ This method generates a JavaScript snippet to set cookies in the browser,
+ which is no longer considered a standard or recommended approach.
+ Use :meth:`~http.cookies.Morsel.output` instead to generate HTTP
+ headers.
+
.. method:: Morsel.OutputString(attrs=None)
diff --git a/Doc/whatsnew/3.15.rst b/Doc/whatsnew/3.15.rst
index 586a1306d83c4c..02a3a11e0564d9 100644
--- a/Doc/whatsnew/3.15.rst
+++ b/Doc/whatsnew/3.15.rst
@@ -1921,6 +1921,16 @@ New deprecations
(Contributed by Bénédikt Tran in :gh:`134978`.)
+* :mod:`http.cookies`:
+
+ * :meth:`Morsel.js_output <http.cookies.Morsel.js_output>` and
+ :meth:`BaseCookie.js_output <http.cookies.BaseCookie.js_output>` are
+ deprecated and will be removed in Python 3.19. Use
+ :meth:`Morsel.output <http.cookies.Morsel.output>` or
+ :meth:`BaseCookie.output <http.cookies.BaseCookie.output>` instead.
+ (Contributed by kishorhange111 in :gh:`148849`.)
+
+
* :mod:`re`:
* :func:`re.match` and :meth:`re.Pattern.match` are now
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
index 5c5b14788dc2f0..800a2c18e3fa41 100644
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -132,6 +132,7 @@
import re
import string
import types
+lazy import warnings
__all__ = ["CookieError", "BaseCookie", "SimpleCookie"]
@@ -390,7 +391,9 @@ def output(self, attrs=None, header="Set-Cookie:"):
def __repr__(self):
return '<%s: %s>' % (self.__class__.__name__, self.OutputString())
- def js_output(self, attrs=None):
+
+ def _js_output(self, attrs=None):
+ """Internal implementation without deprecation warning."""
import base64
# Print javascript
output_string = self.OutputString(attrs)
@@ -407,6 +410,14 @@ def js_output(self, attrs=None):
</script>
""" % (output_encoded,)
+ def js_output(self, attrs=None):
+ warnings._deprecated(
+ "http.cookies.Morsel.js_output",
+ message=warnings._DEPRECATED_MSG + "; use output() instead",
+ remove=(3, 19),
+ )
+ return self._js_output(attrs)
+
def OutputString(self, attrs=None):
# Build up our result
#
@@ -541,10 +552,15 @@ def __repr__(self):
def js_output(self, attrs=None):
"""Return a string suitable for JavaScript."""
+ warnings._deprecated(
+ "http.cookies.BaseCookie.js_output",
+ message=warnings._DEPRECATED_MSG + "; use output() instead",
+ remove=(3, 19),
+ )
result = []
items = sorted(self.items())
for key, value in items:
- result.append(value.js_output(attrs))
+ result.append(value._js_output(attrs))
return _nulljoin(result)
def load(self, rawdata):
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index 4884b07c95b9c5..cde268e3241850 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -153,7 +153,8 @@ def test_load(self):
self.assertEqual(C.output(['path']),
'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE";
Path=/acme; Version=1').decode('ascii')
- self.assertEqual(C.js_output(), fr"""
+ with self.assertWarnsRegex(DeprecationWarning,
r"BaseCookie\.js_output"):
+ self.assertEqual(C.js_output(), fr"""
<script type="text/javascript">
<!-- begin hiding
document.cookie = atob("{cookie_encoded}");
@@ -161,7 +162,8 @@ def test_load(self):
</script>
""")
cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE";
Path=/acme').decode('ascii')
- self.assertEqual(C.js_output(['path']), fr"""
+ with self.assertWarnsRegex(DeprecationWarning,
r"BaseCookie\.js_output"):
+ self.assertEqual(C.js_output(['path']), fr"""
<script type="text/javascript">
<!-- begin hiding
document.cookie = atob("{cookie_encoded}");
@@ -270,7 +272,8 @@ def test_quoted_meta(self):
self.assertEqual(C.output(['path']),
'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
expected_encoded_cookie =
base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme;
Version=1').decode('ascii')
- self.assertEqual(C.js_output(), fr"""
+ with self.assertWarnsRegex(DeprecationWarning,
r"BaseCookie\.js_output"):
+ self.assertEqual(C.js_output(), fr"""
<script type="text/javascript">
<!-- begin hiding
document.cookie = atob("{expected_encoded_cookie}");
@@ -278,7 +281,8 @@ def test_quoted_meta(self):
</script>
""")
expected_encoded_cookie =
base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme').decode('ascii')
- self.assertEqual(C.js_output(['path']), fr"""
+ with self.assertWarnsRegex(DeprecationWarning,
r"BaseCookie\.js_output"):
+ self.assertEqual(C.js_output(['path']), fr"""
<script type="text/javascript">
<!-- begin hiding
document.cookie = atob("{expected_encoded_cookie}");
@@ -382,7 +386,8 @@ def test_setter(self):
// end hiding -->
</script>
""" % (expected_encoded_cookie,)
- self.assertEqual(M.js_output(), expected_js_output)
+ with self.assertWarnsRegex(DeprecationWarning,
r"Morsel\.js_output"):
+ self.assertEqual(M.js_output(), expected_js_output)
for i in ["foo bar", "foo@bar"]:
# Try some illegal characters
self.assertRaises(cookies.CookieError,
@@ -650,7 +655,8 @@ def test_control_characters_output(self):
cookie = cookies.SimpleCookie()
cookie["cookie"] = morsel
with self.assertRaises(cookies.CookieError):
- cookie.js_output()
+ with self.assertWarnsRegex(DeprecationWarning,
r"Morsel\.js_output"):
+ cookie.js_output()
morsel = cookies.Morsel()
morsel.set("key", "value", "coded-value")
@@ -658,8 +664,29 @@ def test_control_characters_output(self):
cookie = cookies.SimpleCookie()
cookie["cookie"] = morsel
with self.assertRaises(cookies.CookieError):
- cookie.js_output()
+ with self.assertWarnsRegex(DeprecationWarning,
r"Morsel\.js_output"):
+ cookie.js_output()
+ def test_morsel_js_output_deprecated(self):
+ morsel = cookies.Morsel()
+ morsel.set("key", "value", "value")
+ with self.assertWarnsRegex(DeprecationWarning, r"Morsel\.js_output")
as cm:
+ result = morsel.js_output()
+ self.assertEqual(cm.filename, __file__)
+ self.assertIn("document.cookie", result)
+
+
+ def test_basecookie_js_output_warns_once(self):
+ C = cookies.SimpleCookie()
+ C["key"] = "value"
+ with self.assertWarns(DeprecationWarning) as cm:
+ C.js_output()
+ deprecation_warnings = [
+ w for w in cm.warnings if issubclass(w.category,
DeprecationWarning)
+ ]
+ self.assertEqual(len(deprecation_warnings), 1)
+ self.assertRegex(str(deprecation_warnings[0].message),
r"BaseCookie\.js_output")
+ self.assertEqual(cm.filename, __file__)
def load_tests(loader, tests, pattern):
tests.addTest(doctest.DocTestSuite(cookies))
diff --git
a/Misc/NEWS.d/next/Library/2026-04-25-12-04-27.gh-issue-148849.Vk6yEW.rst
b/Misc/NEWS.d/next/Library/2026-04-25-12-04-27.gh-issue-148849.Vk6yEW.rst
new file mode 100644
index 00000000000000..9725d63747d451
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-04-25-12-04-27.gh-issue-148849.Vk6yEW.rst
@@ -0,0 +1,4 @@
+Deprecate :meth:`http.cookies.Morsel.js_output` and
+:meth:`http.cookies.BaseCookie.js_output`, which will be removed in
+Python 3.19. Use :meth:`http.cookies.Morsel.output` or
+:meth:`http.cookies.BaseCookie.output` instead.
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
