Adrian Chaves added the comment:
So, PoC shows how an empty domain attribute (Domain=) is erroneously turned
into a dot (.).
I want to add that a dot (Domain=.) should be turned into an empty string (the
specification asks to remove a leading dot if found).
--
nosy: +adrian2
Martin Panter added the comment:
I think LCatro is saying that Python should accept the cookies and discard only
the offending attributes. This makes sense to me and tends to agree with the
specifications, but the three cases seem all seem unimportant to me.
PoC 1, Max-age:
>>> from urllib2
R. David Murray added the comment:
Can you explain what you think the problem is? I don't know what your "POC"
snippets are trying to demonstrate.
--
nosy: +r.david.murray
___
Python tracker
New submission from LCatro :
PoC (PHP Version):
header('Set-Cookie: test=123; max-age=a'); // PoC 1
header('Set-Cookie: test=123; domain=;'); // PoC 2
header('Set-Cookie: test=123; version=a;'); // PoC 3
PoC 1 will trigger int() convert string to number from