[issue33017] Special set-cookie setting will bypass Cookielib

Adrian Chaves added the comment: So, PoC shows how an empty domain attribute (Domain=) is erroneously turned into a dot (.). I want to add that a dot (Domain=.) should be turned into an empty string (the specification asks to remove a leading dot if found). -- nosy: +adrian2

[issue33017] Special set-cookie setting will bypass Cookielib

Martin Panter added the comment: I think LCatro is saying that Python should accept the cookies and discard only the offending attributes. This makes sense to me and tends to agree with the specifications, but the three cases seem all seem unimportant to me. PoC 1, Max-age: >>> from urllib2

[issue33017] Special set-cookie setting will bypass Cookielib

R. David Murray added the comment: Can you explain what you think the problem is? I don't know what your "POC" snippets are trying to demonstrate. -- nosy: +r.david.murray ___ Python tracker

[issue33017] Special set-cookie setting will bypass Cookielib

New submission from LCatro : PoC (PHP Version): header('Set-Cookie: test=123; max-age=a'); // PoC 1 header('Set-Cookie: test=123; domain=;'); // PoC 2 header('Set-Cookie: test=123; version=a;'); // PoC 3 PoC 1 will trigger int() convert string to number from