mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-24 12:20:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

gh-92936: allow double quote in cookie values (#113663)
Some checks are pending
Tests / Change detection (push) Waiting to run
Details
Tests / Docs (push) Blocked by required conditions
Details
Tests / Check if Autoconf files are up to date (push) Blocked by required conditions
Details
Tests / Check if generated files are up to date (push) Blocked by required conditions
Details
Tests / (push) Blocked by required conditions
Details
Tests / Windows MSI (push) Blocked by required conditions
Details
Tests / Ubuntu SSL tests with OpenSSL (push) Blocked by required conditions
Details
Tests / Ubuntu SSL tests with AWS-LC (push) Blocked by required conditions
Details
Tests / WASI (push) Blocked by required conditions
Details
Tests / Hypothesis tests on Ubuntu (push) Blocked by required conditions
Details
Tests / Address sanitizer (push) Blocked by required conditions
Details
Tests / Sanitizers (push) Blocked by required conditions
Details
Tests / Cross build Linux (push) Blocked by required conditions
Details
Tests / CIFuzz (push) Blocked by required conditions
Details
Tests / All required checks pass (push) Blocked by required conditions
Details
Lint / lint (push) Waiting to run
Details
mypy / Run mypy on Lib/_pyrepl (push) Waiting to run
Details
mypy / Run mypy on Lib/test/libregrtest (push) Waiting to run
Details
mypy / Run mypy on Lib/tomllib (push) Waiting to run
Details
mypy / Run mypy on Tools/build (push) Waiting to run
Details
mypy / Run mypy on Tools/cases_generator (push) Waiting to run
Details
mypy / Run mypy on Tools/clinic (push) Waiting to run
Details
mypy / Run mypy on Tools/jit (push) Waiting to run
Details
mypy / Run mypy on Tools/peg_generator (push) Waiting to run
Details

Browse source 
* allow double quote in cookie values
* Update Lib/test/test_http_cookies.py

Co-authored-by: Senthil Kumaran <senthil@python.org>
This commit is contained in:
Nick Burns 2025-08-08 12:07:15 -07:00 committed by GitHub
parent 34d7351ac7
commit d7dbde8958
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Lib/http/cookies.py
View file

@ -426,7 +426,7 @@ _CookiePattern = re.compile(r"""
( # Optional group: there may not be a value.
\s*=\s* # Equal Sign
(?P<val> # Start of group 'val'
"(?:[^\\"]|\\.)*" # Any double-quoted string
"(?:\\"|.)*?" # Any double-quoted string
| # or
# Special case for "expires" attr
(\w{3,6}day|\w{3}),\s # Day of the week or abbreviated day

23
Lib/test/test_http_cookies.py
View file

@ -48,6 +48,29 @@ class CookieTests(unittest.TestCase):
'Set-Cookie: d=r',
'Set-Cookie: f=h'
))
},
# gh-92936: allow double quote in cookie values
{
'data': 'cookie="{"key": "value"}"',
'dict': {'cookie': '{"key": "value"}'},
'repr': "<SimpleCookie: cookie='{\"key\": \"value\"}'>",
'output': 'Set-Cookie: cookie="{"key": "value"}"',
},
{
'data': 'key="some value; surrounded by quotes"',
'dict': {'key': 'some value; surrounded by quotes'},
'repr': "<SimpleCookie: key='some value; surrounded by quotes'>",
'output': 'Set-Cookie: key="some value; surrounded by quotes"',
},
{
'data': 'session="user123"; preferences="{"theme": "dark"}"',
'dict': {'session': 'user123', 'preferences': '{"theme": "dark"}'},
'repr': "<SimpleCookie: preferences='{\"theme\": \"dark\"}' session='user123'>",
'output': '\n'.join((
'Set-Cookie: preferences="{"theme": "dark"}"',
'Set-Cookie: session="user123"',
))
}
]

2
Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst Normal file
View file

@ -0,0 +1,2 @@
Update regex used by ``http.cookies.SimpleCookie`` to handle values containing
double quotes.