W3C home > Mailing lists > Public > www-lib@w3.org > July to September 2001

Re: Bug in HTCookie.c

From: James D. Brown <jamesbrown@shopswell.com>
Date: Mon, 2 Jul 2001 13:14:05 -0400 (EDT)
To: Olaf Walkowiak <olaf@sevenval.de>, www-lib@w3.org
Message-Id: <01070211135702.01719@franz.shopswell.com>
At http://www.netscape.com/newsref/std/cookie_spec.html, the spec states:

This string is a sequence of characters excluding semi-colon, comma and white 
space. If there is a need to place such data in the name or value, some 
encoding method such as URL style %XX encoding is recommended, though no 
encoding is defined or required. 

IMHO, this is a shortcoming of the HTTP cookie spec, in that it does not 
require the RFC 1738, section 2.2, encoding for cookie values.  At least the 
spec does contain a disclaimer at the top:

Preliminary Specification - Use with caution


On Monday 02 July 2001 10:25 am, Olaf Walkowiak wrote:
> There is a bug in HTCookie.c
> If the Cookie value contains a "," all the stuff after it is
> lost. This happens because the Cookie is parsed with HTNextField().
> Regards
> Olaf

James D. Brown, President, Shopswell, Inc.
Voice: 303-400-0480 - FAX: 303-400-7181
http://www.shopswell.com - jamesbrown@shopswell.com
Received on Tuesday, 3 July 2001 03:49:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:54 UTC