[Zope] cgi_module_publish cookie prsing errors?
Brian Lloyd
Brian@digicool.com
Fri, 2 Apr 1999 14:13:15 -0500
> You can make a case that this is legal according to the cookie spec:
>
> "NAME=VALUE
> This string is a sequence of characters excluding
> semi-colon, comma
> and white space. If there is a need to place such data in the
> name or value, some encoding method such as URL style
> %XX encoding
> is recommended, though no encoding is defined or required."
>
> On the one hand, it implies that there should be only one equals sign.
> On the other hand, it explicity lists forbidden characters
> that must be
> encoded, and equals isn't included. In the spirit of "be
> conservative in
> what you send, be liberal in what you accept", I think Zope
> should parse
> these. Please submit your patch to Collector if you haven't already.
FYI - this is already fixed for the next release...
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com