curl-library
Re: [idea up for grabs] cookie parsing tests
Date: Thu, 17 Mar 2016 13:27:52 +0100
> Ivan Nikulin posted a comparison about how different browsers parse and
> implement cookies at https://inikulin.github.io/cookie-compat/ (he found
> quite a few cases where they act differently from each other and from the
> spec)
Test 0017 says 'z=y, a=b' (input) -> 'z=y, a=b' (expected)
This is ok regarding Section 5.2, but not regarding the grammar definition in
4.1.1. If 5.2 obsoletes 4.1.1, why is there a grammar at all ?
Grammar in Section 4.1.1
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
token = <token, defined in [RFC2616], Section 2.2>
A second question arises - some of the tests contain an escape backslash '\',
e.g. to escape double quotes within cookie-values. Where in the RFC is this
behavior documented - I just can't find it.
But assumed the backslash is documented, how does this fit to Rule 1. in
Section 5.2 "If the set-cookie-string contains a %x3B (";") character". This
means, you can't escape semicolon.
RFC the is irritating in these points. Did I miss a newer RFC that makes it a
bit clearer ?
I tend to use the grammar in section 4.1.1, IMO 5.2 should just be a helper.
Some insights by anyone ?
Tim
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: This is a digitally signed message part.