diff options
| author | Nigel Tao <nigeltao@golang.org> | 2014-09-25 10:21:52 +1000 |
|---|---|---|
| committer | Nigel Tao <nigeltao@golang.org> | 2014-09-25 10:21:52 +1000 |
| commit | 585e8aa6783c384aedb61f5c7f27e7c9e0887926 (patch) | |
| tree | e627c9af801c0bc01a0b11b69d9ba7e87b729d0b /src/net/http | |
| parent | 3b1a43e8e4876c75afea231b2707e0c61d8a9e2a (diff) | |
| download | go-585e8aa6783c384aedb61f5c7f27e7c9e0887926.tar.gz | |
net/http: allow double-quotes only on cookie values, not cookie
attribute values, a la RFC 6265 section 4.1.1 "Syntax".
Fixes issue 7751.
LGTM=dr.volker.dobler
R=dr.volker.dobler
CC=bradfitz, golang-codereviews
https://codereview.appspot.com/148890043
Diffstat (limited to 'src/net/http')
| -rw-r--r-- | src/net/http/cookie.go | 10 | ||||
| -rw-r--r-- | src/net/http/cookie_test.go | 32 |
2 files changed, 37 insertions, 5 deletions
diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go index dc60ba87f..a0d0fdbbd 100644 --- a/src/net/http/cookie.go +++ b/src/net/http/cookie.go @@ -56,7 +56,7 @@ func readSetCookies(h Header) []*Cookie { if !isCookieNameValid(name) { continue } - value, success := parseCookieValue(value) + value, success := parseCookieValue(value, true) if !success { continue } @@ -76,7 +76,7 @@ func readSetCookies(h Header) []*Cookie { attr, val = attr[:j], attr[j+1:] } lowerAttr := strings.ToLower(attr) - val, success = parseCookieValue(val) + val, success = parseCookieValue(val, false) if !success { c.Unparsed = append(c.Unparsed, parts[i]) continue @@ -205,7 +205,7 @@ func readCookies(h Header, filter string) []*Cookie { if filter != "" && filter != name { continue } - val, success := parseCookieValue(val) + val, success := parseCookieValue(val, true) if !success { continue } @@ -345,9 +345,9 @@ func sanitizeOrWarn(fieldName string, valid func(byte) bool, v string) string { return string(buf) } -func parseCookieValue(raw string) (string, bool) { +func parseCookieValue(raw string, allowDoubleQuote bool) (string, bool) { // Strip the quotes, if present. - if len(raw) > 1 && raw[0] == '"' && raw[len(raw)-1] == '"' { + if allowDoubleQuote && len(raw) > 1 && raw[0] == '"' && raw[len(raw)-1] == '"' { raw = raw[1 : len(raw)-1] } for i := 0; i < len(raw); i++ { diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go index f78f37299..98dc2fade 100644 --- a/src/net/http/cookie_test.go +++ b/src/net/http/cookie_test.go @@ -313,6 +313,14 @@ var readCookiesTests = []struct { {Name: "c2", Value: "v2"}, }, }, + { + Header{"Cookie": {`Cookie-1="v$1"; c2="v2"`}}, + "", + []*Cookie{ + {Name: "Cookie-1", Value: "v$1"}, + {Name: "c2", Value: "v2"}, + }, + }, } func TestReadCookies(t *testing.T) { @@ -327,6 +335,30 @@ func TestReadCookies(t *testing.T) { } } +func TestSetCookieDoubleQuotes(t *testing.T) { + res := &Response{Header: Header{}} + res.Header.Add("Set-Cookie", `quoted0=none; max-age=30`) + res.Header.Add("Set-Cookie", `quoted1="cookieValue"; max-age=31`) + res.Header.Add("Set-Cookie", `quoted2=cookieAV; max-age="32"`) + res.Header.Add("Set-Cookie", `quoted3="both"; max-age="33"`) + got := res.Cookies() + want := []*Cookie{ + {Name: "quoted0", Value: "none", MaxAge: 30}, + {Name: "quoted1", Value: "cookieValue", MaxAge: 31}, + {Name: "quoted2", Value: "cookieAV"}, + {Name: "quoted3", Value: "both"}, + } + if len(got) != len(want) { + t.Fatal("got %d cookies, want %d", len(got), len(want)) + } + for i, w := range want { + g := got[i] + if g.Name != w.Name || g.Value != w.Value || g.MaxAge != w.MaxAge { + t.Errorf("cookie #%d:\ngot %v\nwant %v", i, g, w) + } + } +} + func TestCookieSanitizeValue(t *testing.T) { defer log.SetOutput(os.Stderr) var logbuf bytes.Buffer |