Make join_header_words() more similar to the original #130631
Comments
serhiy-storchaka
added
3.12
serhiy-storchaka
added a commit
to serhiy-storchaka/cpython
that referenced
this issue
Feb 27, 2025
…l Perl version * Always quote strings with non-ASCII characters. * Allow some non-separator and non-control characters (like "." or "-") be unquoted. * Always quote string that end with "\n". * Use the fullmatch() method for clarity and optimization.
picnixz
added
stdlib
serhiy-storchaka
added a commit
that referenced
this issue
Apr 9, 2025
… version (GH-130632) * Always quote strings with non-ASCII characters. * Allow some non-separator and non-control characters (like "." or "-") be unquoted. * Always quote strings that end with "\n". * Use the fullmatch() method for clarity and optimization.
serhiy-storchaka
added a commit
to serhiy-storchaka/cpython
that referenced
this issue
Apr 9, 2025
…original Perl version (pythonGH-130632) * Always quote strings with non-ASCII characters. * Allow some non-separator and non-control characters (like "." or "-") be unquoted. * Always quote strings that end with "\n". * Use the fullmatch() method for clarity and optimization. (cherry picked from commit 7ebbd27) Co-authored-by: Serhiy Storchaka <[email protected]>
serhiy-storchaka
added a commit
that referenced
this issue
Apr 9, 2025
…al Perl version (GH-130632) (GH-132303) * Always quote strings with non-ASCII characters. * Allow some non-separator and non-control characters (like "." or "-") be unquoted. * Always quote strings that end with "\n". * Use the fullmatch() method for clarity and optimization. (cherry picked from commit 7ebbd27)
seehwan
pushed a commit
to seehwan/cpython
that referenced
this issue
Apr 16, 2025
…l Perl version (pythonGH-130632) * Always quote strings with non-ASCII characters. * Allow some non-separator and non-control characters (like "." or "-") be unquoted. * Always quote strings that end with "\n". * Use the fullmatch() method for clarity and optimization.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently
http.cookiejar.join_header_words()usesre.search(r"^\w+$", v)to check whether the value can be represented as a token, unquoted. There are some red flags here:\wlooks arbitrary. And it is. The original Perl implementation (it is now in HTTP::Headers::Util) uses a set of characters documented inthe split_header_words()docstring. On one side, it allows more characters (like "." or "-") be unquoted, on other hand, it requires quoting non-ASCII letters and digits.$matches not only the end of the string, but also a position just before\n. So this pattern does not work for value containing\n. I do not know whether such values are supported at higher level, but currently that code is prone to header injection.search()with anchors at both ends for testing the whole string is very outdated, this patterns precedes the currentremodule. First,match()was added to testing the match from beginning, and laterfullmatch()was added for testing the whole string.Linked PRs
The text was updated successfully, but these errors were encountered: