[Python-Dev] Re: Cookie.py and `:' in the key
Timothy O'Malley
timo@alum.mit.edu
Wed, 3 Oct 2001 01:18:36 -0400
hola.
On Tuesday, October 2, 2001, at 09:39 PM, Barry A. Warsaw wrote:
> In Mailman, I use a version of Cookie.py written by Timothy dated from
> 1998. I'm now trying to see if I can get rid of my independent
> copy and just use Cookie.py in the Python 2.x standard library.
According to a very strict reading of the appropriate
specifications (RFC 2109 for cookies, which in turn
references terms defined in RFC 2068 for HTTP), a colon
is not legal in a value unless it is in a quoted value:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value.
token = 1*<any CHAR except CTLs or tspecials>
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Even so, I think I agree that a strict interpretation isn't very
useful in practice. In this case, for instance, the intended
value is clear and obvious.
I've gone back and forth on this -- should the implementation
be true to the spec or should it follow its own rules for clear
and obvious?
Should people desire the "clear and obvious" over the "strict
interpretation", I think your fix is dead on.
TimO