lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Bug#35523: lynx: cookie handling broken with non-printab


From: Leonid Pauzner
Subject: Re: lynx-dev Bug#35523: lynx: cookie handling broken with non-printable characters (fwd)
Date: Thu, 8 Apr 1999 15:18:45 +0400 (MSD)

8-Apr-99 13:55 I wrote:
> 7-Apr-99 22:48 Chris Lawrence wrote:
>> On Apr 05, Chris Lawrence wrote:
>>> On Mon, 5 Apr 1999, Klaus Weide wrote:
>>> > It just isn't possible to send a cookie like the following with HTTP:
>>> >
>>> >     Set-Cookie: bunny="I3\012."
>>> >     (where \012 is LF)
>>> >
>>> > Either the person reporting this misunderstands what's going on, or
>>> > is leaving out some information.
>>>
>>> It may be a literal \012.  I need to take a look at the raw HTTP
>>> datastream from the CGI script, however.

> I think the problem is that cookie spec does say nothing about
> having value in quotes, so quotes should be processed as normal characters.
> However, lynx do trim qouble quotes in HTMIME.c module,
> IMHO it should be commented out for Set-Cookie as I made for ETag recently.

>> Here's a transcript of a telnet session; it is a literal \012:

>> Trying 216.92.38.187...
>> Connected to lordsutch.com.
>> Escape character is '^]'.
>> HEAD / HTTP/1.0

>> HTTP/1.1 200 OK
>> Date: Thu, 08 Apr 1999 03:45:00 GMT
>> Server: Apache/1.3.3
>> Cache-Control: no-cache
>> Content-Language: en
>> Expires: Thu, 08 Apr 1999 04:45:02 GMT
>> Pragma: no-cache
>> Set-Cookie: firstvisit="I923543100\012."; Max-Age=5184000;
>> Set-Cookie: visitor=dialup136.WaterValley.Net; Max-Age=5184000;
>> Set-Cookie: count="I1\012."; Max-Age=5184000;
>> Last-Modified: Mon, 05 Apr 1999 17:27:49 GMT
>> Connection: close
>> Content-Type: text/html

>> Connection closed by foreign host.

>> The problem: the quotes aren't being stored in the .lynx_cookies file.


>> Chris
>> --
>> =============================================================================
>> |        Chris Lawrence       |       Get your Debian/m68k 2.1 CD-ROMs      |
>> |   <address@hidden>  |      http://www.clark.net/pub/lawrencc/     |
>> |                             |                                             |
>> |   Grad Student, Pol. Sci.   |            Watch Babylon 5 on TNT           |
>> |  University of Mississippi  |   <*> http://tnt.turner.com/babylon5/ <*>   |
>> =============================================================================

Few words from HTTP/1.1 spec:


Fielding, et al                                               [Page 16]

INTERNET-DRAFT                  HTTP/1.1              November 18, 1998

   Many HTTP/1.1 header field values consist of words separated by LWS
   or special characters. These special characters MUST be in a quoted
   string to be used within a parameter value (as defined in section
   3.6).

       token          = 1*<any CHAR except CTLs or separators>
       separators     = "(" | ")" | "<" | ">" | "@"
                      | "," | ";" | ":" | "\" | <">
                      | "/" | "[" | "]" | "?" | "="
                      | "{" | "}" | SP | HT

   Comments can be included in some HTTP header fields by surrounding
   the comment text with parentheses. Comments are only allowed in
   fields containing "comment" as part of their field value definition.
   In all other fields, parentheses are considered part of the field
   value.

       comment        = "(" *( ctext | quoted-pair | comment ) ")"
       ctext          = <any TEXT excluding "(" and ")">

   A string of text is parsed as a single word if it is quoted using
   double-quote marks.

       quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
       qdtext         = <any TEXT except <">>

   The backslash character ("\") MAY be used as a single-character
   quoting mechanism only within quoted-string and comment constructs.

       quoted-pair    = "\" CHAR





reply via email to

[Prev in Thread] Current Thread [Next in Thread]