Bug 16699
| Summary: | Cookie parsing terminates at the first semicolon, ignoring quotes | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andi Sidwell <bugzilla> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | ddkilzer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | All | ||
| Bug Depends on: | |||
| Bug Blocks: | 36997 | ||
Andi Sidwell
From http://ewx.livejournal.com/459902.html:
Using the HTTP header:
Set-Cookie: disorder="477beccb;richard";Version=1;Path="/index.cgi"
Firefox sends back the same cookie, but Safari thinks the disorder cookie is "477beccb.
Relevant spec is RFC 2109 (http://tools.ietf.org/html/rfc2109).
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Kilzer (:ddkilzer)
Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2) on Mac OS X 10.4.11 (8S165).
Needs to be tested with Safari on Leopard and Safari for Windows.
David Kilzer (:ddkilzer)
(In reply to comment #1)
> Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2)
> on Mac OS X 10.4.11 (8S165).
Note that on Tiger, the path is reported as "/" (literally, with double quotes) and the value is reported as "477beccb (literally, with one double quote) in Safari preferences.
David Kilzer (:ddkilzer)
(In reply to comment #2)
> Note that on Tiger, the path is reported as "/" (literally, with double quotes)
> and the value is reported as "477beccb (literally, with one double quote) in
> Safari preferences.
Same thing occurs with Safari 3.0.4 (5523.10.6) on Mac OS X Server 10.5.1 (9B18).
David Kilzer (:ddkilzer)
<rdar://problem/5666078>
David Kilzer (:ddkilzer)
This bug is not in WebKit, but in a lower-level framework, thus closing this bug as RESOLVED/INVALID.
The issue will be tracked by the Radar mentioned in Comment #4.
David Kilzer (:ddkilzer)
Added test case for this bug:
http://trac.webkit.org/changeset/43939
http://trac.webkit.org/changeset/43940