Bug 16699 - Cookie parsing terminates at the first semicolon, ignoring quotes
: Cookie parsing terminates at the first semicolon, ignoring quotes
Status: RESOLVED INVALID
: WebKit
New Bugs
: 528+ (Nightly build)
: Macintosh All
: P2 Normal
Assigned To:
:
: InRadar, ReviewedForRadar
:
: 36997
  Show dependency treegraph
 
Reported: 2008-01-01 13:49 PST by
Modified: 2010-04-01 17:45 PST (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-01-01 13:49:52 PST
From http://ewx.livejournal.com/459902.html:

Using the HTTP header:

Set-Cookie: disorder="477beccb;richard";Version=1;Path="/index.cgi"

Firefox sends back the same cookie, but Safari thinks the disorder cookie is "477beccb.

Relevant spec is RFC 2109 (http://tools.ietf.org/html/rfc2109).
------- Comment #1 From 2008-01-01 14:42:57 PST -------
Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2) on Mac OS X 10.4.11 (8S165).

Needs to be tested with Safari on Leopard and Safari for Windows.
------- Comment #2 From 2008-01-01 14:47:03 PST -------
(In reply to comment #1)
> Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2)
> on Mac OS X 10.4.11 (8S165).

Note that on Tiger, the path is reported as "/" (literally, with double quotes) and the value is reported as "477beccb (literally, with one double quote) in Safari preferences.
------- Comment #3 From 2008-01-01 14:57:11 PST -------
(In reply to comment #2)
> Note that on Tiger, the path is reported as "/" (literally, with double quotes)
> and the value is reported as "477beccb (literally, with one double quote) in
> Safari preferences.

Same thing occurs with Safari 3.0.4 (5523.10.6) on Mac OS X Server 10.5.1 (9B18).
------- Comment #4 From 2008-01-01 14:57:48 PST -------
<rdar://problem/5666078>
------- Comment #5 From 2008-01-01 15:00:02 PST -------
This bug is not in WebKit, but in a lower-level framework, thus closing this bug as RESOLVED/INVALID.

The issue will be tracked by the Radar mentioned in Comment #4.
------- Comment #6 From 2009-05-20 16:13:44 PST -------
Added test case for this bug:

http://trac.webkit.org/changeset/43939
http://trac.webkit.org/changeset/43940