Cookie value encoding
Bug #532589 reported by
dirk
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| play framework |
New
|
Undecided
|
Unassigned | ||
| 1.0 |
Won't Fix
|
Undecided
|
Unassigned | ||
| 1.1 |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Play should URL encode and decode cookie values, so that a value like an email address will not be mangled (because of the @ symbol).
This would require some code like the following in play.server.
import org.apache.
...
String value = new String(
Revision history for this message
| dirk (australiandeveloper) wrote | #1 |
To post a comment you must log in.
I'm now using play 1.1 and I've noticed that Netty is being used to encode the cookies.
It seems that Netty does attempt to encode email addresses, but the mechanism is simply to put quotes around the entire value, which doesn't make a lot of sense to me as
- it is not part of the RFC specification
- it doesn't encode the @ symbol into an ASCII compatible value.
I believe the solution that I outlined in the bug report above should solve this problem.
The relevant method in play is
protected static void addToResponse(
...
for (Http.Cookie cookie : cookies.values()) {
...
The netty CookieEncoder class contains a method that puts quotes around any value with certain symbols in it:
private static void add(StringBuilder sb, String name, String val) {
...
for (int i = 0; i < val.length(); i ++) {
char c = val.charAt(i);
switch (c) {
case '\t': case ' ': case '"': case '(': case ')': case ',':
case '/': case ':': case ';': case '<': case '=': case '>':
case '?': case '@': case '[': case '\\': case ']':
case '{': case '}':
}
}
}