http: don't quote Set-Cookie Domain and Path

Fixes #1659 R=rsc, bradfitzgo, bradfitzwork CC=bradfitz, golang-dev https://golang.org/cl/4368052

http: don't quote Set-Cookie Domain and Path
Fixes #1659 R=rsc, bradfitzgo, bradfitzwork CC=bradfitz, golang-dev https://golang.org/cl/4368052
8b352930 · Petar Maymounkov · Brad Fitzpatrick · a49e7f39 · 8b352930 · 8b352930
Commit 8b352930 authored Apr 14, 2011 by Petar Maymounkov Committed by Brad Fitzpatrick Apr 14, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 5 deletions

cookie.go src/pkg/http/cookie.go +17 -4

cookie_test.go src/pkg/http/cookie_test.go +5 -1

No files found.
--- a/src/pkg/http/cookie.go
+++ b/src/pkg/http/cookie.go
@@ -142,12 +142,12 @@ func writeSetCookies(w io.Writer, kk []*Cookie) os.Error {
 	var b bytes.Buffer
 	for _, c := range kk {
 		b.Reset()
-		fmt.Fprintf(&b, "%s=%s", c.Name, c.Value)
+		fmt.Fprintf(&b, "%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value))
 		if len(c.Path) > 0 {
-			fmt.Fprintf(&b, "; Path=%s", URLEscape(c.Path))
+			fmt.Fprintf(&b, "; Path=%s", sanitizeValue(c.Path))
 		}
 		if len(c.Domain) > 0 {
-			fmt.Fprintf(&b, "; Domain=%s", URLEscape(c.Domain))
+			fmt.Fprintf(&b, "; Domain=%s", sanitizeValue(c.Domain))
 		}
 		if len(c.Expires.Zone) > 0 {
 			fmt.Fprintf(&b, "; Expires=%s", c.Expires.Format(time.RFC1123))
@@ -225,7 +225,7 @@ func readCookies(h Header) []*Cookie {
 func writeCookies(w io.Writer, kk []*Cookie) os.Error {
 	lines := make([]string, 0, len(kk))
 	for _, c := range kk {
-		lines = append(lines, fmt.Sprintf("Cookie: %s=%s\r\n", c.Name, c.Value))
+		lines = append(lines, fmt.Sprintf("Cookie: %s=%s\r\n", sanitizeName(c.Name), sanitizeValue(c.Value)))
 	}
 	sort.SortStrings(lines)
 	for _, l := range lines {
@@ -236,6 +236,19 @@ func writeCookies(w io.Writer, kk []*Cookie) os.Error {
 	return nil
 }
+func sanitizeName(n string) string {
+	n = strings.Replace(n, "\n", "-", -1)
+	n = strings.Replace(n, "\r", "-", -1)
+	return n
+}
+func sanitizeValue(v string) string {
+	v = strings.Replace(v, "\n", " ", -1)
+	v = strings.Replace(v, "\r", " ", -1)
+	v = strings.Replace(v, ";", " ", -1)
+	return v
+}
 func unquoteCookieValue(v string) string {
 	if len(v) > 1 && v[0] == '"' && v[len(v)-1] == '"' {
 		return v[1 : len(v)-1]

--- a/src/pkg/http/cookie_test.go
+++ b/src/pkg/http/cookie_test.go
@@ -21,9 +21,13 @@ var writeSetCookiesTests = []struct {
 		[]*Cookie{
 			&Cookie{Name: "cookie-1", Value: "v$1"},
 			&Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600},
+			&Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"},
+			&Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"},
 		},
 		"Set-Cookie: cookie-1=v$1\r\n" +
-			"Set-Cookie: cookie-2=two; Max-Age=3600\r\n",
+			"Set-Cookie: cookie-2=two; Max-Age=3600\r\n" +
+			"Set-Cookie: cookie-3=three; Domain=.example.com\r\n" +
+			"Set-Cookie: cookie-4=four; Path=/restricted/\r\n",
 	},
 }