A cookie value may be DQUOTE'd as per RFC 6265 2.2.

Escaping with the backslash character is not mentioned in the RFC but the backslash character is not allowed here anyway, so just be nice and support it for legacy applications.
2026-03-25 08:55:53 +00:00 · 2013-03-19 20:35:56 +09:00 · 2013-03-19 20:35:56 +09:00 · 7d81c10914
commit 7d81c10914
parent 6c5e87aff3
2 changed files with 7 additions and 1 deletions
--- a/lib/http/cookie.rb
+++ b/lib/http/cookie.rb
@ -190,6 +190,12 @@ class HTTP::Cookie
          first_elem, *cookie_elem = c.split(/;+/)
          first_elem.strip!
          key, value = first_elem.split(/\=/, 2)
+          # RFC 6265 2.2
+          # A cookie-value may be DQUOTE'd.
+          case value
+          when /\A"(.*)"\z/
+            value = $1.gsub(/\\(.)/, "\\1")
+          end

          begin
            cookie = new(key, value.dup)
--- a/test/test_http_cookie.rb
+++ b/test/test_http_cookie.rb
@ -101,7 +101,7 @@ class TestHTTPCookie < Test::Unit::TestCase

    assert_equal 1, HTTP::Cookie.parse(cookie_str, :origin => uri) { |cookie|
      assert_equal 'quoted', cookie.name
-      assert_equal '"value"', cookie.value
+      assert_equal 'value', cookie.value
      assert_equal 'comment is "comment"', cookie.comment
    }.size
  end