sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-03-25 08:55:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
340 commits 1 branch 0 tags 450 KiB
Commit graph

10 commits

Author SHA1 Message Date
Mike Dalessio
22ea7af086
fix: be explicit about frozen string literals to quash warnings 2024-03-24 10:02:56 -04:00
Akinori MUSHA
7f94a9e5d9 Treat comma as normal character in HTTP::Cookie.cookie_value_to_hash 
As pointed out in CVE-2016-7401, treating comma in a Cookie header value
as separator may cause security problems.
 2016-09-30 19:20:39 +09:00
Akinori MUSHA
a1cfe6bb70 Remove unused code. 2013-04-17 01:14:22 +09:00
Akinori MUSHA
39861d2dbb Fix time value validation. 2013-04-14 13:47:49 +09:00
Akinori MUSHA
9a6b18463b scan_name never returns nil because RE_NAME matches an empty string. 2013-04-14 13:29:08 +09:00
Akinori MUSHA
e1857d76a4 Add Cookie.cookie_value and Cookie.cookie_value_to_hash. 2013-04-12 02:15:13 +09:00
Akinori MUSHA
8c30527293 Update rdoc and comments. 2013-04-12 20:22:50 +09:00
Akinori MUSHA
ef7bdeefba Cookie#cookie_value too should quote values if necessary. 2013-03-28 22:06:19 +09:00
Akinori MUSHA
96dabc8288 Add 1.8 compatibility. 2013-03-21 17:31:05 +09:00
Akinori MUSHA
ddf74fee1e Rewrite the Set-Cookie header parser entirely. 
The new parser is almost RFC 6265 compliant as the previous
implementation but has some extensions:

- It can parse double-quoted values with unsafe characters inside
  escaped with the backslash.

- It parses a date value of the expires attribute in the way the RFC
  describes, with an exception that it allows omission of the seconds
  field.  Some of the broken date representations that used to pass
  are now treated as error and ignored.

- It can parse a Set-Cookie value that contains multiple cookie
  definitions separated by comma, and commas put inside double quotes
  are not mistaken as definition separator.
 2013-03-21 15:52:22 +09:00