RFR 8020758: HttpCookie constructor does not throw IAE when name contains a space
Chris Hegarty
chris.hegarty at oracle.com
Wed Oct 23 04:09:48 PDT 2013
Mark, Michael,
java.net.HttpCookie, rightly or wrongly, supports three different Cookie
specifications. Some of these are conflicting, and there have been many
many bugs reported against various "special" characters being accepted.
This one is hopefully straight forward. The issue is specifically
complaining about a space in the cookie name. Looking at the Netscape
cookie draft [1] and RFC 2965 [2], they both seem to restrict a space in
the cookie name, so I see no conflict in specs here. It seems reasonable
to add this restriction.
http://cr.openjdk.java.net/~chegar/8020758/webrev.00/
Additionally, since we are now adding a further restriction on the
accepted characters in the cookie name, there is a slight compatibility
risk. I believe this risk to be very small, and cannot find any evidence
of cookies with spaces in there names.
Thanks,
-Chris.
[1]
http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html
[2] http://www.ietf.org/rfc/rfc2965.txt
More information about the net-dev
mailing list